analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://megaexposure.audello.com/atos-v2/

Full analysis: https://app.any.run/tasks/8a855346-8679-405e-9b56-345207f3ab31
Verdict: Malicious activity
Analysis date: February 22, 2020, 09:59:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

48DD2F28757E2D25E2E69B4466853868

SHA1:

99682FECDBEE62BAD305E0CF31DCED98ABB0603C

SHA256:

AA76CC97954765FCDE4C6241EBFA677A52EF790BC3BBDF713A83BE033E54911E

SSDEEP:

3:N1KTEXXAwUsid32:CU4bdG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3364)
      • iexplore.exe (PID: 1740)

    • Changes internet zones settings

      • iexplore.exe (PID: 1740)

    • Manual execution by user

      • SndVol.exe (PID: 440)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3364)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1740)

    • Changes settings of System certificates

      • iexplore.exe (PID: 1740)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe sndvol.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1740"C:\Program Files\Internet Explorer\iexplore.exe" http://megaexposure.audello.com/atos-v2/C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3364"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1740 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
440SndVol.exe -f 46138501 16436C:\Windows\system32\SndVol.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Volume Mixer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sndvol.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
Total events
7 773
Read events
1 016
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
7
Text files
16
Unknown types
7

Dropped files

PID
Process
Filename
Type
3364iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\assets[1].jstext
MD5:3B2DAA065D542FCE24E9FB09455E10CB
SHA256:E82B8146BB4C639F68D089CE9C3046BAB11416019A331B265BB57EDBA9797CE7
3364iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\css[2].csstext
MD5:1A031A77404D9225A430F63785CF8A71
SHA256:86427DB58860B615580940C3C35AAB7DF2F7F2A056778E8C52DFE35EF9DF893D
1740iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3364iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\css[1].csstext
MD5:306D5175EFD3C557612F0E86CDEBF600
SHA256:797C72BA99ED74BC2128ED5F1C61F783073E9C9FB6C519C8923D0B6F778A03CE
3364iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\default[1].csstext
MD5:1BF94AF0DB7FC624021A6B20C021504F
SHA256:B9B14CD868A50760B416D8D09C7FA487933D6F253F7778343B31C3F9D8A25A6D
1740iexplore.exeC:\Users\admin\AppData\Local\Temp\Cab3D7A.tmp
MD5:
SHA256:
1740iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.datbinary
MD5:A24E728BD9AB0DB558EE9A740FD024A7
SHA256:482326F021C71E4C0762F11EF240FB8E7317C591809855B411E5D5177FAB3C8D
1740iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:693C16117BAE02AF840BC9F7CB6F8E6D
SHA256:1E2DE1CCD79905A57915D36A8AAFB69C36D13F2FC28BEA2E8C65A16366D94BFF
1740iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar3D7B.tmp
MD5:
SHA256:
1740iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver3D9B.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
19
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3364
iexplore.exe
GET
200
3.221.116.230:80
http://megaexposure.audello.com/atos-v2/
US
html
1.10 Kb
unknown
3364
iexplore.exe
GET
200
52.216.241.172:80
http://audello-h-154733bd20e504.s3.amazonaws.com/page/themes/reset.css
US
text
585 b
shared
3364
iexplore.exe
GET
200
172.217.23.99:80
http://fonts.gstatic.com/s/hammersmithone/v10/qWcyB624q4L_C4jGQ9IK0O_dFlnrtREj.woff
US
woff
23.9 Kb
whitelisted
3364
iexplore.exe
GET
200
52.216.241.172:80
http://audello-h-154733bd20e504.s3.amazonaws.com/player/assets/lightning-1.0/lightning.css
US
text
19.2 Kb
shared
3364
iexplore.exe
GET
200
52.216.241.172:80
http://audello-h-154733bd20e504.s3.amazonaws.com/player/assets/lightning-1.0/fontawesome/css/font-awesome.css
US
text
4.68 Kb
shared
3364
iexplore.exe
GET
200
172.217.23.170:80
http://fonts.googleapis.com/css?family=Source+Sans+Pro
US
text
218 b
whitelisted
3364
iexplore.exe
GET
200
3.221.116.230:80
http://megaexposure.audello.com/player/YXRvcy12Mi5tcDM=/?profile=default&container=audello-KKZ1WDCQ4X
US
html
1.75 Kb
unknown
3364
iexplore.exe
GET
200
172.217.23.170:80
http://fonts.googleapis.com/css?family=Oswald:700
US
text
187 b
whitelisted
3364
iexplore.exe
GET
200
172.217.23.170:80
http://fonts.googleapis.com/css?family=Hammersmith+One
US
text
201 b
whitelisted
1740
iexplore.exe
GET
200
3.221.116.230:80
http://megaexposure.audello.com/favicon.ico
US
image
95 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3364
iexplore.exe
172.217.23.170:80
fonts.googleapis.com
Google Inc.
US
whitelisted
3364
iexplore.exe
3.221.116.230:80
megaexposure.audello.com
US
unknown
1740
iexplore.exe
3.221.116.230:80
megaexposure.audello.com
US
unknown
3364
iexplore.exe
172.217.23.99:80
fonts.gstatic.com
Google Inc.
US
whitelisted
1740
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3364
iexplore.exe
52.216.241.172:80
audello-h-154733bd20e504.s3.amazonaws.com
Amazon.com, Inc.
US
shared
1740
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1740
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
megaexposure.audello.com
  • 3.221.116.230
  • 52.21.194.74
unknown
audello-h-154733bd20e504.s3.amazonaws.com
  • 52.216.241.172
shared
fonts.googleapis.com
  • 172.217.23.170
whitelisted
fonts.gstatic.com
  • 172.217.23.99
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://megaexposure.audello.com/atos-v2/