URL:

https://uptobox.com/6ivfzqxspt7z

Full analysis: https://app.any.run/tasks/3b147cd9-1829-4a73-a807-053ec15deb77
Verdict: Malicious activity
Analysis date: May 14, 2023, 13:15:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D407DD20C4358475DBCC8E5C48BB136F

SHA1:

E57AF07512F6A1531721D45BC1EDE5AF99ADBADB

SHA256:

B57851B37B85213CA28A481450869316AE85A99BE0C1298301249B9F5914B61B

SSDEEP:

3:N8xqIKmgSmn:2xXJEn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Create files in a temporary directory

      • iexplore.exe (PID: 3912)
      • iexplore.exe (PID: 1832)

    • Application launched itself

      • iexplore.exe (PID: 3912)

    • The process checks LSA protection

      • control.exe (PID: 2220)

    • Manual execution by a user

      • control.exe (PID: 2220)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe control.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1832"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3912 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2220"C:\Windows\System32\control.exe" SYSTEMC:\Windows\System32\control.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Control Panel
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\control.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3912"C:\Program Files\Internet Explorer\iexplore.exe" "https://uptobox.com/6ivfzqxspt7z"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
35 836
Read events
35 646
Write events
190
Delete events
0

Modification events

(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
78
Text files
58
Unknown types
2

Dropped files

PID
Process
Filename
Type
1832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\fontawesome-all.min[1].csstext
MD5:8778597C9649ABF1E2A16417DE22D486
SHA256:1A02638AF64044A18E7E8489E13FD4CE0CC537E09A97EA71C416B6CD4A0F458B
1832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\uptobox-min[1].csstext
MD5:B354F3146CD99741D5017FA4802C77E0
SHA256:AF00999485128548822C5CB37B10954B6321C2DBCE9758BC030ADAEE8C5EC62D
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:B1315F77D64E889E666773CDFF9A5163
SHA256:2484F13A778334CC615FE30CB894FB25BE319EEF02DF9809DE7FC1F3A09A6628
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:3AC860860707BAAF32469FA7CC7C0192
SHA256:D015145D551ECD14916270EFAD773BBC9FD57FAD2228D2C24559F696C961D904
1832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\suv4[1].jstext
MD5:E47E4068A5F54C8AD33BBE8A64A118CD
SHA256:CDCFC0CD2ECE0055E60C01AD1E3820EDF3B65C1BC71FCD925A723CFDE42D8F32
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:AEB4D27FFD8A0EFEAC4C10CB13C40BA0
SHA256:F04E6AB4ACAE28744E66EEF664BCE1E3AD4E762BCCBA179062880E2ED957E484
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:2F1A7FEF590E641D6DFE8457C48CA231
SHA256:4DABEB84A2EFE5418035F1A20192ED6EEE50673216E917794CB377DB6FD28D1B
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:1EC7302D6E6F4BAA10B0016367FDA028
SHA256:7A69CB8C27DFBCC250B7990102C2C97C9319B4972A690D59BA13962B11F5CBB7
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:FF2C256E50EF6114EED357732993D6F9
SHA256:65A98E898D89D28AF260B86D352E7AEBF608D028305078E6E0C5F19FB9F2AE00
1832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\background_sky[1].pngimage
MD5:48E36EA16E7EEC5408E9A4C478013D21
SHA256:1EB340F798149AF8EAC479D07DB40810304A2FDBB3BEBF7BFD22760EEBDEFD92
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
47
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1832
iexplore.exe
GET
200
8.248.145.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?84a0a9bd4dd839dc
US
compressed
4.70 Kb
whitelisted
1832
iexplore.exe
GET
200
8.248.145.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f80528f7362cae4e
US
compressed
62.3 Kb
whitelisted
1832
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
binary
2.18 Kb
whitelisted
1832
iexplore.exe
GET
200
8.248.145.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?38e2b677295c939d
US
compressed
4.70 Kb
whitelisted
1832
iexplore.exe
GET
200
8.248.145.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?90a0cf0fc11a510e
US
compressed
62.3 Kb
whitelisted
1832
iexplore.exe
GET
200
2.16.241.12:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSpfMudLdc%2FbdhLtN9Pk6Mr0g%3D%3D
unknown
binary
503 b
shared
1832
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
1.42 Kb
whitelisted
1832
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
1832
iexplore.exe
GET
200
2.16.241.12:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSFFsrfCB4RBrTlP%2BVr4n0wwQ%3D%3D
unknown
binary
503 b
shared
1832
iexplore.exe
GET
200
8.248.145.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?49ca93d5472d497f
US
compressed
62.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1832
iexplore.exe
8.248.145.254:80
ctldl.windowsupdate.com
LEVEL3
US
suspicious
1832
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1832
iexplore.exe
81.171.8.143:443
www.hostingcloud.racing
LeaseWeb Netherlands B.V.
NL
malicious
1832
iexplore.exe
163.172.198.13:443
ads2.uptobox.com
Online S.a.s.
FR
suspicious
1832
iexplore.exe
35.201.66.189:443
onclickalgo.com
GOOGLE
US
unknown
1832
iexplore.exe
104.22.31.128:443
CLOUDFLARENET
whitelisted
1832
iexplore.exe
188.114.97.3:443
acdcdn.com
CLOUDFLARENET
NL
malicious
1076
svchost.exe
224.0.0.252:5355
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 8.248.145.254
  • 8.253.204.249
  • 8.241.122.254
  • 8.241.9.126
  • 67.27.158.126
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ads2.uptobox.com
  • 163.172.198.13
suspicious
www.hostingcloud.racing
  • 81.171.8.143
whitelisted
onclickalgo.com
  • 35.201.66.189
whitelisted
acdcdn.com
  • 188.114.97.3
  • 188.114.96.3
malicious
ocsp.comodoca.com
  • 104.18.32.68
  • 172.64.155.188
whitelisted
ocsp.usertrust.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
ocsp.sectigo.com
  • 104.18.32.68
  • 172.64.155.188
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://uptobox.com/6ivfzqxspt7z