analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://ww1.sx1yuqjh9e.ru

Full analysis: https://app.any.run/tasks/bc52c974-1856-4b26-9ba7-0953f4d519c7
Verdict: Malicious activity
Analysis date: October 05, 2022, 07:01:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

DE4006F0AF0797C3DA71FA2056252CA6

SHA1:

0991CBF929C31BB9D5CC07C4D7AA41175FABFBC0

SHA256:

B3F0B5CCCF49F34CB6E0F604196E86598D50D7326CA24C74590D71DE9430B5EC

SSDEEP:

3:N1KJSl9vLA:Cclps

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process downloads binary or script

      • iexplore.exe (PID: 2576)
      • iexplore.exe (PID: 2576)
      • chrome.exe (PID: 3288)
      • chrome.exe (PID: 3288)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2644)
      • chrome.exe (PID: 1320)

    • Manual execution by user

      • chrome.exe (PID: 1320)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
60
Monitored processes
23
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2644"C:\Program Files\Internet Explorer\iexplore.exe" "http://ww1.sx1yuqjh9e.ru"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2576"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2644 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1320"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
2472"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e2cd988,0x6e2cd998,0x6e2cd9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
2660"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1064 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
3288"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1320 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
2312"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
2324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
460"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
1024"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,3486092038536764419,6528325360364613255,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2844 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Total events
28 065
Read events
27 807
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
131
Text files
134
Unknown types
15

Dropped files

PID
Process
Filename
Type
2644iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:984D0DF575AB94B85922C64D5C5AC5D9
SHA256:93EDF5B328F120954DD79DE89813B448DC26F6CFAF15154633F906E5BA34E563
2576iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YV1TQURJ.txttext
MD5:FD546B3A610706727FB74BB0B6F5BA41
SHA256:25EBC9AFBC3D5E70097D99959A6A972F8141BA3D835844EDF26470C8D2DDBD4E
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\GXV3ZNEX.htmhtml
MD5:708A9B60011979964F0B37917AD7BDA1
SHA256:92F3A809A3892BFB14EB9282F42C647C588370F253E726FE8FF269E7455A97FF
2576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5ABder
MD5:67D1611349C0D065E7BB6DC6865BD920
SHA256:C40D15C84DE3BA17F5B81853BCBE665CCB76484C02991A2B5EEE01AB2C6F0229
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\search[1].htmhtml
MD5:802B5FE5621DD11263E46CDCB7837217
SHA256:B22C136CD5E08592F06D1217A003CE80136661490CCAE9102DD5F1CBEE5D4DB4
2576iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\0M8GA4LB.txttext
MD5:0AB883CF9817E89CD188CC1059392A21
SHA256:DDDB2DD82A85FCAFF09451D1B8123FDD8C6DD4045D9E587875857C0ED7783532
2644iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.datbinary
MD5:98A31B934E4C88B29789D04F755428E8
SHA256:4F9DBF5AE72383E1AFDB25FC2A3DB5B72F9F8CFDD117139953E98FB73D8D9321
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\16x16_100_TZmqhNXXKxtX5WpbGGoMZA[1].pngimage
MD5:D57A54536FF41F2315AB22643A83341C
SHA256:57D88099725884BC85BB3098913659144932068946B8645D9D8749A1CA765FEC
2644iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\bootstrap.min[1].jstext
MD5:ABDA843684D022F3BC22BC83927FE05F
SHA256:24CC29533598F962823C4229BC280487646A27A42A95257C31DE1B9B18F3710F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
62
DNS requests
42
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2644
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.78 Kb
whitelisted
2576
iexplore.exe
GET
200
23.217.138.108:80
http://ww1.sx1yuqjh9e.ru/
US
html
369 b
malicious
3288
chrome.exe
GET
2.22.118.210:80
http://searchguide.level3.com/s/css/bootstrap.min.css
GB
whitelisted
2576
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
2644
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2576
iexplore.exe
GET
200
2.22.118.232:80
http://searchguide.level3.com/search/?q=http%3A//ww1.sx1yuqjh9e.ru/&r=&t=0&akaCid=aaaaaaaa&bc=
GB
html
16.9 Kb
whitelisted
2644
iexplore.exe
GET
200
2.22.118.232:80
http://searchguide.level3.com/s/img/lvl3/favicon.ico
GB
image
1.12 Kb
whitelisted
2576
iexplore.exe
GET
200
2.22.118.232:80
http://searchguide.level3.com/s/img/lvl3/logo.png
GB
image
9.26 Kb
whitelisted
3288
chrome.exe
GET
200
2.22.118.210:80
http://searchguide.level3.com/search/?q=http%3A//ww1.sx1yuqjh9e.ru/&r=&t=0&akaCid=aaaaaaaa&bc=
GB
html
15.9 Kb
whitelisted
2576
iexplore.exe
GET
200
2.22.118.232:80
http://searchguide.level3.com/s/js/jquery.cookie.js
GB
text
3.54 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2644
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
2644
iexplore.exe
13.107.21.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2576
iexplore.exe
23.217.138.108:80
ww1.sx1yuqjh9e.ru
Akamai International B.V.
US
whitelisted
2576
iexplore.exe
87.248.119.252:443
s.yimg.com
Yahoo! UK Services Limited
GB
malicious
2644
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
2576
iexplore.exe
2.22.118.232:80
searchguide.level3.com
Akamai International B.V.
DE
suspicious
2576
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
3288
chrome.exe
172.217.17.110:443
clients2.google.com
GOOGLE
US
whitelisted
2576
iexplore.exe
23.202.231.167:80
ww1.sx1yuqjh9e.ru
Akamai International B.V.
US
malicious
2644
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
ww1.sx1yuqjh9e.ru
  • 23.217.138.108
  • 23.202.231.167
malicious
searchguide.level3.com
  • 2.22.118.232
  • 2.22.118.210
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
s.yimg.com
  • 87.248.119.252
  • 87.248.119.251
shared
crl3.digicert.com
  • 93.184.220.29
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
2644
iexplore.exe
Generic Protocol Command Decode
SURICATA HTTP unable to match response to request
2576
iexplore.exe
Generic Protocol Command Decode
SURICATA HTTP unable to match response to request
2576
iexplore.exe
Generic Protocol Command Decode
SURICATA HTTP unable to match response to request
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://ww1.sx1yuqjh9e.ru