analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://61eed9510044a.site123.me/

Full analysis: https://app.any.run/tasks/e943ac8b-3289-4d27-9306-7b6aac5a2e17
Verdict: Malicious activity
Analysis date: January 24, 2022, 19:50:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

F28834134E93800C5AA01ED0E56C0C1C

SHA1:

2F87C140DD685F33E04C1F0C3064E33F787EC0EB

SHA256:

BB640A06C113BA5C872D5DAAE6690B34007DA87A35C05C2E231D837ED6203222

SSDEEP:

3:N8nELe8v:2nies

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2684)
      • iexplore.exe (PID: 3260)
  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 1472)
    • Reads the computer name

      • iexplore.exe (PID: 1472)
      • iexplore.exe (PID: 2684)
      • iexplore.exe (PID: 3260)
    • Checks supported languages

      • iexplore.exe (PID: 2684)
      • iexplore.exe (PID: 1472)
      • iexplore.exe (PID: 3260)
    • Application launched itself

      • iexplore.exe (PID: 1472)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 1472)
      • iexplore.exe (PID: 2684)
      • iexplore.exe (PID: 3260)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2684)
      • iexplore.exe (PID: 1472)
      • iexplore.exe (PID: 3260)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3260)
      • iexplore.exe (PID: 2684)
    • Creates files in the user directory

      • iexplore.exe (PID: 2684)
    • Changes settings of System certificates

      • iexplore.exe (PID: 1472)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1472)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1472"C:\Program Files\Internet Explorer\iexplore.exe" "https://61eed9510044a.site123.me/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2684"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1472 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3260"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1472 CREDAT:3544332 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
21 887
Read events
21 725
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
27
Text files
43
Unknown types
22

Dropped files

PID
Process
Filename
Type
1472iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:2DCEE6D5EF97DA9E21D15667FED16677
SHA256:E720C267C23ED513D877F677A3A2B18A617EDE08585E80DF825536250C1ABA09
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D6243C18F0F8F9AEC6638DD210F1984_128BFDBFE9A69E4C89436344CB65A663der
MD5:E1A0554883E9DC5906DE5A04C5300BE9
SHA256:14F3F165E5B2E1C178966294D18835E24B7E83B445D7F0FD5D005D8DE9FE1FA7
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_5D12B27DB61E47C0D274263D60A1CC4Cbinary
MD5:2EB842EE44AAD89238A950C72D2F1C6B
SHA256:37E5BAF1305FA1F898CE589B34895580D1D644A37AFD35F1839021BA91EB3B38
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894der
MD5:66AC5821D9411B705625FCA94EE499AC
SHA256:4831A86CB2F055A977DA2EDF4E6108FE853DEFF5B1A6529DEF45B36D071735F2
2684iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\minimize_scripts[1].jstext
MD5:A15390D1F088DBAF92461992B8BCD428
SHA256:223584C6938CDF5E833D4F653F8FF830B4076392BE7B3C17B788B62FC1C3190C
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6A2279C2CA42EBEE26F14589F0736E50der
MD5:8B153254225CF81983BAA0400492B53E
SHA256:A3EB96967C5F501B5E14CF4E0A2BB4B9DFA8933352C973A1EAE89C321804BC25
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:EDF15A25BA22A269E604995719B022F5
SHA256:73360EBF35874C013A86894F5791803142E31D7E6B20B405991A63CC06AE827D
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4Fbinary
MD5:55BD6ACDD915C318374BBCBFE0E42F2B
SHA256:4FC6679D8CC69E644AFA9AF9164F65273AB9F67AB45159EAB37FF648630E1DBE
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:C3820CF6A93933015CF5A8B398B21BDE
SHA256:0BFB8F843AA99A9116D286A7C2499C427DFBB03F750209B58EB3354C4F28E5F9
2684iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6A2279C2CA42EBEE26F14589F0736E50binary
MD5:CC3C9D261DC833E3F10089256C46B7BD
SHA256:9C438C77079CA3DD4657A06B518A71B7480677DB24B103A8148A947478C5E7EE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
78
DNS requests
38
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1472
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2684
iexplore.exe
GET
200
54.192.97.207:80
http://s.ss2.us/r.crl
US
der
434 b
whitelisted
2684
iexplore.exe
GET
200
54.192.97.55:80
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAqjup3mm2QhF9tG8FK4Jg0%3D
US
der
471 b
whitelisted
2684
iexplore.exe
GET
200
172.217.18.99:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC2PrP09fGo%2BgoAAAABK3x6
US
der
472 b
whitelisted
2684
iexplore.exe
GET
200
23.32.238.51:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgTH3AxNkx3CyrjmmfJKw4Sh2Q%3D%3D
US
der
503 b
shared
2684
iexplore.exe
GET
200
54.192.97.55:80
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAzH7m6V6YB9afmx6JuhmSs%3D
US
der
471 b
whitelisted
2684
iexplore.exe
GET
200
172.217.18.99:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
2684
iexplore.exe
GET
200
172.217.18.99:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
2684
iexplore.exe
GET
200
23.45.105.185:80
http://x1.c.lencr.org/
NL
der
717 b
whitelisted
2684
iexplore.exe
GET
200
65.9.47.81:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2684
iexplore.exe
54.192.97.207:80
s.ss2.us
Amazon.com, Inc.
US
unknown
1472
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2684
iexplore.exe
99.83.229.146:443
61eed9510044a.site123.me
AT&T Services, Inc.
US
unknown
2684
iexplore.exe
23.32.238.201:80
ctldl.windowsupdate.com
XO Communications
US
suspicious
2684
iexplore.exe
65.9.47.81:80
ocsp.rootg2.amazontrust.com
AT&T Services, Inc.
US
whitelisted
2684
iexplore.exe
65.9.47.177:80
o.ss2.us
AT&T Services, Inc.
US
unknown
2684
iexplore.exe
89.187.169.47:443
cdn-cms.f-static.com
CZ
malicious
2684
iexplore.exe
65.9.49.102:443
cdn-cms-s.f-static.net
AT&T Services, Inc.
US
unknown
65.9.49.102:443
cdn-cms-s.f-static.net
AT&T Services, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
61eed9510044a.site123.me
  • 99.83.229.146
unknown
ctldl.windowsupdate.com
  • 23.32.238.201
  • 23.32.238.208
whitelisted
o.ss2.us
  • 65.9.47.177
  • 65.9.47.161
  • 65.9.47.106
  • 65.9.47.140
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
s.ss2.us
  • 54.192.97.207
  • 54.192.97.138
  • 54.192.97.22
  • 54.192.97.36
whitelisted
ocsp.rootg2.amazontrust.com
  • 65.9.47.81
  • 65.9.47.198
  • 65.9.47.224
  • 65.9.47.218
whitelisted
ocsp.rootca1.amazontrust.com
  • 65.9.47.81
  • 65.9.47.198
  • 65.9.47.224
  • 65.9.47.218
shared
ocsp.sca1b.amazontrust.com
  • 54.192.97.55
  • 54.192.97.62
  • 54.192.97.77
  • 54.192.97.220
whitelisted

Threats

No threats detected
No debug info