analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://sprunge.us/UMWefq

Full analysis: https://app.any.run/tasks/051bd4e3-4220-4b14-9eed-17c0cc2c01b1
Verdict: Malicious activity
Analysis date: February 25, 2022, 07:14:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

A91491D2D6AA31861B29F71EF44FDDE2

SHA1:

0135BAB36C14ADB1C1F91C8DF67BCB9D9C6DDC4A

SHA256:

B9BA6D8EDC0F169D48E94D05703AF5886B0F5759660B3F8C093D89C5977BD66D

SSDEEP:

3:N1KNVA2fNwoPU:CgkNdPU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 4044)
  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1012)
    • Checks supported languages

      • iexplore.exe (PID: 1012)
      • iexplore.exe (PID: 4044)
    • Reads the computer name

      • iexplore.exe (PID: 4044)
      • iexplore.exe (PID: 1012)
    • Application launched itself

      • iexplore.exe (PID: 1012)
    • Reads internet explorer settings

      • iexplore.exe (PID: 4044)
    • Changes internet zones settings

      • iexplore.exe (PID: 1012)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1012)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1012"C:\Program Files\Internet Explorer\iexplore.exe" "http://sprunge.us/UMWefq"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
4044"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1012 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
6 514
Read events
6 399
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
6
Text files
7
Unknown types
2

Dropped files

PID
Process
Filename
Type
1012iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:D619223604A0B9B12CE4F87193FCD342
SHA256:2A88B6668AB4B6272150597F4E0CFDC51CB71A3F0F2CFBDC070AA2F3FB4DF17C
1012iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f7ruq93\imagestore.datbinary
MD5:BEECC95442A2B6FBB9DB49767DD21D23
SHA256:C752E3AC5F0B30516D7DB87AF3E30D320B5EF85A942EA8E8C944248AC66D2E0A
1012iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:C8EA92D36DE4F9E527942FC2F4A18C6C
SHA256:34A62F7B8D44453BD4E4CAB537E800762768E255384E4F6A8B1B3735840193C5
1012iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:E394DC6AFD3CBF24E7BC3210B89C6313
SHA256:39932C90CEE0399BFABA64A7C767BD09F75DF851B3C9F6DB9771BE3EF02C8AF9
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\UMWefq[1].txttext
MD5:C954A7D90AE6E1F6FF43B8AEF295CE57
SHA256:BEFC007B151FEDB274698CB6664E8E77A6954900441329BB9D554CBAC1026343
1012iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:51F1DA216B83C9ECD2B9D6B205019CD4
SHA256:87FC148B2EE8FA28F84401A35C97868AC8311865F54D85515103D2AFA095BDCC
1012iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:523A10D626A1C2453BD4B21160903BF5
SHA256:F891AD05911448C942CC6853EF26B3AADF36C3D0849732468227ED6301F160E9
1012iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:946A12BE7CA49AF0687E3FF164141D6E
SHA256:7BC9E6EBDB27431725091A0E58108749D3A839351197B795CADC00A0ABED9BB1
1012iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
1012iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
21
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1012
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
1012
iexplore.exe
GET
200
216.239.36.21:80
http://sprunge.us/favicon.ico
US
image
2.02 Kb
malicious
1012
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
4044
iexplore.exe
GET
200
216.239.38.21:80
http://sprunge.us/UMWefq
US
text
9.99 Kb
malicious
1012
iexplore.exe
GET
200
23.32.238.201:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e2e8e5ce9f82fa4a
US
compressed
4.70 Kb
whitelisted
1012
iexplore.exe
GET
200
23.32.238.178:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?28607792bead65ac
US
compressed
4.70 Kb
whitelisted
1012
iexplore.exe
GET
200
23.32.238.201:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f3bf329def77ad5d
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1012
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1012
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1012
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
4044
iexplore.exe
216.239.34.21:80
sprunge.us
Google Inc.
US
whitelisted
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1012
iexplore.exe
23.32.238.201:80
ctldl.windowsupdate.com
XO Communications
US
suspicious
1012
iexplore.exe
216.239.36.21:80
sprunge.us
Google Inc.
US
whitelisted
4044
iexplore.exe
216.239.38.21:80
sprunge.us
Google Inc.
US
whitelisted
1012
iexplore.exe
23.32.238.178:80
ctldl.windowsupdate.com
XO Communications
US
suspicious

DNS requests

Domain
IP
Reputation
sprunge.us
  • 216.239.36.21
  • 216.239.34.21
  • 216.239.38.21
  • 216.239.32.21
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ctldl.windowsupdate.com
  • 23.32.238.201
  • 23.32.238.178
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

No threats detected
No debug info