URL:

www.syscarelogics.biz

Full analysis: https://app.any.run/tasks/005ea619-76d7-4ec4-a9cf-b165212ecc69
Verdict: Malicious activity
Analysis date: February 21, 2024, 13:20:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
sinkhole
Indicators:
MD5:

247EAEDEADA0AD74240A47B027E79E10

SHA1:

F3CEF5D8525EAE47492BDBA9876D643F1055A46A

SHA256:

BD69F74753DEE02964CC6E91072B413C0BB080A11854A39AB1970EAA9E753176

SSDEEP:

3:EZEXACgf:BXACgf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3668)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3724)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3724)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3724)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3668"C:\Program Files\Internet Explorer\iexplore.exe" "www.syscarelogics.biz"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3724"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3916"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3668 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
12 402
Read events
12 265
Write events
100
Delete events
37

Modification events

(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31089864
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31089864
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
8
Text files
19
Unknown types
6

Dropped files

PID
Process
Filename
Type
3668iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3668iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\6MWFC36F.txttext
MD5:1099CBED0BEA0EC7D1015B7ABA6DB2D6
SHA256:26AAC4E1F4804F82BA57ECAA84741F7A8BE67FEDE9461C8A723386CA8515D2E9
3668iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\BM55N9RC.txttext
MD5:1468BAA76F0EA736533CC5FC7D454B91
SHA256:97864AF5C597751726AEEB2E579A5C3E0FAACFAC29DADA7E054B670EAF734F9E
3916iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\060EYAQY.txttext
MD5:2559C0C8202930552141C5979DAD3CBF
SHA256:EDC703C9E4CE88CBFE9FD266399C70DF3B108F62896A0192256B099BD183D634
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Ader
MD5:020AF59720744EBB51E3781D530BFE0D
SHA256:605AC01026879D163DFB3B6B8C89EA9D31583E99C19BBAB3115DA7D3A2BA9B5E
3916iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\7JONOM7H.txttext
MD5:AECD550D4921A21983769E538593271E
SHA256:70E19035F9E3D915D094B1ABBB51F1ED7DE328FBA4DE2CD1D82C2C297638DC01
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:00B64190864A192FE69FCE55FF554269
SHA256:5C5835E0ADA2B1724FF39845FD518C85EF3F6CF4D276BE89573CE4254DA7955B
3668iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xmlxml
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10
SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177der
MD5:8486327D29ADA289CBCC72201256E614
SHA256:F3160BE87D7C6FE7051257F46EC20009BF6118355BC6857D714A7B518FA0A20D
3668iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:BA4170FD9595A9FC06EED5C6CDD15BCF
SHA256:982E6018FA1950C2CF760D914514D53ED10E36B8A9CBC2A9610FEA8C86AD17A5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
23
DNS requests
14
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3668
iexplore.exe
GET
200
34.67.9.172:80
http://www.syscarelogics.biz/favicon.ico
unknown
binary
20 b
3916
iexplore.exe
GET
200
34.67.9.172:80
http://www.syscarelogics.biz/
unknown
binary
20 b
3668
iexplore.exe
GET
304
46.228.146.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?70d85e3b0e586cab
unknown
3668
iexplore.exe
GET
304
46.228.146.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?96c8eb5dfc595a04
unknown
3668
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
312 b
3668
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
1080
svchost.exe
GET
200
46.228.146.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e2ddf83a2417bb20
unknown
compressed
65.2 Kb
1080
svchost.exe
GET
304
46.228.146.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?624d1ab720bef5f8
unknown
compressed
65.2 Kb
3668
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
unknown
binary
471 b
3668
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D
unknown
binary
471 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown
3916
iexplore.exe
34.67.9.172:80
www.syscarelogics.biz
GOOGLE-CLOUD-PLATFORM
US
unknown
3668
iexplore.exe
34.67.9.172:80
www.syscarelogics.biz
GOOGLE-CLOUD-PLATFORM
US
unknown
3668
iexplore.exe
92.123.104.59:443
www.bing.com
Akamai International B.V.
DE
unknown
3668
iexplore.exe
46.228.146.0:80
ctldl.windowsupdate.com
LLNW
US
unknown
3668
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
3668
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
unknown
1080
svchost.exe
46.228.146.0:80
ctldl.windowsupdate.com
LLNW
US
unknown

DNS requests

Domain
IP
Reputation
www.syscarelogics.biz
  • 34.67.9.172
unknown
api.bing.com
  • 13.107.5.80
unknown
www.bing.com
  • 92.123.104.59
  • 92.123.104.57
  • 92.123.104.63
  • 92.123.104.53
  • 92.123.104.64
  • 92.123.104.60
  • 92.123.104.62
  • 92.123.104.54
  • 92.123.104.56
unknown
ctldl.windowsupdate.com
  • 46.228.146.0
  • 46.228.146.128
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
iecvlist.microsoft.com
  • 152.199.19.161
unknown
r20swj13mr.microsoft.com
  • 152.199.19.161
unknown
ieonline.microsoft.com
  • 204.79.197.200
unknown
go.microsoft.com
  • 23.35.238.131
unknown
www.msn.com
  • 204.79.197.203
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Observed DNS Query to .biz TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .biz TLD
A Network Trojan was detected
ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
www.syscarelogics.biz