analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://cdn.perfdrve.com

Full analysis: https://app.any.run/tasks/73e02f87-1245-4b8f-9282-5f688158362a
Verdict: Malicious activity
Analysis date: May 24, 2019, 08:40:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

9247BF2734244D213FCFB444B4A960B7

SHA1:

8F81D40EF80261FC853FCE374BBB7CEB59394E88

SHA256:

C4DD2EDDE3570BF743E73A99D5273833D034DFAF3F12B5F7D48042B72791C400

SSDEEP:

3:N1KdBLWXfKIn:CXQfKI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Connects to CnC server

      • iexplore.exe (PID: 2892)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2328)
    • Application launched itself

      • iexplore.exe (PID: 2328)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2892)
      • iexplore.exe (PID: 2328)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2892)
    • Creates files in the user directory

      • iexplore.exe (PID: 2892)
      • iexplore.exe (PID: 2328)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2328"C:\Program Files\Internet Explorer\iexplore.exe" http://cdn.perfdrve.comC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2892"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2328 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
351
Read events
290
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
10
Unknown types
5

Dropped files

PID
Process
Filename
Type
2328iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2328iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2892iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:AA21FDD857E7D8C523667FE2BA149FA2
SHA256:E7F0D66FA3521B80D1C496E3D685700F008DBA263C128D6B3C1634D47E3BA3AD
2892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:E0AACC8D202F29D95BFD1F15E0418544
SHA256:160F6D0B83D6B623109AC8013CBED0AADCAC9A01AF7A0BF68EA381B973FBAE7E
2892iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txttext
MD5:D9BE53529F35DF82380C8ECC2D29B7C3
SHA256:56485D58D32B09F7DF4F4CB37E873ED203B2C30B533B51C88D1B3B17305C7130
2892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019052420190525\index.datdat
MD5:291E17D49E6017D165271322365F9749
SHA256:65BA931F9E818A489736B9F03BF245F07EE744318ADB6C0B4291CE472FFEDC09
2892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:7DD89BB5EA0BF438BE01D58AC013A08D
SHA256:451ACC73D52C5500844535D9669300974886AC68FC435E95516CA82872606B8A
2892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
2892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TWFRJYQQ\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
2892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
3
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2892
iexplore.exe
GET
195.22.26.248:80
http://cdn.perfdrve.com/
PT
whitelisted
2328
iexplore.exe
GET
195.22.26.248:80
http://cdn.perfdrve.com/favicon.ico
PT
whitelisted
2328
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2328
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2328
iexplore.exe
195.22.26.248:80
cdn.perfdrve.com
Claranet Ltd
PT
malicious
2892
iexplore.exe
195.22.26.248:80
cdn.perfdrve.com
Claranet Ltd
PT
malicious

DNS requests

Domain
IP
Reputation
cdn.perfdrve.com
  • 195.22.26.248
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

PID
Process
Class
Message
2892
iexplore.exe
A Network Trojan was detected
ET CNC Ransomware Tracker Reported CnC Server group 67
No debug info