URL:

https://rule34.xxx/index.php?page=post&s=view&id=3472402

Full analysis: https://app.any.run/tasks/5adaeff4-9fff-41a2-9a95-6c937405625f
Verdict: Malicious activity
Analysis date: February 12, 2022, 16:08:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

210E0525D467825D2B987FC39F1BE25C

SHA1:

BE4410F6E39D369B687C7FCF6A8498086DC5598E

SHA256:

AC0B6563C11CB1B37ACFF9E004F15A435C7C0A0B01AFF252F19BE4C292D11BC0

SSDEEP:

3:N8mLddxGhHer3KkSUYWM:2mpd+Her6kSUI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2200)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3220)
      • iexplore.exe (PID: 2200)

    • Checks supported languages

      • iexplore.exe (PID: 2200)
      • iexplore.exe (PID: 3220)

    • Changes internet zones settings

      • iexplore.exe (PID: 3220)

    • Application launched itself

      • iexplore.exe (PID: 3220)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3220)
      • iexplore.exe (PID: 2200)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2200)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3220)
      • iexplore.exe (PID: 2200)

    • Creates files in the user directory

      • iexplore.exe (PID: 2200)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2200"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3220 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3220"C:\Program Files\Internet Explorer\iexplore.exe" "https://rule34.xxx/index.php?page=post&s=view&id=3472402"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
15
Text files
41
Unknown types
9

Dropped files

PID
Process
Filename
Type
3220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:
SHA256:
3220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:
SHA256:
3220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:
SHA256:
2200iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:
SHA256:
2200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\index[1].htmhtml
MD5:
SHA256:
3220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
3220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\fluidplayer[1].jstext
MD5:
SHA256:
2200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\r34chibi[1].pngimage
MD5:
SHA256:
2200iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\desktop[1].csstext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
49
DNS requests
17
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2200
iexplore.exe
GET
200
142.250.184.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
3220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2200
iexplore.exe
GET
200
142.250.184.227:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
2200
iexplore.exe
GET
200
142.250.184.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEH8SKh5qcwxcCgAAAAEvj7Q%3D
US
der
471 b
whitelisted
2200
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2200
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?51ffad07c0b4266d
US
compressed
59.9 Kb
whitelisted
3220
iexplore.exe
GET
200
92.123.225.34:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e5f0d08207194a58
unknown
compressed
4.70 Kb
whitelisted
3220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2200
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?5c586ee16adaf768
US
compressed
59.9 Kb
whitelisted
2200
iexplore.exe
GET
200
104.90.178.254:80
http://x1.c.lencr.org/
NL
der
717 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2200
iexplore.exe
104.26.0.234:443
rule34.xxx
Cloudflare Inc
US
shared
3220
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3220
iexplore.exe
92.123.225.34:80
ctldl.windowsupdate.com
Akamai International B.V.
malicious
3220
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2200
iexplore.exe
172.67.68.251:443
rule34.xxx
US
suspicious
2200
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2200
iexplore.exe
205.185.216.42:443
a.realsrv.com
Highwinds Network Group, Inc.
US
whitelisted
2200
iexplore.exe
104.16.95.65:443
static.cloudflareinsights.com
Cloudflare Inc
US
shared
2200
iexplore.exe
142.250.185.78:443
www.google-analytics.com
Google Inc.
US
whitelisted
2200
iexplore.exe
95.211.229.246:443
syndication.realsrv.com
LeaseWeb Netherlands B.V.
NL
suspicious

DNS requests

Domain
IP
Reputation
rule34.xxx
  • 104.26.0.234
  • 172.67.68.251
  • 104.26.1.234
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 92.123.225.34
  • 92.123.225.18
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
a.realsrv.com
  • 205.185.216.42
  • 205.185.216.10
whitelisted
img.rule34.xxx
  • 172.67.68.251
  • 104.26.0.234
  • 104.26.1.234
suspicious
static.cloudflareinsights.com
  • 104.16.95.65
  • 104.16.94.65
whitelisted
x1.c.lencr.org
  • 104.90.178.254
whitelisted
www.google-analytics.com
  • 142.250.185.78
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY DNS Query For XXX Adult Site Top Level Domain
Potential Corporate Privacy Violation
ET POLICY DNS Query For XXX Adult Site Top Level Domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://rule34.xxx/index.php?page=post&s=view&id=3472402