analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://storage.googleapis.com/7b2d287fd06f472cc43874eecedfae/2295beea9375a9afd67c88bd6c47a9#oop/52444_md/9/112255/7246/2274/299284

Full analysis: https://app.any.run/tasks/b91dbb0b-7992-4048-8c58-5b1800980d89
Verdict: Malicious activity
Analysis date: December 05, 2022, 19:51:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

735B6F772864D5190C8C49A4DD63F300

SHA1:

091B8E49052406623A3018001A74935A445D8E38

SHA256:

AA61EE0CC11C2D37E7FD06BF6B6F5653E9414DE17E8D8157DFD2DE390D6745E4

SSDEEP:

3:N8cMECYKKhmH10vVGmAGA66EPeGHlG+IWINPOXBB7cDn:2cMLZHqtXHHlGJ2vqn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 1356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1356"C:\Program Files\Internet Explorer\iexplore.exe" "https://storage.googleapis.com/7b2d287fd06f472cc43874eecedfae/2295beea9375a9afd67c88bd6c47a9#oop/52444_md/9/112255/7246/2274/299284"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
404"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1356 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
14 453
Read events
14 331
Write events
120
Delete events
2

Modification events

(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
145651312
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31000803
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
445807562
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31000803
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
18
Text files
39
Unknown types
16

Dropped files

PID
Process
Filename
Type
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:68F07C0389E0925E6B9CD9282CB92CCF
SHA256:712BBDEABDC761E4E8B043A05F12800B6630DDA1572E81A3034323CFB48007F6
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:B4C04B95A644AB4679E6FEDA2398E93F
SHA256:CD047A6858E3AA91AE78549B83706FC966CC065753E85AA47A15DE3778093862
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:3A1255D28402ED38CB62B584CA9C0E47
SHA256:7D1CFC476789E9A6B120FED9AE1A5D3EA31D59B5398557BB78652E46D9CF04F3
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_210C864A088153BC92DEECCB422B2980der
MD5:588552BD8D38B951A4D25035A83255C6
SHA256:D3CB3FA1549A40DB73BB71BB26B8C21E0BE470F98DC2B922F8B1D9846E9F12C7
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:0BC4E2AB3428A6CAA88A2513E934D70E
SHA256:E05084DB9729212C3913DAFF4D106E0C011151FB18E2F69452AC7D6322192D69
1356iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:2CDCC6BE4182F98865383FF8642E2CD5
SHA256:3A776DE55A1CC326F6D69C8167A983C925084113B380CCE2014D87C1F0EA6C07
404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\2295beea9375a9afd67c88bd6c47a9[1].htmhtml
MD5:9E2995A20FCFAED0447620B6EB27F0BD
SHA256:23BB54BE7E4F21C72BB93D44DAE6C8F91800E064596A65FC589B73279AE8DC74
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_210C864A088153BC92DEECCB422B2980binary
MD5:A35F2E3F117AED4032FDDDFD410DCC0E
SHA256:27D4C3D9E6B5D45281E35F5CBB7E7A9475305C1BA0DB4A2C7FC9B6BB75C61757
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:B75E5F1413595F708119695B0DC8C353
SHA256:284FF4828F71A8687557AC3B138729FB8D9C7C3A27095DC25BC6A314012F7FB5
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:2953CF134AD4052E804FCE383BD8A5AE
SHA256:CFDB0E0F0FE3208454D1B33F914D83535030CFFFB1ACDC2EE15C27A8F9556294
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
70
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
404
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAyM6OdqvbidGHyHdE7%2BuOQ%3D
US
der
278 b
whitelisted
404
iexplore.exe
GET
200
184.25.51.75:80
http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTxi04Jn0RMFNI54yTiHynsTA%3D%3D
US
der
344 b
whitelisted
404
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC0aMZJngSoxhJWvvaZVJku
US
der
472 b
whitelisted
404
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?81bea6f4840cabac
US
compressed
61.4 Kb
whitelisted
404
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
1356
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.78 Kb
whitelisted
1356
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
404
iexplore.exe
GET
200
23.45.105.185:80
http://x2.c.lencr.org/
NL
der
300 b
whitelisted
404
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDreCS75DAIaRKqvCi%2FvL9c
US
der
472 b
whitelisted
404
iexplore.exe
GET
200
23.45.105.185:80
http://x1.c.lencr.org/
NL
der
717 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
404
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
404
iexplore.exe
188.114.96.9:443
nikolaspub.brandigh.com
CLOUDFLARENET
NL
malicious
404
iexplore.exe
142.250.186.67:80
ocsp.pki.goog
GOOGLE
US
whitelisted
1356
iexplore.exe
131.253.33.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
404
iexplore.exe
142.250.186.48:443
GOOGLE
US
whitelisted
131.253.33.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
404
iexplore.exe
172.217.18.16:443
GOOGLE
US
whitelisted
1356
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
404
iexplore.exe
23.45.105.185:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 209.197.3.8
  • 13.107.4.50
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ocsp.pki.goog
  • 142.250.186.67
whitelisted
nikolaspub.brandigh.com
  • 188.114.96.9
  • 188.114.97.9
malicious
ocsp.digicert.com
  • 93.184.220.29
whitelisted
x1.c.lencr.org
  • 23.45.105.185
whitelisted
x2.c.lencr.org
  • 23.45.105.185
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info