analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://Files.bajaelping.online

Full analysis: https://app.any.run/tasks/d33e03d2-71b5-4156-afa7-b90e099d691c
Verdict: Malicious activity
Analysis date: March 31, 2020, 07:32:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D6D20B5B3F9A5914CE08CE05831EA36A

SHA1:

031937FD18E54584DDC49F3C59F2ADED21113DAE

SHA256:

A8D3FAB65CDDC1C0BDBBA143F9944844C4798CB8415C930DA4CD466A2C389438

SSDEEP:

3:N1KBJkPEAJmaLAn:CEJdLA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 3740)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3740)
      • iexplore.exe (PID: 2816)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2816)

    • Creates files in the user directory

      • iexplore.exe (PID: 2816)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3740)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3740)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3740"C:\Program Files\Internet Explorer\iexplore.exe" "http://Files.bajaelping.online"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2816"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3740 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
5 040
Read events
416
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
168
Text files
192
Unknown types
77

Dropped files

PID
Process
Filename
Type
3740iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2816iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab9080.tmp
MD5:
SHA256:
2816iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar9081.tmp
MD5:
SHA256:
2816iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\6BY0FCTI.txttext
MD5:A1E630544AB10BF200E6359E40C39B84
SHA256:5F88987E71123BC23173B2F5241200C041BE55B729D9A382B41AD9CE646EC546
2816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619der
MD5:DE258D014D52CEE566B7A030B495EAFF
SHA256:25CC9F040653782203C0E3497C56CA3AD41479BA9C6C18F459C2C915B9D973C4
2816iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\nav_static[1].csstext
MD5:2E13FF7C9CD68E397A09ECB7D6AC33BA
SHA256:C10D520918C9BD1734A35E4E6C4EFF525282A7257EC7AD9F3B7257BAAE102AF4
2816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5887976EDAA817EEF5159B09F6FCD000_73A9FB39DACAF3BE0955961906FEFEA6der
MD5:0209933F898DB2302BE08BAEB6ECACE1
SHA256:C5AF92416041FFE9D55188553C19421A1E040D76C0022492D6FECB1B3D56E652
2816iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\b2_overview[1].csstext
MD5:6ED043BF4CD560DF4B2D49DCD52858D9
SHA256:B7A6A6E266AF6F5BC5AD0045E32267EBD6E277AD952B28D0276E68C372B10BD9
2816iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\stickynav[1].csstext
MD5:4EFF5D774024A96E6019E630EFEB4900
SHA256:A3F067F4488BE800CE749C59A17023495A0BD1335D597316A42FAC30711DB96D
2816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1der
MD5:FB1DCFAD78F9693BB3A1A362365BDFD6
SHA256:C9733E8718FE8213E3E71412B290E4DE1B8F859D2D994C8BBBC829A37E43951A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
80
TCP/UDP connections
136
DNS requests
62
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2816
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
2816
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D
US
der
1.47 Kb
whitelisted
2816
iexplore.exe
GET
200
216.58.207.35:80
http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFeh1L3VO0beCAAAAAAyCgc%3D
US
der
471 b
whitelisted
2816
iexplore.exe
GET
200
2.16.186.11:80
http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
unknown
der
1.37 Kb
whitelisted
2816
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
2816
iexplore.exe
GET
200
216.58.207.35:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2816
iexplore.exe
GET
200
143.204.98.120:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
2816
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAtAJMM%2BNVf2Cs%2BwXiFKCho%3D
US
der
471 b
whitelisted
2816
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
2816
iexplore.exe
GET
200
216.58.207.35:80
http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFeh1L3VO0beCAAAAAAyCgc%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
216.58.207.42:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2816
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2816
iexplore.exe
104.20.56.48:80
www.backblaze.com
Cloudflare Inc
US
unknown
2816
iexplore.exe
216.58.207.42:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2.21.36.226:443
cdn.optimizely.com
GTT Communications Inc.
FR
unknown
3740
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2816
iexplore.exe
104.24.110.148:443
files.bajaelping.online
Cloudflare Inc
US
suspicious
2816
iexplore.exe
2.21.36.226:443
cdn.optimizely.com
GTT Communications Inc.
FR
unknown
2816
iexplore.exe
104.24.110.148:80
files.bajaelping.online
Cloudflare Inc
US
suspicious
2816
iexplore.exe
104.20.56.48:443
www.backblaze.com
Cloudflare Inc
US
unknown

DNS requests

Domain
IP
Reputation
files.bajaelping.online
  • 104.24.110.148
  • 104.24.111.148
suspicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.backblaze.com
  • 104.20.56.48
  • 104.20.45.48
suspicious
fonts.googleapis.com
  • 216.58.207.42
whitelisted
cdn.optimizely.com
  • 2.21.36.226
whitelisted
ocsp.pki.goog
  • 216.58.207.35
whitelisted
www.googletagmanager.com
  • 172.217.16.168
whitelisted
static.hotjar.com
  • 147.75.32.99
  • 147.75.102.203
  • 147.75.33.131
  • 147.75.102.231
  • 147.75.100.69
  • 147.75.102.13
  • 147.75.32.105
  • 147.75.84.39
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://Files.bajaelping.online