analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://indd.adobe.com/view/c6f9cfd2-a3b9-4496-8039-673365859914

Full analysis: https://app.any.run/tasks/84e85bfa-d1db-4152-b870-65868c48a259
Verdict: Malicious activity
Analysis date: January 25, 2022, 01:33:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

E51A83A35BE7F6973A6EC4C5A3AA40C3

SHA1:

44CCA6942E77F0A327E9BB8DE4CF22D9D0B10C21

SHA256:

AB2CFC5C4F2E2BDC6531DC24A671E0A08B27A594397AF53C1CB498699FC2667D

SSDEEP:

3:N8cBLMTucY4HPRcEG5TSRcdJLn:2c9+YV5YsR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2720)
    • Checks supported languages

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3488)
    • Reads the computer name

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3488)
    • Executed via COM

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3488)
    • Creates files in the user directory

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3488)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 612)
      • iexplore.exe (PID: 2720)
    • Reads the computer name

      • iexplore.exe (PID: 612)
      • iexplore.exe (PID: 2720)
    • Application launched itself

      • iexplore.exe (PID: 612)
    • Changes internet zones settings

      • iexplore.exe (PID: 612)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 612)
      • iexplore.exe (PID: 2720)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 612)
      • iexplore.exe (PID: 2720)
    • Reads CPU info

      • iexplore.exe (PID: 2720)
    • Creates files in the user directory

      • iexplore.exe (PID: 2720)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2720)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_32_0_0_453_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
612"C:\Program Files\Internet Explorer\iexplore.exe" "https://indd.adobe.com/view/c6f9cfd2-a3b9-4496-8039-673365859914"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2720"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:612 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3488C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe
Integrity Level:
MEDIUM
Description:
Adobe� Flash� Player Installer/Uninstaller 32.0 r0
Version:
32,0,0,453
Total events
16 942
Read events
16 813
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
15
Text files
60
Unknown types
37

Dropped files

PID
Process
Filename
Type
612iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:FC990EAA7247546FB67C18916A4CAC9B
SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993
612iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:6BA82CD949377199F8702AD7340DC222
SHA256:3C2FA5FD1B6AAF67731EC1FFB64786211A91AB69487B67E7F36739227961ACC1
2720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E11E75149C17A93653DA7DC0B8CF53F_3E57912013BE29440FBF538304BA19A0der
MD5:BCA658D161F70DA44BD830B0ADB0EDA7
SHA256:B0DADA02EB933C6D0BAAE7BE2550CA5E8CC31E6B51269C9B1068114F13158D72
2720iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\in.min[1].csstext
MD5:ECA876798CA8B053484948AB09EF37DE
SHA256:5FC8E0E444D2BC030996E56104AE82406FF84AEC763F121E0C6E2F579914DF0B
2720iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\prod-eu-west-1-newrelic[1].jstext
MD5:956C839FF8918EE0FAA5B64AF0F466CF
SHA256:7919EA5143223176D8EECAB11A09859B283D03CFCF0CD253238F8365A073407D
2720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6binary
MD5:362104149671124039B6B4CF84112781
SHA256:43C3708D606418D2CDA8D862E2FD0D33767EA8DF4319C6243C86204C53CD72F8
2720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E11E75149C17A93653DA7DC0B8CF53F_3E57912013BE29440FBF538304BA19A0binary
MD5:2A2858A29D554D245009BA18E0EFA9EF
SHA256:C49E41891D7A053FD3EF431D3B4374F6202600FEA8C215A763DA7B8CDFFDEC2B
612iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:5425CEF3AEE84033B214F0002BFE69A1
SHA256:A3695745DC59CDDCA9F1DF753CD63C84A55E21072DE31D9D22C342645AF1ACFC
2720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6der
MD5:D94C08EB9C2992C5D8CFE12C5E185A6B
SHA256:56B861E5117B8E08800AFD24DB0133D298E11E478ADB1D17DFE7654DBA08D5A5
2720iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\localeChange[1].jstext
MD5:9BC9B8EFCCEA319404C924438C23D3F1
SHA256:F2F2C3CC593716654F0068E5F2B81F5B8C2EE0A75B9CD75CFA8CA1A50C5935F8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
76
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2720
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHophRq39F1meVBmQbb%2F1x0%3D
US
der
1.40 Kb
whitelisted
612
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2720
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
2720
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
612
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2720
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAR01OSeHJor2P8HiOg6iA4%3D
US
der
471 b
whitelisted
2720
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
2720
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/ssca-sha2-g7.crl
US
binary
80.6 Kb
whitelisted
2720
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAR01OSeHJor2P8HiOg6iA4%3D
US
der
471 b
whitelisted
2720
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAVv%2Fv551b8Lj%2BoaHAGyxSU%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
612
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
612
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2720
iexplore.exe
99.86.241.99:443
indd.adobe.com
AT&T Services, Inc.
US
unknown
612
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2720
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2720
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2720
iexplore.exe
18.66.248.111:443
adobeindd.com
Massachusetts Institute of Technology
US
unknown
152.199.19.161:443
r20swj13mr.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
612
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
indd.adobe.com
  • 99.86.241.99
  • 99.86.241.97
  • 99.86.241.48
  • 99.86.241.23
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
assets.adobedtm.com
  • 92.123.125.28
whitelisted
use.typekit.net
  • 95.100.97.90
  • 95.100.97.104
whitelisted
connect.facebook.net
  • 157.240.221.16
whitelisted
adobeindd.com
  • 18.66.248.111
  • 18.66.248.66
  • 18.66.248.15
  • 18.66.248.56
whitelisted
sstats.adobe.com
  • 15.188.95.229
  • 13.36.218.177
  • 15.236.176.210
whitelisted

Threats

No threats detected
No debug info