URL:

myprofessionalmail.com

Full analysis: https://app.any.run/tasks/1ae3f90a-42ff-47d7-8b3f-d2885b75407d
Verdict: Malicious activity
Analysis date: April 30, 2024, 17:43:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

DC1765D09872EB48D1C80B789589D241

SHA1:

FAD1862588DA72ED782AEB39725A34E6F1D6BB21

SHA256:

AE80E0E2FDE0AAB6BA2DFFAB5BD9D78FDA043B124A9EA075139D5FB3BAEBE712

SSDEEP:

3:h9KLQggKn:LXggKn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Connects to unusual port

      • iexplore.exe (PID: 4052)

    • Application launched itself

      • iexplore.exe (PID: 3996)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1772)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1772)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1772)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1772"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3996"C:\Program Files\Internet Explorer\iexplore.exe" "myprofessionalmail.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4052"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3996 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
15 107
Read events
14 969
Write events
95
Delete events
43

Modification events

(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31103781
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
194900278
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31103782
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3996) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
21
Text files
26
Unknown types
6

Dropped files

PID
Process
Filename
Type
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\819A9644B0E5C7B9B12807621FBB52FD_7F8FE58969AC2C6816A0DD69B6378DF1der
MD5:3B3C1EC39E1AEC16D3FBB727DB6B1FA1
SHA256:69211A8C5B2F27630029539BA5E2CA4C492A04DA2883C24273BDCFBF42966CF9
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:974C17F9452F9351B0FFA1FBD3FDEB23
SHA256:6E86E1543C2C6044B3FC2BFC3ADD6BF356FBD64D5CF2D37A9CB4FAB0E13554F7
4052iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBX7AHFJ.txttext
MD5:A5F62A3BF538C636B99A7214936C6D3D
SHA256:40F2C9CB957A382859552FAA50753F9FC3C1CFD87096F0F9C7975422F3BAFBC3
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562binary
MD5:23BFE55BCEE49765CA7AAF86F21D6CB4
SHA256:C0FDC6A6F8913F75C719220C4A34A0E4E7A3788A1BCEB8A4281B46333F0EF08C
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26binary
MD5:659BEE862785C47450648E91B68A5B81
SHA256:A81B353B318579C3853C77630A5F78BE4738F8BC2FBEE5FE4805157FF960CCC8
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\819A9644B0E5C7B9B12807621FBB52FD_7F8FE58969AC2C6816A0DD69B6378DF1binary
MD5:14EB1E2DAE618A8C571738102C761C7F
SHA256:0578C162BC3A894643B834755EFB3015D610B058943DF262A8500E37CEC45AE7
4052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562binary
MD5:88F873874856DFF8D5A5500F3999C40A
SHA256:BA574264302D1864B8BC5846CD697DE6520F73C4EAA7893414D494A4BAB4A825
4052iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\FFZPFXGS.txttext
MD5:6B9295FBDBF049180E7DFC1CA6588062
SHA256:F95E771CC193859E87DF2D0698BF771BE39907434141215CBA3C266A99B1569A
4052iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\95c2f81e5812e203[1].csstext
MD5:798AACB1FF37348B6F7BFBB362FB7BCD
SHA256:565515D221BE71BE8857E7865E473279A4524F76F312DCB4F3A5851BCE1420F5
4052iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\login[1].htmhtml
MD5:CCAD2A37633C7BD1465B2610E6401C24
SHA256:729357BE5E57FCE2D876EB63DC854183B2C58ADF9DBFF594C8AD1215890C46A3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
34
DNS requests
17
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4052
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0eb42db1385d6a0b
CH
unknown
4052
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.starfieldtech.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM%2BuArAQUJUWBaFAmOD07LSy%2BzWrZtj2zZmMCCDsgTJYOhqod
US
binary
2.10 Kb
unknown
4052
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
binary
1.41 Kb
unknown
4052
iexplore.exe
GET
302
45.40.130.41:80
http://myprofessionalmail.com/
US
html
215 b
unknown
3996
iexplore.exe
GET
304
173.222.108.210:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8644b833ad892dd7
CH
unknown
4052
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
US
binary
724 b
unknown
4052
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.starfieldtech.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA%3D%3D
US
binary
2.01 Kb
unknown
4052
iexplore.exe
GET
200
95.101.54.123:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPRHDLFeEk0asf7D1lcrLQNeQ%3D%3D
DE
binary
503 b
unknown
3996
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
unknown
3996
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
US
binary
313 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
4052
iexplore.exe
45.40.130.41:80
myprofessionalmail.com
AS-26496-GO-DADDY-COM-LLC
US
unknown
4052
iexplore.exe
45.40.130.41:443
myprofessionalmail.com
AS-26496-GO-DADDY-COM-LLC
US
unknown
4052
iexplore.exe
173.222.108.210:80
ctldl.windowsupdate.com
Akamai International B.V.
CH
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
4052
iexplore.exe
192.124.249.23:80
ocsp.starfieldtech.com
SUCURI-SEC
US
unknown
4052
iexplore.exe
23.60.204.71:443
sso.secureserver.net
AKAMAI-AS
DE
unknown
4052
iexplore.exe
2.19.96.248:443
img6.wsimg.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
myprofessionalmail.com
  • 45.40.130.41
  • 45.40.130.40
  • 45.40.140.6
unknown
ctldl.windowsupdate.com
  • 173.222.108.210
  • 173.222.108.147
whitelisted
ocsp.starfieldtech.com
  • 192.124.249.23
  • 192.124.249.36
  • 192.124.249.24
  • 192.124.249.22
  • 192.124.249.41
whitelisted
sso.secureserver.net
  • 23.60.204.71
malicious
img6.wsimg.com
  • 2.19.96.248
  • 2.19.96.192
  • 2.19.96.153
  • 2.19.96.208
whitelisted
unpkg.com
  • 104.17.246.203
  • 104.17.247.203
  • 104.17.248.203
  • 104.17.249.203
  • 104.17.245.203
whitelisted
ocsp.pki.goog
  • 216.58.206.67
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.20.142.154
  • 2.20.142.180
  • 92.122.215.65
  • 2.20.142.251
  • 92.122.215.57
  • 2.20.142.187
  • 92.122.215.60
  • 2.20.142.3
  • 92.122.215.53
whitelisted
cca039482a104d5d9b04bd2e20f6bb64.apm.us-west-2.aws.found.io
  • 44.232.228.214
  • 54.212.23.110
  • 52.26.59.44
unknown

Threats

PID
Process
Class
Message
4052
iexplore.exe
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
myprofessionalmail.com