analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://stc.com.sa

Full analysis: https://app.any.run/tasks/8249d712-c4fb-4694-8271-dd8e0466f010
Verdict: Malicious activity
Analysis date: January 24, 2022, 22:17:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

3D305E90A5C552F2DD2EBB65DB4F09CA

SHA1:

39162A6B0C56375C8FF383D3D89396AF90CF2DDE

SHA256:

B63AC03ADF009E56BE8C8D07880AABAB6A425D9AEE0D47BEB5D3FDCE357DBEBE

SSDEEP:

3:N8cz:2cz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 884)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 884)
      • iexplore.exe (PID: 3336)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 884)
      • iexplore.exe (PID: 3336)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3336)
    • Checks supported languages

      • iexplore.exe (PID: 884)
      • iexplore.exe (PID: 3336)
    • Application launched itself

      • iexplore.exe (PID: 3336)
    • Changes internet zones settings

      • iexplore.exe (PID: 3336)
    • Reads internet explorer settings

      • iexplore.exe (PID: 884)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3336)
    • Creates files in the user directory

      • iexplore.exe (PID: 3336)
      • iexplore.exe (PID: 884)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3336)
      • iexplore.exe (PID: 884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3336"C:\Program Files\Internet Explorer\iexplore.exe" "https://stc.com.sa"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
884"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3336 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
28 065
Read events
27 795
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
40
Text files
482
Unknown types
54

Dropped files

PID
Process
Filename
Type
3336iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:FC990EAA7247546FB67C18916A4CAC9B
SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993
884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E11E75149C17A93653DA7DC0B8CF53F_0D23F55997F35A3AC9C331196DC79312binary
MD5:928C3A0B55E6B2D2808BE634CAB58C63
SHA256:D44E92BF08BE31AB75D19685AE7986E96609323562C09846561824F5B415FD1D
884iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\L0HXUD8L.htmhtml
MD5:4BF1332F668D165A3C4685E1ED0E985F
SHA256:A699B1666F4CC5AA10B1C8BE075A14CA331B8700A6F3C2517BBF91BFE5F9812C
884iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\6f43b9c965[1].csstext
MD5:04C91823F31F9C2612C995487A59A5BF
SHA256:D4C5968D0CE999926A5325FEDBB397590D3EDB640AAB760EC0B209C3F3EBBD65
884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:D3EE8BA03D16A447BC5BDA7C939EEF6F
SHA256:CF878EF479B8BEFF5B20133E2C4F33106B89E2A505E4236FE339A519929C078F
884iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\YA6TB67W.txttext
MD5:1F612E903E369DB14F63D05C99AF44E2
SHA256:ADAE9767DD72B55B05BA1FAF1BFB6865496D3341F4A43E95D425930C14DE84F1
884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E11E75149C17A93653DA7DC0B8CF53F_0D23F55997F35A3AC9C331196DC79312der
MD5:AE6A64E6F5D4BE5002B7FAC189D6767E
SHA256:BBE2C8CD7DA70627B3C9037C0393076A94EECD54EE12BF6B61EF187CE1266AC8
884iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\JCQB5LSV.htmhtml
MD5:EB30C8CB99821A1C9ACA72F465C81EF3
SHA256:77F396C98225DB004EBAE1CD760A02E414963AE2FC4EBECF99A7D8FDF7AB9488
884iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6binary
MD5:AA590591AA4310F7EEA75DDB1105F6EE
SHA256:BD2962FF2CA41B2D1C564DC826D56F4C2F059261F90BF592AE518A6AE643F7D9
3336iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:A8A0F46F91F13AC9C3F026C28424F6B4
SHA256:2F5FAFA98FACFAF4BB0ED4ABA1B43760EDA41DF4C1EBE1C60B4D486E616B6A8A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
204
DNS requests
57
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
884
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHe9DgdC1dnp0EnXdNAqb5o%3D
US
der
1.40 Kb
whitelisted
884
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gsgccr3dvtlsca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQoKOHJRQbCE%2B3DXqwFiztBxLYdhwQUDZjAc3%2Brvb3ZR0tJrQpKDKw%2Bx3wCDFXiIwtVdxSrdOktRw%3D%3D
US
der
1.39 Kb
whitelisted
884
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D
US
der
471 b
whitelisted
884
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
884
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAeYNgOt45kIIZygDCe8imw%3D
US
der
471 b
whitelisted
884
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCNSku3hulioQoAAAABK4BF
US
der
472 b
whitelisted
884
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
884
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC04WHG3wyS9QoAAAABK3x8
US
der
472 b
whitelisted
884
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEkrFZmvKd3rCgAAAAErfGA%3D
US
der
471 b
whitelisted
884
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEFKxQHtEPcBCgAAAAErfHU%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3336
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3336
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
884
iexplore.exe
67.27.235.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
3336
iexplore.exe
67.27.235.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
884
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3336
iexplore.exe
212.118.156.43:443
stc.com.sa
Saudi Telecom Company JSC
SA
unknown
884
iexplore.exe
212.118.156.43:443
stc.com.sa
Saudi Telecom Company JSC
SA
unknown
884
iexplore.exe
142.250.184.200:443
www.googletagmanager.com
Google Inc.
US
suspicious
884
iexplore.exe
142.250.185.131:80
ocsp.pki.goog
Google Inc.
US
whitelisted
884
iexplore.exe
2.18.235.40:443
z.moatads.com
Akamai International B.V.
whitelisted

DNS requests

Domain
IP
Reputation
stc.com.sa
  • 212.118.156.43
whitelisted
ctldl.windowsupdate.com
  • 67.27.235.254
  • 8.248.131.254
  • 67.27.235.126
  • 8.248.119.254
  • 67.26.83.254
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.stc.com.sa
  • 212.118.156.43
suspicious
use.fontawesome.com
  • 172.67.214.69
  • 104.21.78.7
whitelisted
my.stc.com.sa
  • 212.118.156.42
unknown
s7.addthis.com
  • 23.53.168.186
whitelisted
www.googletagmanager.com
  • 142.250.184.200
whitelisted

Threats

PID
Process
Class
Message
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
884
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info