URL:

https://uptobox.com/6ivfzqxspt7z

Full analysis: https://app.any.run/tasks/3b147cd9-1829-4a73-a807-053ec15deb77
Verdict: Malicious activity
Analysis date: May 14, 2023, 13:15:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D407DD20C4358475DBCC8E5C48BB136F

SHA1:

E57AF07512F6A1531721D45BC1EDE5AF99ADBADB

SHA256:

B57851B37B85213CA28A481450869316AE85A99BE0C1298301249B9F5914B61B

SSDEEP:

3:N8xqIKmgSmn:2xXJEn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3912)

    • Manual execution by a user

      • control.exe (PID: 2220)

    • The process checks LSA protection

      • control.exe (PID: 2220)

    • Create files in a temporary directory

      • iexplore.exe (PID: 1832)
      • iexplore.exe (PID: 3912)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe control.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1832"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3912 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2220"C:\Windows\System32\control.exe" SYSTEMC:\Windows\System32\control.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Control Panel
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\control.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3912"C:\Program Files\Internet Explorer\iexplore.exe" "https://uptobox.com/6ivfzqxspt7z"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
35 836
Read events
35 646
Write events
190
Delete events
0

Modification events

(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3912) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
78
Text files
58
Unknown types
2

Dropped files

PID
Process
Filename
Type
1832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\uptobox-min[1].csstext
MD5:B354F3146CD99741D5017FA4802C77E0
SHA256:AF00999485128548822C5CB37B10954B6321C2DBCE9758BC030ADAEE8C5EC62D
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
1832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\6ivfzqxspt7z[1].htmhtml
MD5:15B7775DC6620EBF4A18FFE51B8006E5
SHA256:D6529755F023170F477688974EF450BF4DE62AD65BFBE9BE4E418110C6FA979D
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:E1400ED453227CD37DCC475E96A0AEDC
SHA256:F81C9D4BA8F6EA9ECCD8B4C401A4D09537146321976A09FD56D883817326B52F
1832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\uptobox-min[1].jsbinary
MD5:DA480922EEBF711FECFC4A61096B3CF4
SHA256:D506E8C1461B1976418C9708B3390694658C5A205B117174A6AAE4ED110355D6
1832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\fontawesome-all.min[1].csstext
MD5:8778597C9649ABF1E2A16417DE22D486
SHA256:1A02638AF64044A18E7E8489E13FD4CE0CC537E09A97EA71C416B6CD4A0F458B
1832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\suv4[1].jstext
MD5:E47E4068A5F54C8AD33BBE8A64A118CD
SHA256:CDCFC0CD2ECE0055E60C01AD1E3820EDF3B65C1BC71FCD925A723CFDE42D8F32
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:2F1A7FEF590E641D6DFE8457C48CA231
SHA256:4DABEB84A2EFE5418035F1A20192ED6EEE50673216E917794CB377DB6FD28D1B
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:AEB4D27FFD8A0EFEAC4C10CB13C40BA0
SHA256:F04E6AB4ACAE28744E66EEF664BCE1E3AD4E762BCCBA179062880E2ED957E484
1832iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:B1315F77D64E889E666773CDFF9A5163
SHA256:2484F13A778334CC615FE30CB894FB25BE319EEF02DF9809DE7FC1F3A09A6628
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
47
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1832
iexplore.exe
GET
200
8.248.145.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0ae0009585d23352
US
compressed
62.3 Kb
whitelisted
1832
iexplore.exe
GET
200
8.248.145.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f80528f7362cae4e
US
compressed
62.3 Kb
whitelisted
1832
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEBfBij0zW0OW7RlXS9Afm%2Bs%3D
US
der
471 b
whitelisted
1832
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAUdbSyc9ptBLeOBIv46YX8%3D
US
binary
471 b
whitelisted
1832
iexplore.exe
GET
200
142.250.185.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
binary
1.41 Kb
whitelisted
1832
iexplore.exe
GET
200
142.250.185.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
1832
iexplore.exe
GET
200
2.16.241.12:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSpfMudLdc%2FbdhLtN9Pk6Mr0g%3D%3D
unknown
binary
503 b
shared
1832
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
1832
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
binary
2.18 Kb
whitelisted
1832
iexplore.exe
GET
200
142.250.185.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEHq7CHA9JeW1EONEhXHIKV8%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1832
iexplore.exe
8.248.145.254:80
ctldl.windowsupdate.com
LEVEL3
US
suspicious
4
System
192.168.100.255:138
whitelisted
1832
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1832
iexplore.exe
81.171.8.143:443
www.hostingcloud.racing
LeaseWeb Netherlands B.V.
NL
malicious
1832
iexplore.exe
104.22.31.128:443
CLOUDFLARENET
whitelisted
1832
iexplore.exe
35.201.66.189:443
onclickalgo.com
GOOGLE
US
unknown
1832
iexplore.exe
188.114.97.3:443
acdcdn.com
CLOUDFLARENET
NL
malicious
3396
svchost.exe
239.255.255.250:1900
whitelisted
1076
svchost.exe
224.0.0.252:5355
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 8.248.145.254
  • 8.253.204.249
  • 8.241.122.254
  • 8.241.9.126
  • 67.27.158.126
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ads2.uptobox.com
  • 163.172.198.13
suspicious
www.hostingcloud.racing
  • 81.171.8.143
whitelisted
onclickalgo.com
  • 35.201.66.189
whitelisted
acdcdn.com
  • 188.114.97.3
  • 188.114.96.3
malicious
ocsp.comodoca.com
  • 104.18.32.68
  • 172.64.155.188
whitelisted
ocsp.usertrust.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
ocsp.sectigo.com
  • 104.18.32.68
  • 172.64.155.188
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://uptobox.com/6ivfzqxspt7z