URL:

https://rule34.xxx/index.php?page=post&s=view&id=3472402

Full analysis: https://app.any.run/tasks/5adaeff4-9fff-41a2-9a95-6c937405625f
Verdict: Malicious activity
Analysis date: February 12, 2022, 16:08:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

210E0525D467825D2B987FC39F1BE25C

SHA1:

BE4410F6E39D369B687C7FCF6A8498086DC5598E

SHA256:

AC0B6563C11CB1B37ACFF9E004F15A435C7C0A0B01AFF252F19BE4C292D11BC0

SSDEEP:

3:N8mLddxGhHer3KkSUYWM:2mpd+Her6kSUI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2200)

  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 2200)
      • iexplore.exe (PID: 3220)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3220)
      • iexplore.exe (PID: 2200)

    • Creates files in the user directory

      • iexplore.exe (PID: 2200)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2200)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2200)
      • iexplore.exe (PID: 3220)

    • Reads the computer name

      • iexplore.exe (PID: 3220)
      • iexplore.exe (PID: 2200)

    • Application launched itself

      • iexplore.exe (PID: 3220)

    • Changes internet zones settings

      • iexplore.exe (PID: 3220)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3220"C:\Program Files\Internet Explorer\iexplore.exe" "https://rule34.xxx/index.php?page=post&s=view&id=3472402"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2200"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3220 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
15
Text files
41
Unknown types
9

Dropped files

PID
Process
Filename
Type
3220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:60A86BE1C5B0B433546B5DD6B4E78604
SHA256:1909FC3B42D7361AE98417DCF43CD89E3D0D2932F7E7DEA1A445F8B8350CF1B3
2200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\r34chibi[1].pngimage
MD5:E7CA148DFCF3954AF34E2EBF1299B144
SHA256:25469FB43AE0019860EFF455EFCCCF02F3E9AD78980903323B1D1FF919F9ED3F
2200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\application[1].jstext
MD5:B98D93F847A11B7882E550ACD09A2C0B
SHA256:817FE0D96E96CCCEF7B6EC363FD8B7C83A8BC68F81EB12465BAB0A6ADF1D5953
3220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:643EB7F6FC11CF8822926DACFAAFFAED
SHA256:D9B11AE7FE98C0472AB7300739009293021A2F5F9974147FA17880AC5177B5BF
2200iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:006E2638D401C524A9915FCACCEEBC9F
SHA256:7A1768F759CDF21F05A94F76CBB38FBC61C94FCE44143D26CF371D34B2879BAE
2200iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:FC9664B6E095807A3733E8B3FA5DBC24
SHA256:FB7A8D318A64643868AFB65B3467A6032E8454528A53486B407E33143705187D
3220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:AE762EB8686D211AA0634A1FEE76C779
SHA256:6E57D317E820E20CA1E4477CB5B16AE17166C2D7FD9B0355E2C98827782600A3
2200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\fluidplayer[1].jstext
MD5:2FD35D23DB5057E5753CAF199EF2E296
SHA256:EF68E6639DA398FDC23B2B5C65A41D2C58E43A69CFCD7B7B51B1493FCEFE23D6
2200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\index[1].htmhtml
MD5:28FBB0C840CCE29B2BC1498C52FC294D
SHA256:D88145DD6E298AFACE5E3B5C9F00F47AB25CDF94915D1BAFB57050AFFE10575C
2200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\desktop[1].csstext
MD5:BB0CE2814D2C9B833F9D55A4B0C93A47
SHA256:3E5282AE9A7779A85C633A126FDF65C0BC9B0D51017D9F04146105A4EB99BCEA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
49
DNS requests
17
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2200
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2200
iexplore.exe
GET
200
142.250.184.227:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
2200
iexplore.exe
GET
200
142.250.184.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEH8SKh5qcwxcCgAAAAEvj7Q%3D
US
der
471 b
whitelisted
2200
iexplore.exe
GET
200
104.90.178.254:80
http://x1.c.lencr.org/
NL
der
717 b
whitelisted
3220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2200
iexplore.exe
GET
200
142.250.184.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
3220
iexplore.exe
GET
200
92.123.225.34:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e5f0d08207194a58
unknown
compressed
4.70 Kb
whitelisted
2200
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?5c586ee16adaf768
US
compressed
59.9 Kb
whitelisted
2200
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?51ffad07c0b4266d
US
compressed
59.9 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3220
iexplore.exe
92.123.225.34:80
ctldl.windowsupdate.com
Akamai International B.V.
malicious
2200
iexplore.exe
172.67.68.251:443
rule34.xxx
US
suspicious
2200
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3220
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2200
iexplore.exe
104.26.0.234:443
rule34.xxx
Cloudflare Inc
US
shared
2200
iexplore.exe
205.185.216.42:443
a.realsrv.com
Highwinds Network Group, Inc.
US
whitelisted
2200
iexplore.exe
142.250.184.227:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2200
iexplore.exe
104.16.95.65:443
static.cloudflareinsights.com
Cloudflare Inc
US
shared
2200
iexplore.exe
142.250.185.78:443
www.google-analytics.com
Google Inc.
US
whitelisted
2200
iexplore.exe
95.211.229.246:443
syndication.realsrv.com
LeaseWeb Netherlands B.V.
NL
suspicious

DNS requests

Domain
IP
Reputation
rule34.xxx
  • 104.26.0.234
  • 172.67.68.251
  • 104.26.1.234
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 92.123.225.34
  • 92.123.225.18
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
a.realsrv.com
  • 205.185.216.42
  • 205.185.216.10
whitelisted
img.rule34.xxx
  • 172.67.68.251
  • 104.26.0.234
  • 104.26.1.234
suspicious
static.cloudflareinsights.com
  • 104.16.95.65
  • 104.16.94.65
whitelisted
x1.c.lencr.org
  • 104.90.178.254
whitelisted
www.google-analytics.com
  • 142.250.185.78
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY DNS Query For XXX Adult Site Top Level Domain
Potential Corporate Privacy Violation
ET POLICY DNS Query For XXX Adult Site Top Level Domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://rule34.xxx/index.php?page=post&s=view&id=3472402