URL:

https://storage.googleapis.com/7b2d287fd06f472cc43874eecedfae/2295beea9375a9afd67c88bd6c47a9#oop/52444_md/9/112255/7246/2274/299284

Full analysis: https://app.any.run/tasks/b91dbb0b-7992-4048-8c58-5b1800980d89
Verdict: Malicious activity
Analysis date: December 05, 2022, 19:51:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

735B6F772864D5190C8C49A4DD63F300

SHA1:

091B8E49052406623A3018001A74935A445D8E38

SHA256:

AA61EE0CC11C2D37E7FD06BF6B6F5653E9414DE17E8D8157DFD2DE390D6745E4

SSDEEP:

3:N8cMECYKKhmH10vVGmAGA66EPeGHlG+IWINPOXBB7cDn:2cMLZHqtXHHlGJ2vqn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 1356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1356"C:\Program Files\Internet Explorer\iexplore.exe" "https://storage.googleapis.com/7b2d287fd06f472cc43874eecedfae/2295beea9375a9afd67c88bd6c47a9#oop/52444_md/9/112255/7246/2274/299284"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
404"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1356 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
14 453
Read events
14 331
Write events
120
Delete events
2

Modification events

(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
145651312
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31000803
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
445807562
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31000803
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1356) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
18
Text files
39
Unknown types
16

Dropped files

PID
Process
Filename
Type
1356iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:2CDCC6BE4182F98865383FF8642E2CD5
SHA256:3A776DE55A1CC326F6D69C8167A983C925084113B380CCE2014D87C1F0EA6C07
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:68F07C0389E0925E6B9CD9282CB92CCF
SHA256:712BBDEABDC761E4E8B043A05F12800B6630DDA1572E81A3034323CFB48007F6
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_210C864A088153BC92DEECCB422B2980der
MD5:588552BD8D38B951A4D25035A83255C6
SHA256:D3CB3FA1549A40DB73BB71BB26B8C21E0BE470F98DC2B922F8B1D9846E9F12C7
404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\2295beea9375a9afd67c88bd6c47a9[1].htmhtml
MD5:9E2995A20FCFAED0447620B6EB27F0BD
SHA256:23BB54BE7E4F21C72BB93D44DAE6C8F91800E064596A65FC589B73279AE8DC74
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:3A1255D28402ED38CB62B584CA9C0E47
SHA256:7D1CFC476789E9A6B120FED9AE1A5D3EA31D59B5398557BB78652E46D9CF04F3
1356iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:AC572CBBC82D6D652CDBE2596AEAC4EE
SHA256:50B6D8F62150A7BD25FB3E462130E8E054A0F1FB619487E8C426A4C8BF6BDCA8
1356iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver853E.tmpxml
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10
SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:FC4666CBCA561E864E7FDF883A9E6661
SHA256:10F3DEB6C452D749A7451B5D065F4C0449737E5EE8A44F4D15844B503141E65B
404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:EC8FF3B1DED0246437B1472C69DD1811
SHA256:E634C2D1ED20E0638C95597ADF4C9D392EBAB932D3353F18AF1E4421F4BB9CAB
1356iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8Fder
MD5:406B3F4C3DCB12AC7EE515803CDBACCF
SHA256:824B08BB5371B3583F45B4C08037EDC08B30860079D8A6EA5DBEE813BC7625CA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
70
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1356
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
1356
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.78 Kb
whitelisted
404
iexplore.exe
GET
200
184.25.51.75:80
http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTxi04Jn0RMFNI54yTiHynsTA%3D%3D
US
der
344 b
whitelisted
404
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAyM6OdqvbidGHyHdE7%2BuOQ%3D
US
der
278 b
whitelisted
404
iexplore.exe
GET
200
13.107.4.50:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?564168baa1d201a2
US
compressed
4.70 Kb
whitelisted
404
iexplore.exe
GET
200
23.45.105.185:80
http://x1.c.lencr.org/
NL
der
717 b
whitelisted
404
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDreCS75DAIaRKqvCi%2FvL9c
US
der
472 b
whitelisted
404
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
404
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC0aMZJngSoxhJWvvaZVJku
US
der
472 b
whitelisted
404
iexplore.exe
GET
200
142.250.186.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDUF49VMilPuBJwnl%2BfiT%2F2
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
404
iexplore.exe
142.250.186.67:80
ocsp.pki.goog
GOOGLE
US
whitelisted
404
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
404
iexplore.exe
142.250.186.48:443
GOOGLE
US
whitelisted
1356
iexplore.exe
131.253.33.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1356
iexplore.exe
13.107.22.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
404
iexplore.exe
188.114.96.9:443
nikolaspub.brandigh.com
CLOUDFLARENET
NL
malicious
404
iexplore.exe
172.217.18.16:443
GOOGLE
US
whitelisted
1356
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
404
iexplore.exe
184.25.51.75:80
e1.o.lencr.org
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 209.197.3.8
  • 13.107.4.50
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ocsp.pki.goog
  • 142.250.186.67
whitelisted
nikolaspub.brandigh.com
  • 188.114.96.9
  • 188.114.97.9
malicious
ocsp.digicert.com
  • 93.184.220.29
whitelisted
x1.c.lencr.org
  • 23.45.105.185
whitelisted
x2.c.lencr.org
  • 23.45.105.185
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2023 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://storage.googleapis.com/7b2d287fd06f472cc43874eecedfae/2295beea9375a9afd67c88bd6c47a9#oop/52444_md/9/112255/7246/2274/299284