analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://arcg.is/1qL0Dy

Full analysis: https://app.any.run/tasks/b26e1fc0-ae09-4cf1-8f18-a8379eb5cb76
Verdict: Malicious activity
Analysis date: April 01, 2023, 02:39:28
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

4EBE541D1C61C3A822D87591808F9352

SHA1:

47A99C805E5DC63AEB2157B0FB93587FAF708560

SHA256:

B3430DE3AA0C8434D8071F3CFCDCB1479CB47BB28FD8E52523F779FD12041D0E

SSDEEP:

3:N88won:2To

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 616)
    • Create files in a temporary directory

      • iexplore.exe (PID: 616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Program Files\Internet Explorer\iexplore.exe" "https://arcg.is/1qL0Dy"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3108"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:616 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
26 276
Read events
26 078
Write events
198
Delete events
0

Modification events

(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(616) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
26
Text files
76
Unknown types
98

Dropped files

PID
Process
Filename
Type
3108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62der
MD5:7C242CEAAE0CBFAF314B9818E43F0F18
SHA256:DB32B108184CE977EA08CD56BC282D83E3F53ED580CF5FA9FC11CC8BD9F09A57
3108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_4FFAD0B960AADC449EB4D657A672CABFder
MD5:F08BD6683FB0ABA14B2D80058F870D4F
SHA256:AA758FD81BE4D02770A9F5CB1E3FECA9C5FD558E81A7E994EEF63FD9A2BA662A
3108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8binary
MD5:E98A1D9A8E483B4E04372EBD5DBC7CFB
SHA256:A368A223C1E31869C839BF55F65B79F91881EEF947BF871507C8EB6E7E155063
3108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_4FFAD0B960AADC449EB4D657A672CABFbinary
MD5:2B8B2152ED40F0299568A15C99EB2B5B
SHA256:EE869AF82FBD8F7B07B71AD83292911BFA179FDD52A76E49A6C6E27A55587BA8
3108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:4CEB060E5B4B772844E93E5A159BF865
SHA256:40830C37F8D37C6F230230A1CD090A9F4394EEADC0755D75B8E109E7FC73AA30
3108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:46536C17C07D823E0B336A5FB41C33EE
SHA256:48B0ABEEC7B318AF56BEA3B00413A5CF0CE155EBA07664E906DC076F79D3F85F
3108iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\0940e1bf338a45ed9d5c0351d2212028[1].htmhtml
MD5:48580C82F6C54DB9F46118305AD5CAA7
SHA256:BFAA289A69BBC8EA2D86312F94EEA4140FE20C844D0721CCCADD644F5638F6CA
3108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894der
MD5:E2EDAB82BA764DC5F48CF7C15C483352
SHA256:735E9A1F996461E5C28C6D4F97FB29A41902756722AC41526307D2B84922988D
3108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:B1C357226D51FAB154F4703532720B03
SHA256:A1476C04E5E342B1C5F89ECF18499D67D36D87F627ABBEB1477736EA0C273910
3108iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8der
MD5:0CD383002278C0F4B1A8CB81C3D753E0
SHA256:1D6C9CAA55D63F73B64984281907EF5EC257800B4E2099B07881E19723679383
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
43
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3108
iexplore.exe
GET
200
52.222.250.185:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
US
der
1.39 Kb
shared
3108
iexplore.exe
GET
200
52.222.226.205:80
http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAiIMf7CZVxGuCJkPEDrlGc%3D
US
der
471 b
whitelisted
3108
iexplore.exe
GET
200
108.138.2.10:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
3108
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e8c889587aa2ae58
US
compressed
4.70 Kb
whitelisted
3108
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
3108
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAZfAOepzDl4xhd%2B4IMDbgo%3D
US
der
471 b
whitelisted
3108
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
616
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
3108
iexplore.exe
GET
200
52.222.250.185:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
616
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3108
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3108
iexplore.exe
52.222.250.185:80
ocsp.rootg2.amazontrust.com
AMAZON-02
US
whitelisted
3108
iexplore.exe
52.222.214.69:443
survey123.arcgis.com
AMAZON-02
US
unknown
3108
iexplore.exe
52.222.226.205:80
ocsp.r2m01.amazontrust.com
AMAZON-02
US
unknown
3108
iexplore.exe
198.102.60.60:443
doc.arcgis.com
ESRI
US
unknown
3108
iexplore.exe
18.66.218.57:443
US
unknown
3108
iexplore.exe
108.138.2.10:80
o.ss2.us
AMAZON-02
US
unknown
616
iexplore.exe
13.107.21.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
616
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3108
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
o.ss2.us
  • 108.138.2.10
  • 108.138.2.195
  • 108.138.2.107
  • 108.138.2.173
whitelisted
ocsp.rootg2.amazontrust.com
  • 52.222.250.185
  • 52.222.250.174
  • 52.222.250.42
  • 52.222.250.112
whitelisted
ocsp.rootca1.amazontrust.com
  • 52.222.250.185
  • 52.222.250.174
  • 52.222.250.112
  • 52.222.250.42
shared
ocsp.r2m01.amazontrust.com
  • 52.222.226.205
whitelisted
survey123.arcgis.com
  • 52.222.214.69
  • 52.222.214.77
  • 52.222.214.110
  • 52.222.214.120
malicious
doc.arcgis.com
  • 198.102.60.60
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

No threats detected
No debug info