URL:

amazoon.online

Full analysis: https://app.any.run/tasks/08fde849-ead1-4743-bf6a-d75fbf6a6eaf
Verdict: Malicious activity
Analysis date: April 22, 2024, 18:54:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
phishing
Indicators:
MD5:

3D4832E702C01040BB8D736A696D74D3

SHA1:

7F57162378A0E1972B4F3F8C577CA0E11439ED73

SHA256:

B3466C161F4E92D6CA5654A4422196CDD7529349EBB331E73F4D65B2E84C9C4C

SSDEEP:

3:h4LLpAn:+A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • iexplore.exe (PID: 2928)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2032)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe #PHISHING iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2032"C:\Program Files\Internet Explorer\iexplore.exe" "amazoon.online"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2928"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2032 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
10 346
Read events
10 209
Write events
100
Delete events
37

Modification events

(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31102182
(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31102182
(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2032) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
6
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
2928iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\all[1].jstext
MD5:097F74FC8F861ECE148262A652AB806A
SHA256:39B4614F1C87CF0CFD1BC3375642E95825CB2018E0318A36AAD766DDB5A8CBE9
2928iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\psat_logo[1].pngimage
MD5:C510B40B57C8DE8C431E25E89EAC656F
SHA256:313AC720267E0D852F0B17055B68087B1D1CC4CE24F075864D4AB57A7F83B199
2928iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DOTBATAV\amazoon[1].xmltext
MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:3C306EEF3600E13AB3F9294F5337836F
SHA256:BACA6039DB0F154DC0D7F628499010D6F447BCD6D13AEEA9B52C32A9A1945844
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Ader
MD5:8719CAECA19B800D4C3FDE5909885A02
SHA256:A52B2426F37FD1739879EC4976FAADAB9223DC7ADB41A1FC562CEDAD51C53A06
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:7656798A251922BE3675D5039BB33A63
SHA256:94E28EDA1C69F50751EDA9882D74D099FEDA4335C239BD991AAA4D9CCC322A37
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:D470BCA651EAF767A49FA79BFEDD6CA0
SHA256:7354B7B6A3D6DBF6C0DB4D4C2645F1BD43B73DA5FF8F6EEE272F56B7EC52EB56
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
21
DNS requests
12
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/
unknown
unknown
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/assets/ajax/libs/jquery/1.11.0/jquery.min.js
unknown
unknown
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/assets/psat_logo.png
unknown
unknown
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/assets/all.js?g=infopage
unknown
unknown
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/trace?id=infopage&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=undefined
unknown
unknown
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/trace?id=infopage&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=undefined
unknown
unknown
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/trace?id=infopage&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=undefined
unknown
unknown
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/trace?id=infopage&msg=BrowserDetect%20-%20browser%20%3D%20Mozilla&correlation_id=undefined
unknown
unknown
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/trace?id=infopage&msg=BrowserDetect%20-%20browser_version%20%3D%2011&correlation_id=undefined
unknown
unknown
2928
iexplore.exe
GET
200
44.213.150.88:80
http://amazoon.online/trace?id=infopage&msg=BrowserDetect%20-%20os%20%3D%20Windows&correlation_id=undefined
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2928
iexplore.exe
44.213.150.88:80
amazoon.online
AMAZON-AES
US
unknown
2032
iexplore.exe
44.213.150.88:80
amazoon.online
AMAZON-AES
US
unknown
2032
iexplore.exe
184.30.150.107:443
www.bing.com
Akamai International B.V.
CA
unknown
2032
iexplore.exe
87.248.205.0:80
ctldl.windowsupdate.com
LLNW
US
unknown
2032
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2032
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
1080
svchost.exe
87.248.205.0:80
ctldl.windowsupdate.com
LLNW
US
unknown

DNS requests

Domain
IP
Reputation
amazoon.online
  • 44.213.150.88
  • 3.218.83.106
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 184.30.150.100
  • 184.30.150.104
  • 184.30.150.109
  • 184.30.150.111
  • 184.30.150.108
  • 184.30.150.107
  • 184.30.150.103
  • 184.30.150.114
  • 184.30.150.113
whitelisted
ctldl.windowsupdate.com
  • 87.248.205.0
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
2928
iexplore.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Proofpoint Security Awareness Training
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Proofpoint Security Awareness Training
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
amazoon.online