download:

index.html

Full analysis: https://app.any.run/tasks/2271128e-8ae6-49fe-90a0-bb681a4743d9
Verdict: Malicious activity
Analysis date: March 16, 2018, 16:04:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
MD5:

2C3A42B8EF09AEE4913EE7A61E8E3972

SHA1:

CF17E92909C7FC34E780E2C44732884CAD7E459A

SHA256:

C1C2FA7E8BDDDA36E98A960F2E79E7B82F0A45090EAB1437E5272F157A7B3EB5

SSDEEP:

1536:geBn6g6dZhOr/ztqmXY8ekQpPCWrlXBuPWoi8rJPI4T8Vya+dYdLEvw0nOqkQz76:gUn6gzWoi8rJPI4T8Vya+dYdLEvw0nOz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes settings of System certificates

      • iexplore.exe (PID: 3184)

    • Changes internet zones settings

      • iexplore.exe (PID: 2780)

  • SUSPICIOUS

    • Application launched itself

      • iexplore.exe (PID: 2780)

    • Writes to a desktop.ini file (may be used to cloak folders)

      • iexplore.exe (PID: 2780)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3184)

    • Starts Internet Explorer

      • iexplore.exe (PID: 2780)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3184)

    • Creates files in the user directory

      • iexplore.exe (PID: 3184)

  • INFO

    • Dropped object may contain URL's

      • iexplore.exe (PID: 3184)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3184)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

Description: Funny porn for adults. Your best source of adult humor, porn fails, bloopers, weird fetishes and shockers.
viewport: width=device-width
Title: 9GAG2 | 9GAG2 – Your Best Source of Adult Humor
Generator: WordPress 4.9.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe no specs iexplore.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2780"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3184"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2780 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
452
Read events
349
Write events
101
Delete events
2

Modification events

(PID) Process:(2780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B000000090000000000000000000000000000000400000000000000108E82C8479FD301000000000000000000000000020000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFC0A8640B000000000000000002000000C0A8640B0000000000000000000000000000000000000000000000000C00000C37D0000010A73800D8703600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081F800009000230090002300380023000000000000702C000A00000000000000F8412C00
(PID) Process:(2780) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{CC0D8873-2933-11E8-943E-5254004AAD21}
Value:
0
(PID) Process:(3184) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Type
Value:
3
(PID) Process:(3184) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(3184) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Time
Value:
E207030005001000100005000900C801
Executable files
0
Suspicious files
39
Text files
74
Unknown types
17

Dropped files

PID
Process
Filename
Type
2780iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZH9GIXH\favicon[1].ico
MD5:
SHA256:
2780iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3184iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZH9GIXH\main[1].csstext
MD5:
SHA256:
3184iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B8XX9S5\style[1].csstext
MD5:
SHA256:
3184iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1H3Z3B0\9gag2LOGOU3[1].jpgimage
MD5:
SHA256:
3184iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B8XX9S5\9gag2-Adult-Humor-Funny-Porn-Joke-Hilarious-8649[1].jpgimage
MD5:
SHA256:
3184iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B8XX9S5\9gag2-Adult-Humor-Funny-Porn-Joke-Hilarious-8653[1].jpgimage
MD5:
SHA256:
2780iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3184iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0BRTIYI\jquery.fancybox[1].csstext
MD5:
SHA256:
3184iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B8XX9S5\9gag2-Adult-Humor-Funny-Porn-Joke-Hilarious-8650[1].jpgimage
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
62
TCP/UDP connections
63
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/themes/9gag/main.css?ver=20140426
US
text
13.8 Kb
malicious
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/themes/9gag/media.css?ver=20140728
US
text
931 b
malicious
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/uploads/2018/02/9gag2-Adult-Humor-Funny-Porn-Joke-Hilarious-8653.jpg
US
image
121 Kb
malicious
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/themes/9gag/js/bootstrap.min.js?ver=3.0.2
US
text
1.21 Kb
malicious
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/uploads/2018/02/9gag2-Adult-Humor-Funny-Porn-Joke-Hilarious-8650.jpg
US
image
66.6 Kb
malicious
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/uploads/2015/05/9gag2LOGOU3.jpg
US
image
3.16 Kb
malicious
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/uploads/2018/02/9gag2-Adult-Humor-Funny-Porn-Joke-Hilarious-8652.jpg
US
image
166 Kb
malicious
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/uploads/2018/02/9gag2-Adult-Humor-Funny-Porn-Joke-Hilarious-8651.jpg
US
image
141 Kb
malicious
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/uploads/2018/02/9gag2-Adult-Humor-Funny-Porn-Joke-Hilarious-8648.jpg
US
image
57.8 Kb
malicious
GET
200
104.25.146.38:80
http://www.9gag2.com/wp-content/themes/9gag/inc/fancybox/jquery.fancybox.css?ver=4.9.4
US
text
1.17 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
68.232.34.240:80
www.download.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
104.25.146.38:80
www.9gag2.com
Cloudflare Inc
US
shared
172.217.22.10:80
ajax.googleapis.com
Google Inc.
US
whitelisted
104.19.193.102:443
ajax.cloudflare.com
Cloudflare Inc
US
shared
205.185.216.42:443
ads.exosrv.com
Highwinds Network Group, Inc.
US
whitelisted
95.211.229.246:443
syndication.exosrv.com
LeaseWeb Netherlands B.V.
NL
suspicious
2.16.186.35:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
whitelisted
2.16.186.11:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
whitelisted
2.21.246.17:80
www.download.windowsupdate.com
Akamai International B.V.
AT
whitelisted

DNS requests

Domain
IP
Reputation
teredo.ipv6.microsoft.com
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
www.9gag2.com
  • 104.25.146.38
  • 104.25.145.38
malicious
ajax.googleapis.com
  • 172.217.22.10
  • 172.217.23.138
  • 216.58.206.10
  • 216.58.207.74
  • 216.58.214.42
  • 172.217.16.170
  • 216.58.208.42
  • 172.217.22.42
  • 172.217.22.74
  • 172.217.22.106
  • 172.217.23.170
  • 216.58.205.234
  • 172.217.21.234
whitelisted
ajax.cloudflare.com
  • 104.19.193.102
  • 104.19.195.102
  • 104.19.194.102
  • 104.19.196.102
  • 104.19.192.102
whitelisted
ads.exosrv.com
  • 205.185.216.42
  • 205.185.216.10
whitelisted
syndication.exosrv.com
  • 95.211.229.246
whitelisted
apps.identrust.com
  • 192.35.177.64
shared
ocsp.usertrust.com
  • 178.255.83.1
whitelisted
ocsp.comodoca4.com
  • 2.16.186.26
  • 2.16.186.17
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html