analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/index.php

Full analysis: https://app.any.run/tasks/7562b7ed-0509-449e-94e9-81ecec871f6e
Verdict: Malicious activity
Analysis date: January 18, 2019, 03:03:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
phishing
opendir
Indicators:
MD5:

1D384EE6C0A945BACA2C52EAAF15A326

SHA1:

148D9F4476659FBF7E77F511D1E6427C5F20767D

SHA256:

B72810DD89783535DE729E47F88F9929AE118EC8FC7484AB085BDA5BD515B0A8

SSDEEP:

3:N1KQ3WYhmGNN54KXuGTeEMLKBbQadXL6hHn:CQ3WGxhHeGvRBMsXLQHn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2956)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3108)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3108)

    • Application launched itself

      • iexplore.exe (PID: 2956)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2956"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3108"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2956 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
363
Read events
301
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
8
Unknown types
2

Dropped files

PID
Process
Filename
Type
2956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
2956iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3108iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[1].php
MD5:
SHA256:
2956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico
MD5:
SHA256:
2956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
MD5:
SHA256:
3108iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\index[1].htmhtml
MD5:43843F0B75AAC6A5FC35EDD6969AC713
SHA256:19E9046AA7E317D28494EFAB031563D8689F70EB334AE66D49482E8DC537CBEE
3108iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\SpryValidationTextField[1].jstext
MD5:7947CB5A92373E747F786ADFE1D49356
SHA256:69E875128ADEEDBC8AA1221B7EBFFB20B484685964F4AB9A9772CE2146E52D48
3108iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jquery.ddslick.min[1].jshtml
MD5:F0DC534351E239E07D258ADCDE7A63CD
SHA256:62FBCAFC088683257DF72B1024258E899E138BFE56E97AE3C7DA39312F77CB49
3108iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011820190119\index.datdat
MD5:4911503F116D97EFA66C2DB70BB3244C
SHA256:E954761E4E6E44D435A4B8983B7F3DD12087978C0AC3AAE0CAABDE72B6388DB3
2956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011820190119\index.datdat
MD5:512E84F43A2CF8E69C5123169F011441
SHA256:CA89EE063D40F7C346B295CA52B88C3F09D530B99670F42FC2BDE4B2923EF631
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
9
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3108
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/index.php
NL
html
4.96 Kb
malicious
2956
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/dropbox_files/favicon.ico
NL
image
1.19 Kb
malicious
3108
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/SpryAssets/SpryValidationPassword.css
NL
text
878 b
malicious
3108
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/dropbox_files/jquery.ddslick.min.js
NL
html
2.31 Kb
malicious
3108
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/SpryAssets/SpryValidationTextField.js
NL
text
16.7 Kb
malicious
3108
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/dropbox_files/dropboxbkg.png
NL
image
42.7 Kb
malicious
3108
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/dropbox_files/dropboxlogo.png
NL
image
13.2 Kb
malicious
3108
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/dropbox_files/jquery.min.js
NL
html
32.8 Kb
malicious
3108
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/dropbox_files/dropbox.jpeg
NL
image
8.51 Kb
malicious
3108
iexplore.exe
GET
200
84.22.102.75:80
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/SpryAssets/SpryValidationTextField.css
NL
text
1.04 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3108
iexplore.exe
84.22.102.75:80
newshop.dutchhealthstore.com
Tilaa B.V.
NL
suspicious
2956
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2956
iexplore.exe
84.22.102.75:80
newshop.dutchhealthstore.com
Tilaa B.V.
NL
suspicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
newshop.dutchhealthstore.com
  • 84.22.102.75
malicious

Threats

PID
Process
Class
Message
3108
iexplore.exe
A Network Trojan was detected
ET INFO Suspicious Dropbox Page - Possible Phishing Landing
3108
iexplore.exe
Potentially Bad Traffic
ET CURRENT_EVENTS Possible Dropbox Phishing Landing - Title over non SSL
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://newshop.dutchhealthstore.com/Domain/db/dropbox/dropbox/index.php