URL:

fantastic-lily-2a36b5.netlify.app

Full analysis: https://app.any.run/tasks/169cfe98-4309-4ea0-a77f-9bfff572e324
Verdict: Malicious activity
Analysis date: October 30, 2023, 16:31:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
phishing
Indicators:
SHA1:

24142720740F199A4910A714EAE60B8BD6478CE3

SHA256:

ACEDE06427656ADA26DAC577269D44C20FB05FA4CF426D58EFB356F76E7FC858

SSDEEP:

3:6qGDxQ/AacQ:GDKdH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3828)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3148"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3828 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3828"C:\Program Files\Internet Explorer\iexplore.exe" "fantastic-lily-2a36b5.netlify.app"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
16 540
Read events
16 429
Write events
109
Delete events
2

Modification events

(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3828) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
50
Text files
34
Unknown types
0

Dropped files

PID
Process
Filename
Type
3148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:23F8D9F8710827F9FBF48D99CF31CFDC
SHA256:AE6DC64FD00509147BC2AF4D4439476A0DD9FE02C5062490E5AC6D456EF9D5C5
3148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_C37035B57D12BC5A8CC6DAA7D402E8E8binary
MD5:91F5D660AFCE8393821EA47A28D030B7
SHA256:365C22C679507E279083C9471ED2F6861889005034D5BE44DB7ED1342A8F6E99
3148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:EEA81941F0142F3D83D9E88887022DE4
SHA256:39CE1BE47C095EBA28014B4608ED927A826BBFCEBD26B85AB20A481E263B8597
3148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565binary
MD5:0DBC8BB3F2FF6C6BDECA1A4FECD74A99
SHA256:20D9B0C248E68FD980F4464B8CAE72B9D95E0725A937C6AC2F4FCE5F2339AD11
3148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565binary
MD5:D348D9528D4AF44FDD6FEDDF668E1902
SHA256:EC1394F4C864ED9E9D06969DF6DB1B2A41A4F6B6CB8927F9195BCCA0E0B3B66D
3148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\asset.69ebff92[1].csstext
MD5:FA477624437EE610DD513735039F6995
SHA256:89F53BC483B572EA908C4085D0393231669B7EFAC0212D5AFB9DD5B8B7FCA9EE
3148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:AC89A852C2AAA3D389B2D2DD312AD367
SHA256:0B720E19270C672F9B6E0EC40B468AC49376807DE08A814573FE038779534F45
3148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_C37035B57D12BC5A8CC6DAA7D402E8E8binary
MD5:180FCFD312D8B5FF4DAF807B97AF7599
SHA256:04A2EC1E9A4A04AE4103E89222B10A55C4015A32F134738910B39B0784CEEA78
3148iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\Nylas-Logo_Horizontal-Blue[1].pngimage
MD5:58DBC8E77A0D3B9ED99D952E403F1F60
SHA256:CB95B7E706B469C758B08680F1691D1EAAD118201CF05F24C06B8C7B450A0072
3148iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:91B2EC574F54F95EFC4947DE63DA944E
SHA256:0024E1D5150ED157F981C10B0255B6DDE23F46C1737B2D4BB6A4EDAFDDF7282C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
45
DNS requests
19
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3148
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ab9eb2291d8ac70b
unknown
compressed
4.66 Kb
3148
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAJaYQ9Y64TxrVOuA9yphHo%3D
unknown
binary
312 b
3148
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ab121734c4c30a79
unknown
compressed
4.66 Kb
3148
iexplore.exe
GET
200
172.217.169.99:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
3148
iexplore.exe
GET
200
172.217.169.99:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
3148
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D
unknown
binary
471 b
3148
iexplore.exe
GET
200
172.217.169.99:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGAy%2Fdiu84vFCW7%2FIayIdNI%3D
unknown
binary
471 b
3148
iexplore.exe
GET
200
172.217.169.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD7sOzyktkpRxLA2LxQNXtU
unknown
binary
472 b
3148
iexplore.exe
GET
200
172.217.169.99:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEDiqPgG5QpuyCQrl9PBuZos%3D
unknown
binary
471 b
3148
iexplore.exe
GET
200
172.217.169.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDXjiTYwV9zDBJXr%2BzP1lEY
unknown
binary
472 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
unknown
3148
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
3148
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
3148
iexplore.exe
3.70.101.28:443
AMAZON-02
DE
unknown
3148
iexplore.exe
142.251.140.10:443
fonts.googleapis.com
GOOGLE
US
unknown
3148
iexplore.exe
172.217.169.99:80
ocsp.pki.goog
GOOGLE
US
unknown
3148
iexplore.exe
142.250.187.131:443
fonts.gstatic.com
GOOGLE
US
unknown
3148
iexplore.exe
172.217.17.110:443
www.youtube.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 209.197.3.8
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
fonts.googleapis.com
  • 142.251.140.10
unknown
ocsp.pki.goog
  • 172.217.169.99
unknown
fonts.gstatic.com
  • 142.250.187.131
unknown
www.youtube.com
  • 172.217.17.110
  • 172.217.17.142
  • 172.217.20.78
  • 216.58.212.14
  • 216.58.212.46
  • 216.58.213.110
  • 142.251.140.14
  • 142.251.140.46
  • 142.251.140.78
  • 142.251.141.46
  • 172.217.17.238
  • 216.58.214.142
  • 142.250.184.142
  • 142.250.187.110
  • 142.250.187.142
  • 142.250.187.174
unknown
googleads.g.doubleclick.net
  • 142.250.187.130
unknown
static.doubleclick.net
  • 142.250.187.102
unknown
jnn-pa.googleapis.com
  • 172.217.17.138
  • 172.217.20.74
  • 216.58.212.10
  • 216.58.212.42
  • 216.58.213.106
  • 142.251.140.10
  • 142.251.140.42
  • 142.251.140.74
  • 142.251.141.42
  • 172.217.169.106
  • 172.217.169.138
  • 172.217.169.170
  • 172.217.169.202
  • 142.250.184.138
  • 142.250.187.106
  • 142.250.187.138
unknown
www.google.com
  • 142.251.140.4
unknown

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
ET HUNTING Suspicious Netlify Hosted DNS Request - Possible Phishing Landing
Possible Social Engineering Attempted
ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
Possible Social Engineering Attempted
ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
Possible Social Engineering Attempted
ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
Possible Social Engineering Attempted
ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
Possible Social Engineering Attempted
ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
Possible Social Engineering Attempted
ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
fantastic-lily-2a36b5.netlify.app