analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://microsoftsharefile365.myportfolio.com/

Full analysis: https://app.any.run/tasks/dee733c8-d837-4d86-ac61-3cb0dc0b9ccf
Verdict: Malicious activity
Analysis date: May 20, 2022, 17:30:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

12269ECB23DF2A2ABC8C75CBA55C7C55

SHA1:

764B72BFF610EB574E73B2CF97BD34995A83C9C0

SHA256:

AC375BE5C41315FD8B1F613B62CE2BECFDBF1E283BD2D6ACD93A7CAAB0740D98

SSDEEP:

3:N8aYwNLMCLIcgs/GTK:21wpMCqGGTK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2900)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 952)
      • iexplore.exe (PID: 2900)
    • Checks supported languages

      • iexplore.exe (PID: 2900)
      • iexplore.exe (PID: 952)
    • Changes internet zones settings

      • iexplore.exe (PID: 952)
    • Application launched itself

      • iexplore.exe (PID: 952)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2900)
      • iexplore.exe (PID: 952)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 952)
      • iexplore.exe (PID: 2900)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2900)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
952"C:\Program Files\Internet Explorer\iexplore.exe" "https://microsoftsharefile365.myportfolio.com/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2900"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:952 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
12 160
Read events
12 049
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
6
Text files
14
Unknown types
6

Dropped files

PID
Process
Filename
Type
2900iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:2944F609E0C181BF167F24DDEC5E50A2
SHA256:0AE80428578FFA25D99C18138A83564AA1FF22E036E8BBAA4A4F05C49BA349D3
2900iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04der
MD5:3CBF71B4678EC98888BEA333DF6BDAD7
SHA256:A16CB040948C7F3883FEA14B83A8BE2FD35994B2F0AEEA6285B59B14B41E6749
2900iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\6B01GM44.htmhtml
MD5:0ABD34AAEC37A422164BEF61ECF84697
SHA256:429A4543A074CD40CA45063C68FF6961FA02265D896B5B9668F58882A7EF4661
2900iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\WNKJW2AN.jstext
MD5:7B4BD52903989B23E62A1C1204F73C03
SHA256:623949AFAEE6604FF66C58559FE0FE806B2284E774682C1E35B135E2A5F1EFE4
2900iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_42D518C245FE7F2F9F026AD6DD212548der
MD5:40406641622C0737C5C7700B5751D6E5
SHA256:B67CC9464C7A6EB5AF69A416A73E6FD1DDE26094CE2FD3DC9881C644C7222803
2900iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:871C0FB5D8A03EF8DACD4667333D5CC5
SHA256:7ED53EFDB90A6495F3E5AFE19FF408E4F98E7AD3BCA9FD17C8AB64E4690F1D93
2900iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_42D518C245FE7F2F9F026AD6DD212548binary
MD5:5C9D0762FC47C5378615C5F79C718B24
SHA256:3A76D563736219B0E15EE3CA2A5E6B81FBE995142C48215859F019995B27141A
2900iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\c24262c6ec204a7182f69a2a6e164e6e1652803051[1].csstext
MD5:B13A47C0811DFCCFA7385E42EAEBF982
SHA256:170B65365CE1E1E6CAD8D3D7C3D1787A85AAFF22CA99174B414074FBFC802ECE
2900iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
2900iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\p[1].gifimage
MD5:81144D75B3E69E9AA2FA3E9D83A64D03
SHA256:9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
36
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
952
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2900
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHophRq39F1meVBmQbb%2F1x0%3D
US
der
1.40 Kb
whitelisted
2900
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
2900
iexplore.exe
GET
200
23.216.77.69:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?83f5c6b9093773f4
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2900
iexplore.exe
151.101.2.133:443
cdn.myportfolio.com
Fastly
US
malicious
2900
iexplore.exe
184.24.77.144:443
use.typekit.net
Time Warner Cable Internet LLC
US
suspicious
952
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2900
iexplore.exe
151.101.0.119:443
microsoftsharefile365.myportfolio.com
Fastly
US
malicious
2900
iexplore.exe
23.216.77.69:80
ctldl.windowsupdate.com
NTT DOCOMO, INC.
US
suspicious
2900
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2900
iexplore.exe
162.247.243.147:443
bam-cell.nr-data.net
New Relic
US
unknown
2900
iexplore.exe
104.18.21.226:80
ocsp2.globalsign.com
Cloudflare Inc
US
shared
2900
iexplore.exe
184.24.77.146:443
p.typekit.net
Time Warner Cable Internet LLC
US
suspicious
2900
iexplore.exe
151.101.64.119:443
microsoftsharefile365.myportfolio.com
Fastly
US
malicious

DNS requests

Domain
IP
Reputation
microsoftsharefile365.myportfolio.com
  • 151.101.0.119
  • 151.101.64.119
  • 151.101.128.119
  • 151.101.192.119
malicious
ctldl.windowsupdate.com
  • 23.216.77.69
  • 23.216.77.80
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
cdn.myportfolio.com
  • 151.101.2.133
  • 151.101.66.133
  • 151.101.130.133
  • 151.101.194.133
whitelisted
use.typekit.net
  • 184.24.77.144
  • 184.24.77.156
whitelisted
js-agent.newrelic.com
  • 151.101.2.137
  • 151.101.66.137
  • 151.101.130.137
  • 151.101.194.137
whitelisted
ocsp2.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
p.typekit.net
  • 184.24.77.146
  • 184.24.77.154
shared

Threats

No threats detected
No debug info