analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://urldefense.com/v3/__https://www.medaxiom.com__;!!NoSwA-eRAg!XdN-1vEYaiRMmHCRlsXCsR7RA5d2LdQ-pE47OZFOuS-UNla3kcyCbb2EKfHu-DD3pw$

Full analysis: https://app.any.run/tasks/810d4999-72b3-4394-a50c-6ba34ab067d3
Verdict: Malicious activity
Analysis date: August 12, 2022, 18:33:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

2791BC683CBC00DDCC1FFA1E6E878BB7

SHA1:

7A6E7E21D28DCEA206C90AEF042E693A3253D84A

SHA256:

A8F15432D7D63855EE0DC8EEDC190940CB53B4C3663AE5DE66A47A84A9CEB326

SSDEEP:

3:N8U2DAL5IKTWK66NR0rSL4lhKHreu93L8TaDFBzrDrxB:2UJtIrhVGL4PyoTavvDrH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3576)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3576)
      • iexplore.exe (PID: 300)

    • Checks supported languages

      • iexplore.exe (PID: 300)
      • iexplore.exe (PID: 3576)

    • Application launched itself

      • iexplore.exe (PID: 300)

    • Changes internet zones settings

      • iexplore.exe (PID: 300)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3576)
      • iexplore.exe (PID: 300)

    • Changes settings of System certificates

      • iexplore.exe (PID: 300)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3576)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 300)
      • iexplore.exe (PID: 3576)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\Program Files\Internet Explorer\iexplore.exe" "https://urldefense.com/v3/__https://www.medaxiom.com__;!!NoSwA-eRAg!XdN-1vEYaiRMmHCRlsXCsR7RA5d2LdQ-pE47OZFOuS-UNla3kcyCbb2EKfHu-DD3pwf7f81a39-5f63-5b42-9efd-1f13b5431005quot;C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3576"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:300 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
19 588
Read events
19 443
Write events
141
Delete events
4

Modification events

(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30977657
(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
261318482
(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30977658
(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
35
Text files
79
Unknown types
35

Dropped files

PID
Process
Filename
Type
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833Bder
MD5:614F7B75F8BA6B85B0D3B6988FDAC98B
SHA256:06F72B87CF5655F9C09E1A4ED84BC5FDBABD6DF87A613FD64FE70606ED9C7AEF
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_F0B960C3B1E522BB9772662759982F90der
MD5:6501F5D9F84ABE583FCC1A8B9A646EB2
SHA256:896EF10AB15CE171B4639F4E5F860D052AD746D1EAFF97CA62C50E70DD92ADA6
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:6AAC8582893304B7B678B7E864946238
SHA256:8986A95049C4208CB8D384C59720ADA1E8CF2795CB9AEAE70317D88789049590
300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:7E8D28634058423E8EAFD7102D6A09E9
SHA256:88C4292F23C3B02EDC5A1EED0A837BA71437C58B71A5B34989FED92EFDC89216
300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:9F3AF5F31D3D47481A9A9E42C9125BC7
SHA256:AAE73336ACA45F1CB5B043FAD5D2D473381EDEE7997482EBE28C0C34CC0823B1
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833Bbinary
MD5:AE2D7839CFE5C28835494919BEF1CC28
SHA256:69085D2DD1F85BC86C4B7748EB9D8F87A91F01827F338BF26072BFBA40D58895
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:D335F3F4CE9873A06DB70F6EBD06F811
SHA256:DB891008D42A8F305CBF3CE31EF255CBADAA5933896D0F8C81FBC413A78773DD
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562binary
MD5:CCBB5155EC7879D016926A74BA0594E2
SHA256:39FC858948F82A95BF95C1222F857F29BF3B5725A69028491ADD53B52D488356
3576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26binary
MD5:027DA23A436CABC139F7F0258A5AC956
SHA256:D9A4A8190EB078AD2BD6B81D5C689BDA2D58AE5229E7FD330F9C0C9C3E7B1729
300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
108
DNS requests
43
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3576
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEA2KFitLH9n0LY9WTWFSpcE%3D
US
der
471 b
whitelisted
3576
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
1.42 Kb
whitelisted
3576
iexplore.exe
GET
200
192.124.249.36:80
http://ocsp.starfieldtech.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM%2BuArAQUJUWBaFAmOD07LSy%2BzWrZtj2zZmMCCHqTPa%2FWlr93
US
der
1.80 Kb
whitelisted
3576
iexplore.exe
GET
200
172.217.18.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCQEWZx1Os9sgr9kRTyYy5g
US
der
472 b
whitelisted
3576
iexplore.exe
GET
200
192.124.249.36:80
http://ocsp.starfieldtech.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA%3D%3D
US
der
1.70 Kb
whitelisted
3576
iexplore.exe
GET
200
172.217.18.99:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
300
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3576
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
US
der
2.18 Kb
whitelisted
3576
iexplore.exe
GET
200
192.124.249.36:80
http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D
US
der
1.74 Kb
whitelisted
3576
iexplore.exe
GET
200
172.217.18.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDGaM9nfILxSxIGz%2Bm2TRwQ
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3576
iexplore.exe
52.6.56.188:443
urldefense.com
Amazon.com, Inc.
US
suspicious
300
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
300
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3576
iexplore.exe
8.249.61.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
3576
iexplore.exe
216.150.17.244:443
www.medaxiom.com
Peer 1 Network (USA) Inc.
US
unknown
3576
iexplore.exe
172.64.155.188:80
ocsp.comodoca.com
US
suspicious
3576
iexplore.exe
192.124.249.36:80
ocsp.starfieldtech.com
Sucuri
US
suspicious
3576
iexplore.exe
142.250.185.104:443
www.googletagmanager.com
Google Inc.
US
suspicious
3576
iexplore.exe
142.250.185.170:443
ajax.googleapis.com
Google Inc.
US
whitelisted
3576
iexplore.exe
104.16.124.175:443
unpkg.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
urldefense.com
  • 52.6.56.188
  • 52.71.28.102
  • 52.204.90.22
shared
ctldl.windowsupdate.com
  • 8.249.61.254
  • 8.238.176.254
  • 8.249.63.254
  • 8.241.45.126
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
ocsp.comodoca.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.usertrust.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.sectigo.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
www.medaxiom.com
  • 216.150.17.244
unknown
ocsp.starfieldtech.com
  • 192.124.249.36
  • 192.124.249.24
  • 192.124.249.41
  • 192.124.249.23
  • 192.124.249.22
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://urldefense.com/v3/__https://www.medaxiom.com__;!!NoSwA-eRAg!XdN-1vEYaiRMmHCRlsXCsR7RA5d2LdQ-pE47OZFOuS-UNla3kcyCbb2EKfHu-DD3pw$