analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://kubometrs.ru/g11311300-truboprovodnaya-armatura?utm_medium=email&utm_source=email&utm_campaign=broen|krani|date-16-07-2019&utm_content=1

Full analysis: https://app.any.run/tasks/23ba916c-16c9-4555-8f0a-9c34a35174be
Verdict: Malicious activity
Analysis date: July 17, 2019, 05:55:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

2010166E2BF3C7F013948D2B453A7E78

SHA1:

7C1888E18484FC6A2D907CC06DD87D525DD0C31D

SHA256:

B51C4738DAB34290620AD602E9A337BFD6A1A3E037215520860544C1DE9F650F

SSDEEP:

3:N1KVQs4CUUWNZ7aME/2ABRIYrJD6QWrEMNEomU8RyRmTInORmKlAL+U:C6sPUUDNezQfWrbm7yRkuX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Creates files in the user directory

      • iexplore.exe (PID: 2888)
      • iexplore.exe (PID: 3316)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3316)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3316)

    • Application launched itself

      • iexplore.exe (PID: 2888)

    • Changes internet zones settings

      • iexplore.exe (PID: 2888)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2888)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2888)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2888"C:\Program Files\Internet Explorer\iexplore.exe" "http://kubometrs.ru/g11311300-truboprovodnaya-armatura?utm_medium=email&utm_source=email&utm_campaign=broen|krani|date-16-07-2019&utm_content=1"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3316"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2888 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
423
Read events
365
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
63
Unknown types
15

Dropped files

PID
Process
Filename
Type
2888iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
MD5:
SHA256:
2888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3316iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0R6SRBNK\g11311300-truboprovodnaya-armatura[1].txt
MD5:
SHA256:
3316iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@kubometrs[1].txttext
MD5:A43B873070E8CE7D35D09CCD18687981
SHA256:6E373FD31820EF7E9D3B3AA9596CACFBEC52FD8E5AC10E48CF18EAF791FBD959
3316iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Q1OCRJP\42299804b0ab7e68062c1943292385e3_1[1].jstext
MD5:9DF7F337277EECBDC16A01B9891C6C73
SHA256:1519077E4C101DF87D51E6FD6A21F27115DF4856A208638132A57999846249AE
3316iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:96E5D43C76B29A8084E292829A72668D
SHA256:006491DF1F793B42875E2C66F2F94365DB61032F54FA9E17281974A2756384FA
3316iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0R6SRBNK\g11311300-truboprovodnaya-armatura[1].htmhtml
MD5:0FD000F463371CA5468A5488BE1B45DD
SHA256:299DB728B688787EC5DF2DF78DE72099AC16553D20C4071FD56857A7CC29861E
3316iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7B3HVI2Z\js[1]text
MD5:75BEB43FECD3554E3D58A73BCB32B76E
SHA256:EE0022DF239CAF4EA43F405A12F76BD4CD244CE905DF55C00BA17E51C99B5A85
3316iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIR07LQX\bare[1].jstext
MD5:93DD496E0CB4A404A40F05F1EBBD51CB
SHA256:8CC375D5BDE2B33E77D454DB96D3ABC98E6F3C7246574B1D26082B7E77B650AA
3316iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7B3HVI2Z\darkgreen-b9d5f1721fa56988ce110ec47a28372a[1].csstext
MD5:B9D5F1721FA56988CE110EC47A28372A
SHA256:7D8E08FC9DB7DEEC5A83AD2A1E6257B0810654F28A827A4FC2EE12262C64A213
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
52
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3316
iexplore.exe
GET
301
178.248.237.63:80
http://kubometrs.ru/g11311300-truboprovodnaya-armatura?utm_medium=email&utm_source=email&utm_campaign=broen|krani|date-16-07-2019&utm_content=1
RU
html
169 b
suspicious
2888
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3316
iexplore.exe
172.217.23.142:443
www.google-analytics.com
Google Inc.
US
whitelisted
2888
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3316
iexplore.exe
178.248.237.63:443
kubometrs.ru
HLL LLC
RU
suspicious
3316
iexplore.exe
185.59.220.22:443
cdn.sendpulse.com
Datacamp Limited
DE
unknown
3316
iexplore.exe
193.34.169.18:443
tracker.tiu.ru
UAPROM LLC
UA
suspicious
3316
iexplore.exe
178.248.237.63:80
kubometrs.ru
HLL LLC
RU
suspicious
3316
iexplore.exe
185.86.56.9:443
uaprom-static.c2.prom.st
UAPROM LLC
UA
unknown
3316
iexplore.exe
193.34.169.14:443
ruprom-uc.prom.st
UAPROM LLC
UA
unknown
3316
iexplore.exe
172.217.21.200:443
www.googletagmanager.com
Google Inc.
US
whitelisted
3316
iexplore.exe
87.250.251.119:443
mc.yandex.ru
YANDEX LLC
RU
whitelisted

DNS requests

Domain
IP
Reputation
kubometrs.ru
  • 178.248.237.63
suspicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
uaprom-static.c2.prom.st
  • 185.86.56.9
  • 185.86.56.8
suspicious
www.google-analytics.com
  • 172.217.23.142
whitelisted
mc.yandex.ru
  • 87.250.251.119
  • 93.158.134.119
  • 87.250.250.119
  • 77.88.21.119
whitelisted
ruprom-uc.prom.st
  • 193.34.169.14
unknown
cdn.sendpulse.com
  • 185.59.220.22
whitelisted
www.googletagmanager.com
  • 172.217.21.200
whitelisted
tracker.tiu.ru
  • 193.34.169.18
suspicious
fonts.googleapis.com
  • 216.58.208.42
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://kubometrs.ru/g11311300-truboprovodnaya-armatura?utm_medium=email&utm_source=email&utm_campaign=broen|krani|date-16-07-2019&utm_content=1