analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.mediafire.com/file/kxyrlxrujr9du2o/Master_in_Hacking_with_XSS_Cross_Site_Scripting_Downloaded_By_Muhammad_Zubair.zip/file

Full analysis: https://app.any.run/tasks/0440ae4c-58c6-4171-bb30-39b972253a28
Verdict: Malicious activity
Analysis date: January 24, 2022, 19:55:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

EA6F6A3080EEB488914807B2D6DFEC82

SHA1:

71E1BBACBD964F505FD50188ECE1C8DF54C87604

SHA256:

C190FBECAEF081BD6768486E99C69D37EFE2583F6B1091162A7075FA6BE0744F

SSDEEP:

3:N1KJS4w3eGUoPXJV8Bhmy5QgcuWdV66kz2BdDYEaHlIVY9:Cc4w3eGDJgP5idVzkzWFM7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3736)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 2220)
      • iexplore.exe (PID: 3736)

    • Checks supported languages

      • iexplore.exe (PID: 2220)
      • iexplore.exe (PID: 3736)

    • Application launched itself

      • iexplore.exe (PID: 2220)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3736)
      • iexplore.exe (PID: 2220)

    • Changes internet zones settings

      • iexplore.exe (PID: 2220)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3736)

    • Creates files in the user directory

      • iexplore.exe (PID: 3736)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2220)
      • iexplore.exe (PID: 3736)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2220"C:\Program Files\Internet Explorer\iexplore.exe" "http://www.mediafire.com/file/kxyrlxrujr9du2o/Master_in_Hacking_with_XSS_Cross_Site_Scripting_Downloaded_By_Muhammad_Zubair.zip/file"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3736"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2220 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
20 989
Read events
20 884
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
12
Text files
21
Unknown types
10

Dropped files

PID
Process
Filename
Type
3736iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_F105773D1FB0AC7088EC8BBEDEF850B8der
MD5:F301A5959362CC13B7DE04C29503D310
SHA256:98B10D20447DBCDA628027E2B014C706CF37B4884A602173A0F3DC6B483F5568
3736iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\tag[1].jstext
MD5:7A698F8D9BCB69BC39039C6510AA6927
SHA256:B12FD7B55A5307DDAD640B1E3229E477B56C068559F9EA7B7787F5B3B312B78C
3736iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:494A7483CEAF488A79CB45418E88ECCD
SHA256:9A65904F97742B3D8844EFAFCE7D9E9DA7C1B96A8FDE541E718768AE68293D50
3736iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\52MGEK67.txttext
MD5:167133F3C0B3732A6DEBF8A7EB661390
SHA256:E3E8F683B1E1CA7002F6F7CC1BAD98C58C4D06D94F4186867477BE9F38486E80
3736iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2PCAOW3.txttext
MD5:51802768812EBA8FD1EE62FCC7161F24
SHA256:18DA5C4902B6130B2B61AD4D1DEF945B68538C86D3E2D0DAE6B4717346DF1B1B
2220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:47ADE8B6D84C5840EE606D750C836B74
SHA256:1AA7BB18C7BB96B156B00FAC446AA07DEB304747E01257CA8D50081717518F2F
3736iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VO4EV34.txttext
MD5:BD35E84EE56660559C84D38A1262EF77
SHA256:2819A8A5020163C775D82D893829EC59ABD42953A9368B97654BACB5D90D3DF1
3736iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:CE02D137255EB217268E631E792F16F6
SHA256:16D7C8D20A7AB0AF46C829D90DFF4448BD5283185BC8B8D0186B1B57A42C2DF8
3736iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\file[1].htmhtml
MD5:B4EF637D55D615917181A4EBD9459562
SHA256:8324504DB7C1AB61CE8A4F54033F20A39EDACBAE25F1E1F04E0CBF93408CBB82
3736iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNCR7ALM.txttext
MD5:989619047A8FDF74099BA74365598436
SHA256:DCC10C691CA5CA8F04DC71D788620D943FA42D3E156116598535E64D2DB4AC10
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
59
DNS requests
33
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3736
iexplore.exe
GET
104.16.202.237:80
http://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png
US
shared
3736
iexplore.exe
GET
301
142.250.185.78:80
http://translate.google.com/translate_a/element.js?cb=googFooterTranslate
US
whitelisted
3736
iexplore.exe
GET
200
104.16.203.237:80
http://www.mediafire.com/file/kxyrlxrujr9du2o/Master_in_Hacking_with_XSS_Cross_Site_Scripting_Downloaded_By_Muhammad_Zubair.zip/file
US
html
83.1 Kb
shared
3736
iexplore.exe
GET
200
104.16.202.237:80
http://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg
US
image
300 b
shared
3736
iexplore.exe
GET
200
104.16.203.237:80
http://www.mediafire.com/images/icons/svg_light/icons_sprite.svg
US
image
8.18 Kb
shared
3736
iexplore.exe
GET
200
104.16.202.237:80
http://static.mediafire.com/images/filetype/file-zip-v3.png
US
image
1.83 Kb
shared
3736
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3736
iexplore.exe
GET
200
104.16.202.237:80
http://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png
US
image
7.95 Kb
shared
3736
iexplore.exe
GET
200
104.16.202.237:80
http://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
US
image
583 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3736
iexplore.exe
142.250.184.200:443
www.googletagmanager.com
Google Inc.
US
suspicious
3736
iexplore.exe
142.250.74.206:443
fundingchoicesmessages.google.com
Google Inc.
US
whitelisted
3736
iexplore.exe
142.250.185.78:443
translate.google.com
Google Inc.
US
whitelisted
3736
iexplore.exe
142.250.185.78:80
translate.google.com
Google Inc.
US
whitelisted
3736
iexplore.exe
18.66.242.149:443
cdn.amplitude.com
Massachusetts Institute of Technology
US
unknown
3736
iexplore.exe
104.16.203.237:80
www.mediafire.com
Cloudflare Inc
US
unknown
3736
iexplore.exe
104.16.94.65:443
static.cloudflareinsights.com
Cloudflare Inc
US
shared
3736
iexplore.exe
104.26.7.139:443
btloader.com
Cloudflare Inc
US
suspicious
192.168.100.2:53
whitelisted
3736
iexplore.exe
104.16.202.237:80
www.mediafire.com
Cloudflare Inc
US
unknown

DNS requests

Domain
IP
Reputation
www.microsoft.com
whitelisted
www.mediafire.com
  • 104.16.203.237
  • 104.16.202.237
shared
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
  • 131.253.33.200
  • 13.107.22.200
whitelisted
www.googletagmanager.com
  • 142.250.184.200
whitelisted
btloader.com
  • 104.26.7.139
  • 172.67.70.134
  • 104.26.6.139
whitelisted
translate.google.com
  • 142.250.185.78
whitelisted
static.cloudflareinsights.com
  • 104.16.94.65
  • 104.16.95.65
whitelisted
fundingchoicesmessages.google.com
  • 142.250.74.206
whitelisted
cdn.amplitude.com
  • 18.66.242.149
  • 18.66.242.40
  • 18.66.242.100
  • 18.66.242.6
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.mediafire.com/file/kxyrlxrujr9du2o/Master_in_Hacking_with_XSS_Cross_Site_Scripting_Downloaded_By_Muhammad_Zubair.zip/file