analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://brave-aryabhata-29ef4a.netlify.app/

Full analysis: https://app.any.run/tasks/0ec0298a-e6c0-4036-a080-dec7e7df129a
Verdict: Malicious activity
Analysis date: January 24, 2022, 16:34:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
phishing
Indicators:
MD5:

924CE7BEA7121072BC1805D72A52D130

SHA1:

EDDE79912C5749954A619746F91ECAC0E6FECCF5

SHA256:

A9B576C18791D0AF281BA5864B0E5E9B043073B30D8A7A206E70436D6B48C9AC

SSDEEP:

3:N8adEtGBDilcf:2GBWq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2184)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 492)
      • iexplore.exe (PID: 2184)
    • Checks supported languages

      • iexplore.exe (PID: 492)
      • iexplore.exe (PID: 2184)
    • Changes internet zones settings

      • iexplore.exe (PID: 492)
    • Application launched itself

      • iexplore.exe (PID: 492)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 492)
      • iexplore.exe (PID: 2184)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 492)
      • iexplore.exe (PID: 2184)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2184)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
492"C:\Program Files\Internet Explorer\iexplore.exe" "https://brave-aryabhata-29ef4a.netlify.app/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2184"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:492 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
11 860
Read events
11 749
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
6
Text files
5
Unknown types
3

Dropped files

PID
Process
Filename
Type
2184iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_B514E3306E9B5CC22C1D3DB90570477Ader
MD5:E6BD9134E8374E70C307E15CA5C5BA8F
SHA256:B6C9F4FC32D25638BFAC7BDAD3F5E2DEF1F3EB91140F15C0DE6548D7DC4D85F2
2184iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_B514E3306E9B5CC22C1D3DB90570477Abinary
MD5:E6F95FDFC7D72CEE8D2682BAD38FAF3D
SHA256:3E652C6D80996D11DF1B138CC0D032C107A8F32FF64D2A631C6F61F2CA67ED3F
492iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:266DA4F10C7B055E57CE625F0F94410A
SHA256:8F6F8F85029763A6DACDEB22D87FB78BA26D3A149CAB785E0F974DABA60EF1BB
492iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:111DCDB55A88510DB3C1E141A0EA1538
SHA256:022A2CD07C65A61F3419427C0D278028CC8FD3C40D593279C2035D881013973B
2184iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B9C0457FE8FDF881D9EA458DAD3D4142_50CBEA42B0661B4C401C547997C38795der
MD5:A1B371348630DF216FB9F91F1423DC76
SHA256:BF813CC33DBE3C4C015355B155FF20BBD7E08C84D43383EB055BE70206896F9A
2184iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B9C0457FE8FDF881D9EA458DAD3D4142_50CBEA42B0661B4C401C547997C38795binary
MD5:CA79138B672CC568BA67062F77A8F91D
SHA256:69DF75D1C0BCCF61707A2121D408F8743E4585A20C9F68548C44D9AF08F1503A
492iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:C488B5F6D92E40580A7C97B107F1A695
SHA256:0796C15272C833A101284E1E5C50A442000291C239D2AFABDA675A8DC1D3A54D
492iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
492iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
492iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\urlblockindex[2].binbinary
MD5:FA518E3DFAE8CA3A0E495460FD60C791
SHA256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
16
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2184
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAonX%2BcE1u7LI9XNW0saTgQ%3D
US
der
471 b
whitelisted
2184
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAXuEb2NyWme3Nf0wkiccYA%3D
US
der
313 b
whitelisted
492
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
492
iexplore.exe
GET
200
178.79.242.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bc29d884997e6938
DE
compressed
4.70 Kb
whitelisted
492
iexplore.exe
GET
200
2.16.106.202:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?28607792bead65ac
unknown
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
492
iexplore.exe
2.16.106.202:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
492
iexplore.exe
178.79.242.0:80
ctldl.windowsupdate.com
Limelight Networks, Inc.
DE
whitelisted
492
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2184
iexplore.exe
3.67.234.155:443
brave-aryabhata-29ef4a.netlify.app
US
malicious
492
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
492
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2184
iexplore.exe
18.159.128.50:443
brave-aryabhata-29ef4a.netlify.app
Massachusetts Institute of Technology
US
malicious

DNS requests

Domain
IP
Reputation
brave-aryabhata-29ef4a.netlify.app
  • 3.67.234.155
  • 18.159.128.50
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 2.16.106.202
  • 2.16.106.233
  • 2.16.106.163
  • 178.79.242.0
  • 178.79.242.128
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
crl3.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Suspicious Netlify Hosted DNS Request - Possible Phishing Landing
2184
iexplore.exe
Misc activity
ET INFO Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
2184
iexplore.exe
Misc activity
ET INFO Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
No debug info