analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://xsd.i-xinnuo.com/interface/getMessageByPhoneSh

Full analysis: https://app.any.run/tasks/0e41cb6c-2f06-420a-a08d-2e44f577f963
Verdict: Malicious activity
Analysis date: August 12, 2022, 17:09:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

019E521DE3207331CD4D23C1F8204906

SHA1:

9D2426BF53E0B644930A702B7D564D7312AED623

SHA256:

C1474F8B00C801C25F653126D2FF47720A3E9D394DD979C0434165E25519D263

SSDEEP:

3:N1KGWBM/QQGOjCARoAiDncq1:CGzQCjC0ov7cq1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2560)
    • Checks supported languages

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 1764)
    • Executed via COM

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 1764)
    • Reads the computer name

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 1764)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 1300)
      • iexplore.exe (PID: 2560)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 1300)
      • iexplore.exe (PID: 2560)
    • Reads the computer name

      • iexplore.exe (PID: 1300)
      • iexplore.exe (PID: 2560)
    • Changes internet zones settings

      • iexplore.exe (PID: 1300)
    • Application launched itself

      • iexplore.exe (PID: 1300)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1300)
      • iexplore.exe (PID: 2560)
    • Reads CPU info

      • iexplore.exe (PID: 2560)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2560)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_32_0_0_453_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1300"C:\Program Files\Internet Explorer\iexplore.exe" "http://xsd.i-xinnuo.com/interface/getMessageByPhoneSh"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2560"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1300 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1764C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 32.0 r0
Version:
32,0,0,453
Total events
9 922
Read events
9 800
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
9
Text files
20
Unknown types
42

Dropped files

PID
Process
Filename
Type
1300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:2622B25ED7C47D50CF0D68F33D8436E6
SHA256:1C1202CC7AD0FB90DB025BED264642823BCB1877EF27C37A1751E9E34F057732
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_921BE9E73A3C82AB657C47E682C898DDbinary
MD5:D7C1246D9C6C70B0ACF0424762A71C9D
SHA256:AA54B484CCD1A30B9A6C8978401EA4110BC11184840DA9AADBA23BB3124A4572
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96Cbinary
MD5:2813F0A97587E901B2271554BE00FC76
SHA256:FA3C7E7E0B7A71E9D146488B8AA3A581A3C1215FA38B3A87FA5B3DCB3E554474
1300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:EE87BB11E233C12009CC11725035DBDC
SHA256:D82930A5B051B3C3F1639C24E83BDDF41D5AA66E467A0944D1AC3D59AE6330C5
1300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:290A85BD3E7285CDEDA1602A9E12A7DF
SHA256:17AE86541BE373B2DB8A4B77D7E7626966637E5A6052F290A3B598A56F5123C9
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96Cder
MD5:90633DEDED62F174544D78B1F56FA0B3
SHA256:0B2606D46FE3BA5EC4E4CC201B31536CE6C24E7E93806A7AE011467D9135A34D
2560iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_921BE9E73A3C82AB657C47E682C898DDder
MD5:1E9101DFD13ED4BBB06B452B9643DA39
SHA256:10D091330C053FF1652FDD6E95684F2B582A703D15F53814927DC981582B6697
1300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:40A4AA795AC816CD6894D3C367911EA2
SHA256:AA13C173DC15D137CCB6C608B4CBC81F0221392B6A8F3B7CADE3C4FF09BDE0CF
1300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:FF6BA9D2B33E3A3EFBD8C4AD886E52E7
SHA256:B8F28319DD70541602805C0CCD14D0D7978CE56A1E906DB88F2BA43C44D65209
1300iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
23
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2560
iexplore.exe
GET
200
151.101.194.133:80
http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAClI7gXH%2BO77G3q7w%3D%3D
US
der
1.42 Kb
whitelisted
2560
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
US
der
1.41 Kb
whitelisted
1300
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2560
iexplore.exe
GET
405
47.102.227.29:80
http://xsd.i-xinnuo.com/interface/getMessageByPhoneSh
CN
html
3.32 Kb
malicious
1300
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?490b0c482e9c8a51
US
compressed
4.70 Kb
whitelisted
2560
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
1300
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1300
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1300
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
1300
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2560
iexplore.exe
47.102.227.29:80
xsd.i-xinnuo.com
Hangzhou Alibaba Advertising Co.,Ltd.
CN
unknown
2560
iexplore.exe
203.119.211.244:443
errors.aliyun.com
CN
unknown
1300
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2560
iexplore.exe
151.101.194.133:80
ocsp2.globalsign.com
Fastly
US
suspicious
1300
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
xsd.i-xinnuo.com
  • 47.102.227.29
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
errors.aliyun.com
  • 203.119.211.244
unknown
ocsp.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
ocsp2.globalsign.com
  • 151.101.194.133
  • 151.101.130.133
  • 151.101.66.133
  • 151.101.2.133
whitelisted
assets.alicdn.com
  • 104.111.216.213
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info