URL:

https://trk.mail.ru/c/zzm979

Full analysis: https://app.any.run/tasks/38ab4b1c-201d-4edb-80f1-9af274db8f6c
Verdict: Malicious activity
Analysis date: October 19, 2023, 08:18:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

CA98A5D10BF6EB1550112AD1F5B2C3D07DC6E06D

SHA256:

B2BE8CDFFEFA3FD0C0B18EC33528A7B1101EA8CB00BEA709F6D4AEDF2B3557F2

SSDEEP:

3:N8fkhKfgg:2X4g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3852)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3852 CREDAT:3085582 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sechost.dll
3124"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3852 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3728"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3852 CREDAT:4003114 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3852"C:\Program Files\Internet Explorer\iexplore.exe" "https://trk.mail.ru/c/zzm979"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
35 681
Read events
35 554
Write events
123
Delete events
4

Modification events

(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000056010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
0
Suspicious files
61
Text files
160
Unknown types
0

Dropped files

PID
Process
Filename
Type
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_77EBB02497FB930F7932BE0CDFE874FBbinary
MD5:69F4348FF8721E935537C9548517DA0E
SHA256:F9912BDFCC91E24787081F1763DFBA745A495C753664A33F07CDCF4D3DA9A7DC
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:5BB4A2B054B962512FF5322E6C64E145
SHA256:F27F4161AF3185CBDB3EA7AF9B7C12E0927D8243F70E81CF683E8705C7FBCD8D
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\049D3D85056AD390C4B82155F9E8EBEFbinary
MD5:F9D7E3DB72921B60BF8D6DA1AA8D8592
SHA256:A620CD885CE6E6D7C0C85302445AB236EAC4CB3FE9A7F52899827919D5168441
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6ADA00164461CEA9AED8BB2953BE83C1binary
MD5:8751B2E67693525AC5359D7751960537
SHA256:FB396CF78F48DF0A9AB859AEE41087B3DC95090060711CB3C10E5739F00135AD
3124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\login[1].htmhtml
MD5:88D9EDA074CB0BEF436628DD3124D7A6
SHA256:B29F84E5ABF86F9FFB90BD9A5AFA622FB91F54FEE1ADA4D085650FAB814EDD34
3124iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TRRNFM8P.txttext
MD5:8F7D259D1C3C98D8ABA881AAD74B47D0
SHA256:F1B74A6157AA2A6587260AF8D25DA5BB4AA43CE2B49726BCC82C358DC2E9673B
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3binary
MD5:2DEC6460F938C77EE79B1E143F0EBF7E
SHA256:5777B32893828091A7F19BDC13A9D86C251148A6C42EAB6EFC2C8ED37A40061B
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\049D3D85056AD390C4B82155F9E8EBEFbinary
MD5:356430E357A96004AE89F73386F85CC3
SHA256:392C8A8C13F80DFF5E0E48EFC5C0B2C46E9493A3AB92353E951674582030DB4F
3124iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\30XP4LUY.txttext
MD5:9DDB39CE7662CB55A7A5E256A5E019E0
SHA256:94E789A84F7EE044F768232E6C43BB13AEE8E25D6077D642DD464CD32F74E38A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
111
DNS requests
42
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
binary
1.41 Kb
unknown
3124
iexplore.exe
GET
200
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8f869686e34b7eef
unknown
compressed
4.66 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDBksL6WS6vFZbfrY%2Fw%3D%3D
unknown
binary
1.40 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDFZ43noMCcDUxwQLHw%3D%3D
unknown
binary
1.40 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyI%2BPTVbmSvIKrQ%3D
unknown
binary
1.40 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D
unknown
binary
1.25 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDGjRvF%2B%2BIdboUy%2Byxw%3D%3D
unknown
binary
939 b
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
unknown
binary
1.40 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDAHEzfkIhtdN293xvg%3D%3D
unknown
binary
1.40 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDFwPfOXcb9eOnCF9aQ%3D%3D
unknown
binary
1.40 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
3124
iexplore.exe
95.163.41.56:443
rs.mail.ru
LLC VK
RU
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
3124
iexplore.exe
95.140.236.0:80
ctldl.windowsupdate.com
LLNW
US
whitelisted
3124
iexplore.exe
104.18.20.226:80
ocsp.globalsign.com
CLOUDFLARENET
shared
3124
iexplore.exe
217.69.139.215:443
e.mail.ru
LLC VK
RU
unknown
3124
iexplore.exe
217.69.139.61:443
account.mail.ru
LLC VK
RU
unknown
2656
svchost.exe
239.255.255.250:1900
whitelisted
3124
iexplore.exe
217.69.140.45:443
stat.radar.imgsmail.ru
LLC VK
RU
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 95.140.236.0
  • 178.79.242.128
whitelisted
ocsp.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
ocsp2.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
e.mail.ru
  • 217.69.139.215
  • 94.100.180.216
  • 217.69.139.216
  • 94.100.180.215
unknown
account.mail.ru
  • 217.69.139.61
  • 94.100.180.61
unknown
stat.radar.imgsmail.ru
  • 217.69.140.45
whitelisted
light.mail.ru
  • 217.69.139.216
  • 94.100.180.215
  • 217.69.139.215
  • 94.100.180.216
unknown
imgs2.imgsmail.ru
  • 5.181.61.0
unknown
r.mradx.net
  • 95.163.52.80
whitelisted
rs.mail.ru
  • 95.163.41.56
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://trk.mail.ru/c/zzm979