analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://trade.capital-group.tech/

Full analysis: https://app.any.run/tasks/f88e3a1f-e28e-4f77-bd83-0c130ba9fd7c
Verdict: Malicious activity
Analysis date: December 05, 2022, 17:53:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D803B220FB6C7F47A38D65BAAAC05A82

SHA1:

9091EF56CB424950ABC0985454736314B5F0D228

SHA256:

A85154F1A4AD2A9BFC4080A6E72E0D4AC3AD4E0200220882BFF2D6B8C2040B39

SSDEEP:

3:N8foKmiGcs:2Qzcs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2560)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2560"C:\Program Files\Internet Explorer\iexplore.exe" "https://trade.capital-group.tech/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
3868"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2560 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
13 352
Read events
13 273
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
6
Text files
0
Unknown types
4

Dropped files

PID
Process
Filename
Type
3868iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B41536A95528E30E0A32B47992EB92CFder
MD5:63E6330FCB203DED1E678BF560C560A3
SHA256:CB73D63041EE9A44972414C3B6A4B114774B666B4165C9F991CB7679DA8D82E3
3868iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:B904A9C5BAE88E6E8FB5ECFA10E10E0B
SHA256:5146A89723F974B61589EDD4C96FF4FC8100E71DBAA9927FACA9651871627761
3868iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:FC4666CBCA561E864E7FDF883A9E6661
SHA256:10F3DEB6C452D749A7451B5D065F4C0449737E5EE8A44F4D15844B503141E65B
3868iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar7DEA.tmpcat
MD5:73B4B714B42FC9A6AAEFD0AE59ADB009
SHA256:C0CF8CC04C34B5B80A2D86AD0EAFB2DD71436F070C86B0321FBA0201879625FD
3868iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:7A5F75CE9A85CF9C8170772ED2E3A8E9
SHA256:4566D4576F592B81D4BEC0D26515EAA8BD8C78D15F1B32A14DBA7BA0ECDCC04F
3868iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B41536A95528E30E0A32B47992EB92CFbinary
MD5:99DED1CE8E5552C9B1151F697122040B
SHA256:2CBDD3AC4D8DFC57098D1A57D3B4995719047C88F4CEAE34E4174F7957675B39
3868iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar7DE8.tmpcat
MD5:73B4B714B42FC9A6AAEFD0AE59ADB009
SHA256:C0CF8CC04C34B5B80A2D86AD0EAFB2DD71436F070C86B0321FBA0201879625FD
3868iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab7DE7.tmpcompressed
MD5:FC4666CBCA561E864E7FDF883A9E6661
SHA256:10F3DEB6C452D749A7451B5D065F4C0449737E5EE8A44F4D15844B503141E65B
3868iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab7DE9.tmpcompressed
MD5:FC4666CBCA561E864E7FDF883A9E6661
SHA256:10F3DEB6C452D749A7451B5D065F4C0449737E5EE8A44F4D15844B503141E65B
3868iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:EC8FF3B1DED0246437B1472C69DD1811
SHA256:E634C2D1ED20E0638C95597ADF4C9D392EBAB932D3353F18AF1E4421F4BB9CAB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
16
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3868
iexplore.exe
GET
178.79.242.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?28cd191fc38cb4ba
DE
whitelisted
3868
iexplore.exe
GET
184.24.9.54:80
http://x2.c.lencr.org/
DE
whitelisted
3868
iexplore.exe
GET
178.79.242.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e2489aa23540fd33
DE
whitelisted
3868
iexplore.exe
GET
200
2.16.202.121:80
http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgO7XFlTwfR%2Fpgi%2Fd8Z1X2a9uw%3D%3D
NL
der
346 b
whitelisted
3868
iexplore.exe
GET
200
184.24.9.54:80
http://x1.c.lencr.org/
DE
der
717 b
whitelisted
3868
iexplore.exe
GET
200
178.79.242.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e0b60feaec228824
DE
compressed
61.4 Kb
whitelisted
3868
iexplore.exe
GET
200
178.79.242.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?fa5849ad9b9daecc
DE
compressed
61.4 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2560
iexplore.exe
131.253.33.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3868
iexplore.exe
188.114.97.3:443
trade.capital-group.tech
CLOUDFLARENET
NL
malicious
3868
iexplore.exe
188.114.96.3:443
trade.capital-group.tech
CLOUDFLARENET
NL
malicious
3868
iexplore.exe
178.79.242.128:80
ctldl.windowsupdate.com
LLNW
DE
malicious
178.79.242.128:80
ctldl.windowsupdate.com
LLNW
DE
malicious
2560
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
3868
iexplore.exe
184.24.9.54:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown
3868
iexplore.exe
2.16.202.121:80
e1.o.lencr.org
Akamai International B.V.
NL
suspicious

DNS requests

Domain
IP
Reputation
trade.capital-group.tech
  • 188.114.97.3
  • 188.114.96.3
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.22.200
  • 131.253.33.200
whitelisted
ctldl.windowsupdate.com
  • 178.79.242.128
  • 95.140.236.0
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
x1.c.lencr.org
  • 184.24.9.54
whitelisted
x2.c.lencr.org
  • 184.24.9.54
whitelisted
e1.o.lencr.org
  • 2.16.202.121
  • 95.101.54.107
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://trade.capital-group.tech/