URL:

https://trk.mail.ru/c/zzm979

Full analysis: https://app.any.run/tasks/38ab4b1c-201d-4edb-80f1-9af274db8f6c
Verdict: Malicious activity
Analysis date: October 19, 2023, 08:18:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

CA98A5D10BF6EB1550112AD1F5B2C3D07DC6E06D

SHA256:

B2BE8CDFFEFA3FD0C0B18EC33528A7B1101EA8CB00BEA709F6D4AEDF2B3557F2

SSDEEP:

3:N8fkhKfgg:2X4g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3852)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3852 CREDAT:3085582 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sechost.dll
3124"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3852 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3728"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3852 CREDAT:4003114 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3852"C:\Program Files\Internet Explorer\iexplore.exe" "https://trk.mail.ru/c/zzm979"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
35 681
Read events
35 554
Write events
123
Delete events
4

Modification events

(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000056010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3852) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
0
Suspicious files
61
Text files
160
Unknown types
0

Dropped files

PID
Process
Filename
Type
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:42AC749DEFB6A50810D802D93E7F174B
SHA256:E5F1208F72A7EDADBED5538BDF66D52530A37ED63CFBE96749E9A9A4382E7E61
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:5BB4A2B054B962512FF5322E6C64E145
SHA256:F27F4161AF3185CBDB3EA7AF9B7C12E0927D8243F70E81CF683E8705C7FBCD8D
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:B5F44EFB9FD71E7363D1254C780E86CB
SHA256:368BE43E4260ADE288D69CB57C2DD0811A7124F0AA7E122F0AE6E6F59EFE5851
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_77EBB02497FB930F7932BE0CDFE874FBbinary
MD5:9D7CA8B863432F64429662FB770E2E4A
SHA256:1CDAE967C56B384D640DD99DD9EEA0DF46B063E3F383BFCDF8EFBEA3F4A9A927
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046binary
MD5:43D4EF4236B3C83C9264D089C3AD1DA8
SHA256:C8D66F71643F83B6FE590F5B504E6DD264503B48BBA2D45653B4950617E0DC00
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3binary
MD5:2DEC6460F938C77EE79B1E143F0EBF7E
SHA256:5777B32893828091A7F19BDC13A9D86C251148A6C42EAB6EFC2C8ED37A40061B
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\049D3D85056AD390C4B82155F9E8EBEFbinary
MD5:F9D7E3DB72921B60BF8D6DA1AA8D8592
SHA256:A620CD885CE6E6D7C0C85302445AB236EAC4CB3FE9A7F52899827919D5168441
3124iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\W30AQL4N.txttext
MD5:7F85419282453612CC2525BB3FCE8AC0
SHA256:DA606EA0908940FF6829657E4D69172A75BC95F0C12103FBD9CAEB3A0E117E82
3124iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\30XP4LUY.txttext
MD5:9DDB39CE7662CB55A7A5E256A5E019E0
SHA256:94E789A84F7EE044F768232E6C43BB13AEE8E25D6077D642DD464CD32F74E38A
3124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\login[1].htmhtml
MD5:88D9EDA074CB0BEF436628DD3124D7A6
SHA256:B29F84E5ABF86F9FFB90BD9A5AFA622FB91F54FEE1ADA4D085650FAB814EDD34
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
111
DNS requests
42
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3124
iexplore.exe
GET
200
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8f869686e34b7eef
US
compressed
4.66 Kb
unknown
3124
iexplore.exe
GET
200
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f8f3bf607e1d79ae
US
compressed
4.66 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
binary
1.41 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDGjRvF%2B%2BIdboUy%2Byxw%3D%3D
unknown
binary
939 b
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D
unknown
binary
1.25 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
unknown
binary
1.40 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDB18BYhWh9uDtOL1%2BA%3D%3D
unknown
binary
939 b
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDDjMTZl7vzdbPPDllw%3D%3D
unknown
binary
1.40 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDAHEzfkIhtdN293xvg%3D%3D
unknown
binary
1.40 Kb
unknown
3124
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDCR5s%2BorCIomHQJCug%3D%3D
unknown
binary
938 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
3124
iexplore.exe
95.163.41.56:443
rs.mail.ru
LLC VK
RU
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
3124
iexplore.exe
95.140.236.0:80
ctldl.windowsupdate.com
LLNW
US
whitelisted
3124
iexplore.exe
104.18.20.226:80
ocsp.globalsign.com
CLOUDFLARENET
shared
3124
iexplore.exe
217.69.139.215:443
e.mail.ru
LLC VK
RU
unknown
3124
iexplore.exe
217.69.139.61:443
account.mail.ru
LLC VK
RU
unknown
2656
svchost.exe
239.255.255.250:1900
whitelisted
3124
iexplore.exe
217.69.140.45:443
stat.radar.imgsmail.ru
LLC VK
RU
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 95.140.236.0
  • 178.79.242.128
whitelisted
ocsp.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
ocsp2.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
e.mail.ru
  • 217.69.139.215
  • 94.100.180.216
  • 217.69.139.216
  • 94.100.180.215
unknown
account.mail.ru
  • 217.69.139.61
  • 94.100.180.61
unknown
stat.radar.imgsmail.ru
  • 217.69.140.45
whitelisted
light.mail.ru
  • 217.69.139.216
  • 94.100.180.215
  • 217.69.139.215
  • 94.100.180.216
unknown
imgs2.imgsmail.ru
  • 5.181.61.0
unknown
r.mradx.net
  • 95.163.52.80
whitelisted
rs.mail.ru
  • 95.163.41.56
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://trk.mail.ru/c/zzm979