File name:

MEMZ 3.0 (1).zip

Full analysis: https://app.any.run/tasks/3920d4d1-4a81-4a36-b3b8-59da78bf6609
Verdict: Malicious activity
Analysis date: July 01, 2024, 19:13:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

230D7DCB83B67DEFF379A563ABBBD536

SHA1:

DC032D6A626F57B542613FDE876715765E0B1A42

SHA256:

A9CD3D966D453AFD424D9AC54DF414B80073BB51D249F4089185976FB316E254

SSDEEP:

384:+gTgSLZ5WpPu3944wiiNIw2nbI6B/PvpITFkvbWa:+cvLZ5n9Sb9ytp6kl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3416)
      • Skype-Setup.exe (PID: 3716)

    • Creates a writable file in the system directory

      • cmd.exe (PID: 1828)
      • cscript.exe (PID: 568)

    • Gets a file object corresponding to the file in a specified path (SCRIPT)

      • cscript.exe (PID: 568)

    • Uses base64 encoding (SCRIPT)

      • cscript.exe (PID: 568)

  • SUSPICIOUS

    • Application launched itself

      • Skype.exe (PID: 2092)
      • MEMZ.exe (PID: 1516)

    • Reads the Internet Settings

      • Skype.exe (PID: 2092)
      • cscript.exe (PID: 568)
      • MEMZ.exe (PID: 1516)
      • MEMZ.exe (PID: 2196)

    • The process executes JS scripts

      • cmd.exe (PID: 1828)

    • Script creates XML DOM node (SCRIPT)

      • cscript.exe (PID: 568)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • cscript.exe (PID: 568)

    • Creates a Stream, which may work with files, input/output devices, pipes, or TCP/IP sockets (SCRIPT)

      • cscript.exe (PID: 568)

    • Sets XML DOM element text (SCRIPT)

      • cscript.exe (PID: 568)

    • Creates XML DOM element (SCRIPT)

      • cscript.exe (PID: 568)

    • Saves data to a binary file (SCRIPT)

      • cscript.exe (PID: 568)

    • Writes binary data to a Stream object (SCRIPT)

      • cscript.exe (PID: 568)

    • Creates a Folder object (SCRIPT)

      • cscript.exe (PID: 568)

    • Reads security settings of Internet Explorer

      • MEMZ.exe (PID: 1516)
      • MEMZ.exe (PID: 2196)

    • Creates file in the systems drive root

      • MEMZ.exe (PID: 2196)
      • notepad.exe (PID: 4024)

    • Start notepad (likely ransomware note)

      • MEMZ.exe (PID: 2196)

    • Executable content was dropped or overwritten

      • cscript.exe (PID: 568)
      • Skype-Setup.exe (PID: 3716)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3416)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3272)
      • Skype.exe (PID: 2092)
      • cmd.exe (PID: 1828)
      • msedge.exe (PID: 2492)
      • msedge.exe (PID: 3656)
      • taskmgr.exe (PID: 3020)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3272)
      • Skype.exe (PID: 2092)
      • Skype.exe (PID: 2900)
      • Skype.exe (PID: 2420)
      • Skype.exe (PID: 3152)
      • MEMZ.exe (PID: 3864)
      • MEMZ.exe (PID: 3304)
      • MEMZ.exe (PID: 2424)
      • MEMZ.exe (PID: 4044)
      • MEMZ.exe (PID: 2000)
      • MEMZ.exe (PID: 2196)
      • MEMZ.exe (PID: 1516)
      • Skype.exe (PID: 2164)
      • Skype-Setup.tmp (PID: 2180)
      • Skype.exe (PID: 3940)
      • Skype-Setup.exe (PID: 3716)

    • Reads product name

      • Skype.exe (PID: 2092)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3272)
      • Skype.exe (PID: 2092)
      • Skype.exe (PID: 2420)
      • Skype.exe (PID: 3152)
      • MEMZ.exe (PID: 1516)
      • MEMZ.exe (PID: 2196)
      • Skype.exe (PID: 2164)
      • Skype-Setup.tmp (PID: 2180)
      • Skype.exe (PID: 3940)

    • Creates files or folders in the user directory

      • Skype.exe (PID: 2092)
      • cscript.exe (PID: 568)

    • Reads Environment values

      • Skype.exe (PID: 2092)

    • Reads CPU info

      • Skype.exe (PID: 2092)

    • Reads security settings of Internet Explorer

      • cscript.exe (PID: 568)

    • Drops the executable file immediately after the start

      • cscript.exe (PID: 568)

    • Create files in a temporary directory

      • Skype-Setup.exe (PID: 3716)

    • Application launched itself

      • msedge.exe (PID: 832)
      • msedge.exe (PID: 3656)
      • msedge.exe (PID: 1020)
      • msedge.exe (PID: 2492)

    • Reads the machine GUID from the registry

      • MEMZ.exe (PID: 2196)
      • MEMZ.exe (PID: 2424)
      • MEMZ.exe (PID: 3304)
      • MEMZ.exe (PID: 3864)
      • MEMZ.exe (PID: 4044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2018:11:06 13:03:58
ZipCRC: 0x5574a807
ZipCompressedSize: 8517
ZipUncompressedSize: 12344
ZipFileName: MEMZ 3.0/MEMZ.bat
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
110
Monitored processes
66
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe wmpnscfg.exe no specs skype.exe skype.exe skype.exe no specs skype.exe no specs skype-setup.exe cmd.exe cscript.exe memz.exe no specs memz.exe no specs memz.exe no specs memz.exe no specs memz.exe no specs memz.exe no specs memz.exe no specs notepad.exe no specs skype.exe no specs skype-setup.tmp no specs skype.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs taskmgr.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
184"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3068 --field-trial-handle=880,i,3149858717418854942,15664446633277817748,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
524"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2564 --field-trial-handle=880,i,3149858717418854942,15664446633277817748,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
568cscript x.js C:\Windows\System32\cscript.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ® Console Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\cscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
580"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4364 --field-trial-handle=880,i,3149858717418854942,15664446633277817748,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
684"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4240 --field-trial-handle=880,i,3149858717418854942,15664446633277817748,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
832"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friendC:\Program Files\Microsoft\Edge\Application\msedge.exeMEMZ.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
976"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1388 --field-trial-handle=1244,i,9557260901372376492,8420423412117007562,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1020"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friendC:\Program Files\Microsoft\Edge\Application\msedge.exeMEMZ.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1104"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=880,i,3149858717418854942,15664446633277817748,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1172"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3388 --field-trial-handle=880,i,3149858717418854942,15664446633277817748,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
36 063
Read events
35 820
Write events
227
Delete events
16

Modification events

(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3416) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\MEMZ 3.0 (1).zip
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3416) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
3
Suspicious files
202
Text files
96
Unknown types
0

Dropped files

PID
Process
Filename
Type
2196MEMZ.exe\Device\Harddisk0\DR0
MD5:
SHA256:
2092Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\settings.datbinary
MD5:3B2AEFD32F61DB8110091B81A16A9AD1
SHA256:27A6D2020F45CD9D3F4DFCF837EC661A1D997B08D23E3CB41B94186C21A50B37
3416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3416.812\MEMZ 3.0\MEMZ.exeexecutable
MD5:A7BCF7EA8E9F3F36EBFB85B823E39D91
SHA256:3FF64F10603F0330FA2386FF99471CA789391ACE969BD0EC1C1B8CE1B4A6DB42
2092Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old~RF532a0.TMPtext
MD5:FF878337359379694741312E6B39EF79
SHA256:AFDE1D769112411CE68EBA5A2821FED0E058B8A31D0795F6047718DD324B3C8F
3416WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3416.812\MEMZ 3.0\MEMZ.battext
MD5:13A43C26BB98449FD82D2A552877013A
SHA256:5F52365ACCB76D679B2B3946870439A62EB8936B9A0595F0FB0198138106B513
2092Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.oldtext
MD5:AEAB6EEF48334E4749D630894ADCA674
SHA256:7B1139E4ABA3CF16CA2C097DC19F515B73C934315CC497769B6627C6252AE264
2196MEMZ.exeC:\note.txtbinary
MD5:AFA6955439B8D516721231029FB9CA1B
SHA256:8E9F20F6864C66576536C0B866C6FFDCF11397DB67FE120E972E244C3C022270
2272msedge.exe
MD5:
SHA256:
1828cmd.exeC:\Windows\system32\xtext
MD5:B2C77680F74E7D11B3A3A559F2A683BB
SHA256:7B628FE341F65759C53C149A6607242E610E8A7077FD815B68C1415621BFDB6E
2092Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferencesbinary
MD5:AC15944F75F065EEDB7E4E220859C81A
SHA256:A69F9582BA5448CD6BCF67076277DC2FEF1ECDDAB79D8DE031A2588BBEE62583
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
64
DNS requests
65
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
88.221.110.121:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
DE
unknown
1060
svchost.exe
GET
304
88.221.110.122:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?67a3611ec3c0260d
DE
unknown
1372
svchost.exe
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
unknown
1372
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.01 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1372
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1372
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1372
svchost.exe
88.221.110.121:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.218.209.163:80
www.microsoft.com
AKAMAI-AS
DE
unknown
2092
Skype.exe
52.113.194.133:443
get.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
dns.msftncsi.com
  • 131.107.255.255
shared
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
ctldl.windowsupdate.com
  • 88.221.110.121
  • 88.221.110.96
  • 88.221.110.64
  • 88.221.110.112
  • 88.221.110.122
  • 88.221.110.106
  • 88.221.110.115
  • 88.221.110.65
  • 2.16.100.163
  • 88.221.110.104
  • 88.221.110.105
  • 88.221.110.75
  • 88.221.110.114
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 23.218.209.163
  • 88.221.169.152
whitelisted
get.skype.com
  • 52.113.194.133
whitelisted
a.config.skype.com
  • 13.107.42.16
whitelisted
download.skype.com
  • 184.28.88.180
whitelisted
google.co.ck
  • 142.250.185.164
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted

Threats

No threats detected
Process
Message
Skype.exe
[0701/201330.281:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\attachments\3a0ee62b-79ac-4cc3-bbd5-f65252e7a91f: The system cannot find the file specified. (0x2)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MEMZ 3.0 (1).zip