analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

index.html

Full analysis: https://app.any.run/tasks/4c3d52d2-3f45-493e-835b-6560baf56e4f
Verdict: Malicious activity
Analysis date: September 30, 2020, 00:42:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines
MD5:

51C2EDF06F580CB5DAF53BAA473CFB0A

SHA1:

18B8CD0474542F8B0E44E6EC05D434C8468F3359

SHA256:

AF4BA045D7F421AF925A2FDE37744A4C50CA75D75559034A4A19CA603E08B439

SSDEEP:

768:rs2jnwGXibzbw69ITy2CQyC6xTvg8y8wWnAK9MlKc99h2Ga:hjnNabw69ITy2K1y8NAkI9ha

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2524)
      • chrome.exe (PID: 2548)
      • iexplore.exe (PID: 2120)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2120)
      • iexplore.exe (PID: 2796)

    • Application launched itself

      • iexplore.exe (PID: 2120)
      • iexplore.exe (PID: 2524)
      • chrome.exe (PID: 2592)

    • Changes internet zones settings

      • iexplore.exe (PID: 2120)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2524)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2524)
      • iexplore.exe (PID: 2120)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2524)
      • iexplore.exe (PID: 2120)

    • Manual execution by user

      • chrome.exe (PID: 2592)

    • Reads the hosts file

      • chrome.exe (PID: 2548)
      • chrome.exe (PID: 2592)

    • Modifies the open verb of a shell class

      • chrome.exe (PID: 2592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
57
Monitored processes
20
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2120"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2524"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2120 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2796"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2120 CREDAT:333057 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2592"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1748"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f32a9d0,0x6f32a9e0,0x6f32a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2840"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2656 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1948"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1008,10170420689823085850,16398012589171326816,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6923872745085847770 --mojo-platform-channel-handle=1024 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2548"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1008,10170420689823085850,16398012589171326816,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=8579962147081210429 --mojo-platform-channel-handle=1668 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2976"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,10170420689823085850,16398012589171326816,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15854091295034973598 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
864"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,10170420689823085850,16398012589171326816,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16542257152238344818 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
1 299
Read events
1 093
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
43
Text files
79
Unknown types
21

Dropped files

PID
Process
Filename
Type
2524iexplore.exeC:\Users\admin\AppData\Local\Temp\Cab7CFA.tmp
MD5:
SHA256:
2524iexplore.exeC:\Users\admin\AppData\Local\Temp\Tar7CFB.tmp
MD5:
SHA256:
2120iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\rollup-slack_kit_helpers[1].csstext
MD5:E9AA1BF3C1F217C869EDBDDA0D037854
SHA256:46B2BB0C6DF12FB2EEFBC197514F06D5B270487777E20116C14BADE59A7CBE58
2524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\lato-2-compressed[1].csstext
MD5:12994414D19665036D8C7686668D4E21
SHA256:74EC7945ECD350A05739CF89E571BECC1CDC58D8641D08F99055E3FDEB62C962
2524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\rollup-plastic[1].csstext
MD5:A42039EA12D917E8670F77FF9515982A
SHA256:514987BC5FAF70F6F61413186702207FD193CF31A24015BCF64CE186904FDB4A
2524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\webpack.manifest.f280be243c69dc13279c.min[1].jstext
MD5:449C2B60685599B4B0A35CCFA2265306
SHA256:0A0F566612D44754169E6798DE76EF0FDC8FC0F75AE5A6C7AD3720066F555D35
2524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\footer[1].csstext
MD5:8F75E537CE893D97A47E02117E972B7D
SHA256:4B620A26C7DE6683444E26C937FF7BF5A1C257C192064A3FB402BFFE64DAAF54
2524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\sticky_nav[1].csstext
MD5:0AAF4FB3209AED24A129DB33A14A8ED0
SHA256:E4BDCD52C45EF668377FFA7C4E5694D48431C8DC91EFE29566C8E4DC9AC328C1
2524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\application.fa79de3.min[1].csstext
MD5:8372D2E7722B09FBFA15B493D54BA064
SHA256:8440D68404745249A6EE608B83AAC523EFA577FD49C8988B315E84903F0AEA86
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
42
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1052
svchost.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2524
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
2548
chrome.exe
GET
302
13.111.134.188:80
http://click.email.slackhq.com/?qs=e42476ab93a1b4b81acd10787d11288c45a3452304af6a6729a8ffcf181c14498c254135009e082ac6feffa65a92227d3b8f570ab6546499
US
html
247 b
suspicious
2120
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2120
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2120
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2120
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2524
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2548
chrome.exe
172.217.22.99:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2548
chrome.exe
172.217.18.109:443
accounts.google.com
Google Inc.
US
suspicious
2120
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2548
chrome.exe
172.217.18.100:443
www.google.com
Google Inc.
US
whitelisted
2548
chrome.exe
172.217.22.10:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2524
iexplore.exe
143.204.201.80:443
a.slack-edge.com
US
malicious
2548
chrome.exe
172.217.23.99:443
fonts.gstatic.com
Google Inc.
US
whitelisted
2548
chrome.exe
216.58.205.227:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2548
chrome.exe
13.111.134.188:80
click.email.slackhq.com
US
suspicious

DNS requests

Domain
IP
Reputation
a.slack-edge.com
  • 143.204.201.80
  • 143.204.201.56
  • 143.204.201.24
  • 143.204.201.105
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
clientservices.googleapis.com
  • 172.217.22.99
whitelisted
accounts.google.com
  • 172.217.18.109
shared
www.google.com
  • 172.217.18.100
whitelisted
fonts.gstatic.com
  • 172.217.23.99
whitelisted
fonts.googleapis.com
  • 172.217.22.10
whitelisted
clients2.google.com
  • 172.217.16.142
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html