analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| URL: | http://gg.gg/LHWxbX |
| Full analysis: | https://app.any.run/tasks/da9a9213-b7b0-46cd-bb42-af0606dc104b |
| Verdict: | Malicious activity |
| Analysis date: | November 08, 2019, 16:44:49 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 505585B8C04F076D15849F16213CF9F8 |
| SHA1: | A37E1F77A555EF59619C2827476036E8C5B63CF1 |
| SHA256: | BD5FE156CB65ED59E46823B59755F1EE234D1E2F8195ADAC54E068A175232085 |
| SSDEEP: | 3:N1KZCLBKpm:C8Qpm |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
Changes internet zones settings
- iexplore.exe (PID: 2524)
Creates files in the user directory
- iexplore.exe (PID: 2524)
- iexplore.exe (PID: 3116)
Reads internet explorer settings
- iexplore.exe (PID: 3116)
Application launched itself
- iexplore.exe (PID: 2524)
Reads Internet Cache Settings
- iexplore.exe (PID: 3116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2524 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
| 3116 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2524 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
Total events
373
Read events
312
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
30
Unknown types
6
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2524 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
| 2524 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
| 3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89NU8UP2\app1_box-en_com[1].txt | — | |
MD5:— | SHA256:— | |||
| 3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89NU8UP2\lang-en-AUlang-en-CAlang-en-GBlang-en-USlang-en-x-pseudo[1].js | text | |
MD5:9BCCCA5979199B48DD2DCD6BAC31CDCA | SHA256:860E3603A72F16B016D971C6FA67386D8C1398A44A896F896082B6F7CDF2CC78 | |||
| 3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WNXASJSG\app[1].css | text | |
MD5:E1CDAC68616C72072A9E4275122B5FB1 | SHA256:4FE69F7A26CAD4DEA0D51BA1D2E6A281EAF28FDD186D42DEF20B0BA5D4133256 | |||
| 3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8DOBKWV6\uploads-manager-enduser[1].css | text | |
MD5:E73A14C7F316D07AA832A7B871F3DE79 | SHA256:E8AFB2C11671E96F5E8602AF801D0064376D93C71D852C1B76D4047BD603CBEC | |||
| 3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WNXASJSG\feedpreview-components[1].css | text | |
MD5:E87193CD13CE95F98BA00BDB2A511C8D | SHA256:B7830E8688532BCC7C08DE1E6725C7A8E1A9911DC2FA73CCB247C0AA96776700 | |||
| 3116 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:2F4E714450B8EE08C26EF84517045191 | SHA256:C56E44BAD6363FAC4CC90CFCCB174E64AC2E7BA33BF9E95420473DBE140DFAC1 | |||
| 3116 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:F3C1BC0FD29E917DAF787760558ED910 | SHA256:8541034EB08187EBFD27E79477C7CCF81AB56AD53DF464F68B97CD4C14A671D4 | |||
| 3116 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@gg[1].txt | text | |
MD5:D60F571664658E4A5FBF467A4F6032EE | SHA256:F851A7D8CB34CA56CAD1640162C23F3E2E9F32CAC234A3866E7FE5AAA6C2CB73 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
15
DNS requests
8
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
3116 | iexplore.exe | GET | 301 | 91.224.140.71:80 | http://gg.gg/LHWxbX | NL | — | — | shared |
2524 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 91.224.140.71:80 | gg.gg | Innovation IT Solutions LTD | NL | suspicious |
3116 | iexplore.exe | 45.67.228.39:443 | app1.box-en.com | — | — | suspicious |
2524 | iexplore.exe | 104.16.74.20:443 | cdn01.boxcdn.net | Cloudflare Inc | US | shared |
— | — | 104.16.74.20:443 | cdn01.boxcdn.net | Cloudflare Inc | US | shared |
3116 | iexplore.exe | 88.99.66.31:443 | iplogger.org | Hetzner Online GmbH | DE | malicious |
2524 | iexplore.exe | 104.18.103.56:443 | cdn01.boxcdn.net | Cloudflare Inc | US | shared |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.bing.com |
| whitelisted |
gg.gg |
| shared |
app1.box-en.com |
| suspicious |
iplogger.org |
| shared |
box-en.com |
| suspicious |
cdn01.boxcdn.net |
| whitelisted |
dns.msftncsi.com |
| shared |
Threats
3 ETPRO signatures available at the full report