URL:

myprofessionalmail.com

Full analysis: https://app.any.run/tasks/1ae3f90a-42ff-47d7-8b3f-d2885b75407d
Verdict: Malicious activity
Analysis date: April 30, 2024, 17:43:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

DC1765D09872EB48D1C80B789589D241

SHA1:

FAD1862588DA72ED782AEB39725A34E6F1D6BB21

SHA256:

AE80E0E2FDE0AAB6BA2DFFAB5BD9D78FDA043B124A9EA075139D5FB3BAEBE712

SSDEEP:

3:h9KLQggKn:LXggKn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 1772)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1772)

    • Application launched itself

      • iexplore.exe (PID: 3996)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1772)

    • Connects to unusual port

      • iexplore.exe (PID: 4052)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1772"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3996"C:\Program Files\Internet Explorer\iexplore.exe" "myprofessionalmail.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4052"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3996 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
15 107
Read events
14 969
Write events
95
Delete events
43

Modification events

(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31103781
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
194900278
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31103782
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
21
Text files
26
Unknown types
6

Dropped files

PID
Process
Filename
Type
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26binary
MD5:46D55A9ED02307AEF50B728E9F497B42
SHA256:B8AC9315B77B62873880D8AC55D396B09A1936313D2246C8CD63FBC449903279
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562binary
MD5:88F873874856DFF8D5A5500F3999C40A
SHA256:BA574264302D1864B8BC5846CD697DE6520F73C4EAA7893414D494A4BAB4A825
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\819A9644B0E5C7B9B12807621FBB52FD_7F8FE58969AC2C6816A0DD69B6378DF1binary
MD5:14EB1E2DAE618A8C571738102C761C7F
SHA256:0578C162BC3A894643B834755EFB3015D610B058943DF262A8500E37CEC45AE7
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\819A9644B0E5C7B9B12807621FBB52FD_7F8FE58969AC2C6816A0DD69B6378DF1der
MD5:3B3C1EC39E1AEC16D3FBB727DB6B1FA1
SHA256:69211A8C5B2F27630029539BA5E2CA4C492A04DA2883C24273BDCFBF42966CF9
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:974C17F9452F9351B0FFA1FBD3FDEB23
SHA256:6E86E1543C2C6044B3FC2BFC3ADD6BF356FBD64D5CF2D37A9CB4FAB0E13554F7
4052iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\12-cf29d8fb90cc6d47[1].jstext
MD5:731DBBC38EF302BA76FA4B9D1A2EA72A
SHA256:C4D7EE5AE540E7EF8B4A6ADAFC94F07D20077737E788EEBBA5CB006465BD8D1B
4052iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\framework-a0c46ad6a3b8da13[1].jstext
MD5:DBB892502BCEE0C165C037C8810FF22D
SHA256:00312B2C4C33720DA7AB1D92BF1134BC76E038247E9CE12109A6D8B29F519E4F
4052iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\webpack-917488ef600676ac[1].jsbinary
MD5:3A7E46652CB46899E4E970DC20571537
SHA256:C72A888C7FA89936133CDEBB9A2850DCC4762234A02255AB42666E0079E3901B
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562binary
MD5:23BFE55BCEE49765CA7AAF86F21D6CB4
SHA256:C0FDC6A6F8913F75C719220C4A34A0E4E7A3788A1BCEB8A4281B46333F0EF08C
4052iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\uxcore2.min[1].csstext
MD5:B2B4F015B4E7EB5A7730BCAD24929852
SHA256:A7CD1BBA025DD4DD612CBFD1641E4292152A04E2EBBF6AF5BCD7B4A5EEEFE037
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
34
DNS requests
17
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3996
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c21588876f974d24
unknown
unknown
3996
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8644b833ad892dd7
unknown
unknown
3996
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
4052
iexplore.exe
GET
302
45.40.130.41:80
http://myprofessionalmail.com/
unknown
unknown
4052
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0eb42db1385d6a0b
unknown
unknown
4052
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.starfieldtech.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D
unknown
unknown
4052
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.starfieldtech.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM%2BuArAQUJUWBaFAmOD07LSy%2BzWrZtj2zZmMCCDsgTJYOhqod
unknown
unknown
4052
iexplore.exe
GET
200
92.123.17.153:80
http://x1.c.lencr.org/
unknown
unknown
4052
iexplore.exe
GET
200
95.101.54.123:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPRHDLFeEk0asf7D1lcrLQNeQ%3D%3D
unknown
unknown
3996
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
4052
iexplore.exe
45.40.130.41:80
myprofessionalmail.com
AS-26496-GO-DADDY-COM-LLC
US
unknown
4052
iexplore.exe
45.40.130.41:443
myprofessionalmail.com
AS-26496-GO-DADDY-COM-LLC
US
unknown
4052
iexplore.exe
173.222.108.210:80
ctldl.windowsupdate.com
Akamai International B.V.
CH
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
4052
iexplore.exe
192.124.249.23:80
ocsp.starfieldtech.com
SUCURI-SEC
US
unknown
4052
iexplore.exe
23.60.204.71:443
sso.secureserver.net
AKAMAI-AS
DE
unknown
4052
iexplore.exe
2.19.96.248:443
img6.wsimg.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
myprofessionalmail.com
  • 45.40.130.41
  • 45.40.130.40
  • 45.40.140.6
unknown
ctldl.windowsupdate.com
  • 173.222.108.210
  • 173.222.108.147
whitelisted
ocsp.starfieldtech.com
  • 192.124.249.23
  • 192.124.249.36
  • 192.124.249.24
  • 192.124.249.22
  • 192.124.249.41
whitelisted
sso.secureserver.net
  • 23.60.204.71
malicious
img6.wsimg.com
  • 2.19.96.248
  • 2.19.96.192
  • 2.19.96.153
  • 2.19.96.208
whitelisted
unpkg.com
  • 104.17.246.203
  • 104.17.247.203
  • 104.17.248.203
  • 104.17.249.203
  • 104.17.245.203
whitelisted
ocsp.pki.goog
  • 216.58.206.67
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.20.142.154
  • 2.20.142.180
  • 92.122.215.65
  • 2.20.142.251
  • 92.122.215.57
  • 2.20.142.187
  • 92.122.215.60
  • 2.20.142.3
  • 92.122.215.53
whitelisted
cca039482a104d5d9b04bd2e20f6bb64.apm.us-west-2.aws.found.io
  • 44.232.228.214
  • 54.212.23.110
  • 52.26.59.44
unknown

Threats

PID
Process
Class
Message
4052
iexplore.exe
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
myprofessionalmail.com