URL:

https://www.teleriumtv.run

Full analysis: https://app.any.run/tasks/1770ed50-3f92-49fc-a545-d32b43d71d18
Verdict: Malicious activity
Analysis date: May 29, 2023, 22:54:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

11937F803667831BEA5CB37738753717

SHA1:

19B174BDBFE893948A5B807110594B536E412579

SHA256:

B5A1D91A0E17CE210218498FBBD30C732126E56EBA21FCEE9A980B12D60BD466

SSDEEP:

3:N8DSLEe:2OLEe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Create files in a temporary directory

      • iexplore.exe (PID: 3464)
      • iexplore.exe (PID: 748)

    • Application launched itself

      • iexplore.exe (PID: 748)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
748"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.teleriumtv.run"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1848"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:748 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3464"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:748 CREDAT:595209 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
28 836
Read events
28 698
Write events
136
Delete events
2

Modification events

(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(748) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
52
Text files
50
Unknown types
0

Dropped files

PID
Process
Filename
Type
1848iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\KIAPZ775.htmhtml
MD5:B29C163C367D382603035C0AAE175B2A
SHA256:392AC7D3CB58DDA09D64F91DD8A6AC8B394A61C542C99669AB7D9AAB140E0F25
1848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:CEA260BDA1EB681CCD67D28191D8C9A5
SHA256:F32DD320C96579E9177B27E4C1BB65ED5F0D56940643E54D5BD12DA6AED713FD
1848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:0B43CDB46AF0BF4A4BCE830A2F2CD59C
SHA256:170A040FACF35F72732E3FB8A9EF4695064A866DAB1A33139C32D7D1D3A3ABC3
1848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:CFBC16E33DCBEF6F773F0F79AF528F45
SHA256:F0937890FB1053069BAAC97B7992C6D22CB74CAE20317FC05D51070D96950FFA
1848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:D92DDF4DFB1050568CB33385D78F0825
SHA256:6493C0A8E836A83A290B0C917830894B57E6A5274767377C52F2BDB095E52023
1848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:4B6F061B7B18371F56689E9A27606B9C
SHA256:1B9D0BAFA1779FF0DB1DC517AFA574D26B332A6083F7A875F25FB77F2705D1A3
1848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:D07FF30D2A475DA83CF203B65ADD3480
SHA256:236345E6562C26DF3A4FDFB08D0EFBE09090A889DA87F9019BA21E030FEB6898
1848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
1848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:575C5E72239155D718E3C2144EFFD56D
SHA256:CA5FADF2D28494E373623FC3EEAE5512154BEF046E229702CB631B1E00FBBF5B
1848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5F062E97657E16CB07F77F3A67E74B7Abinary
MD5:B2EB4D042105518EFDC5FAC61E9788DB
SHA256:6175AD4BADA00420C6ACCDBC977A9AB144E0B3DB8A3D39E5B0700E771FAA5A4D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
115
DNS requests
42
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3464
iexplore.exe
GET
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9b04043c556bd24b
GB
whitelisted
3464
iexplore.exe
GET
52.222.250.42:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
US
shared
3464
iexplore.exe
GET
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0f7b1915c0517858
GB
whitelisted
3464
iexplore.exe
GET
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2042151d4164be3f
GB
whitelisted
3464
iexplore.exe
GET
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?5f1d47b70b5b3e70
GB
whitelisted
GET
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?93320e02d964f4e3
GB
whitelisted
1848
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD92PX9Q8FmlAp79IClZhAt
US
binary
472 b
whitelisted
1848
iexplore.exe
GET
200
104.18.14.101:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
2.18 Kb
whitelisted
3464
iexplore.exe
GET
200
18.66.92.73:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
binary
1.70 Kb
whitelisted
1848
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
binary
724 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
3704
svchost.exe
239.255.255.250:1900
whitelisted
1076
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
1848
iexplore.exe
188.114.97.3:443
ii.apl212.me
CLOUDFLARENET
NL
malicious
1848
iexplore.exe
142.250.186.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
1848
iexplore.exe
95.140.236.0:80
ctldl.windowsupdate.com
LLNW
US
whitelisted
1848
iexplore.exe
172.217.16.202:443
fonts.googleapis.com
GOOGLE
US
whitelisted
1848
iexplore.exe
104.26.5.7:443
waust.at
CLOUDFLARENET
US
suspicious
1848
iexplore.exe
142.250.185.138:443
ajax.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 95.140.236.0
  • 178.79.242.128
whitelisted
ocsp.pki.goog
  • 142.250.186.131
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 184.86.251.27
  • 184.86.251.22
  • 184.86.251.19
whitelisted
fonts.googleapis.com
  • 172.217.16.202
whitelisted
waust.at
  • 104.26.5.7
  • 104.26.4.7
  • 172.67.71.57
malicious
code.jquery.com
  • 69.16.175.10
  • 69.16.175.42
whitelisted
cdnjs.cloudflare.com
  • 104.17.24.14
  • 104.17.25.14
whitelisted
ajax.googleapis.com
  • 142.250.185.138
whitelisted
platform-api.sharethis.com
  • 13.32.99.34
  • 13.32.99.51
  • 13.32.99.22
  • 13.32.99.78
whitelisted

Threats

PID
Process
Class
Message
1076
svchost.exe
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .icu Domain
3464
iexplore.exe
Potentially Bad Traffic
ET INFO Suspicious Domain (*.icu) in TLS SNI
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.teleriumtv.run