analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://soc-secureworks.com

Full analysis: https://app.any.run/tasks/7e64ece1-4c72-4974-94b6-2743a6fc332a
Verdict: Malicious activity
Analysis date: December 05, 2022, 19:12:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1C85A3ACD6E4504FDDAE515CE30DB69F

SHA1:

10A784592AAA1EAA70DD58AE3280F88643EE7244

SHA256:

C582B1F57E2FE4C9DCC94B6899CD9BEAF9BEBD1F3DECD9A60BC41075F7148186

SSDEEP:

3:N1KNKfWjCASKeHKI:CYfA58KI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 2736)

    • Application launched itself

      • iexplore.exe (PID: 752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
752"C:\Program Files\Internet Explorer\iexplore.exe" "http://soc-secureworks.com"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2736"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:752 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iertutil.dll
Total events
16 210
Read events
16 073
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
11
Text files
19
Unknown types
9

Dropped files

PID
Process
Filename
Type
2736iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1der
MD5:E8B87ADF7C1358AA15D80A49494D7DA5
SHA256:CCC63E022E9D37FFBF3D4B71271BB7604CE6F62502A2C34F06BAEE03057B01CC
752iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8Fder
MD5:406B3F4C3DCB12AC7EE515803CDBACCF
SHA256:824B08BB5371B3583F45B4C08037EDC08B30860079D8A6EA5DBEE813BC7625CA
752iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:AC572CBBC82D6D652CDBE2596AEAC4EE
SHA256:50B6D8F62150A7BD25FB3E462130E8E054A0F1FB619487E8C426A4C8BF6BDCA8
2736iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GW4LXYJ.txttext
MD5:7561D3DC1B88F66F73D1B7177D53BD9D
SHA256:40171F7B55FAF553F14E6D6074AA3717517BE3AE3FC0E1DA8307B3D1AD7D01F5
2736iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\JR7YMYFL.htmhtml
MD5:4D2BE17AAAD1D9E8F9EC10D81E32B4E2
SHA256:0E39824275963D0902F0FEF89A81B63FA697F3219D66E32596961F53E758E382
752iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:D4D9A47BE731D44DE468ECD3644B4F3C
SHA256:7713267EF65B137E1607082E85A7F2A6E577C6CF050CF4ADDD1FE6BA74C52C87
752iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:3CB48E6C55643FB7DBD3DC0720E8D184
SHA256:724D884F05C85046BADBB1A0837D93F6F37F314E0BF441FB2959406C93E55915
752iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8Fbinary
MD5:2E9DC74608AD71399AD622CFB631670F
SHA256:B5C5E23DDF296B790B09B4E466404333EFC7994F2A01932FABCAC3EC73BBF3E7
2736iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:F76B36AEC4576F7C21BCF99424F0AEF0
SHA256:08840084149A6A2CD596566C374387BFE50919B71B4DEB29269AEC20AD31801E
2736iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1binary
MD5:5DFF94B67FE10E7156B25D3F05AE7A9C
SHA256:F4E44BBC6B44B6FB79A8D00BCCCA53795B4507415D6CE3F40BF05C1799A65610
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
44
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2736
iexplore.exe
GET
302
192.64.119.38:80
http://soc-secureworks.com/
US
html
51 b
malicious
752
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/Omniroot2025.crl
US
der
7.78 Kb
whitelisted
752
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2736
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJaiu8Zb34NbCEEshrmcCs%3D
US
der
471 b
whitelisted
2736
iexplore.exe
GET
302
192.64.119.38:80
http://soc-secureworks.com/
US
html
51 b
malicious
752
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4f887d6c890572aa
US
compressed
4.70 Kb
whitelisted
752
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d2691ac2c2cbac57
US
compressed
4.70 Kb
whitelisted
2736
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?81bea6f4840cabac
US
compressed
61.4 Kb
whitelisted
2736
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f04ff84a4f4e43ae
US
compressed
61.4 Kb
whitelisted
2736
iexplore.exe
GET
200
184.24.9.54:80
http://x1.c.lencr.org/
DE
der
717 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
752
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
752
iexplore.exe
13.107.21.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
752
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted
752
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
2736
iexplore.exe
192.64.119.38:80
NAMECHEAP-NET
US
malicious
752
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2736
iexplore.exe
13.107.213.45:443
www.secureworks.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
2736
iexplore.exe
13.107.246.45:443
www.secureworks.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
13.107.213.45:443
www.secureworks.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
2736
iexplore.exe
142.250.181.234:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
  • 131.253.33.200
  • 13.107.22.200
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.secureworks.com
  • 13.107.246.45
  • 13.107.213.45
malicious
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
crl3.digicert.com
  • 93.184.220.29
whitelisted
content.secureworks.com
  • 23.3.89.145
  • 23.3.89.186
whitelisted

Threats

PID
Process
Class
Message
2736
iexplore.exe
Misc activity
ET INFO Namecheap URL Forward
2736
iexplore.exe
Misc activity
ET INFO Namecheap URL Forward
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://soc-secureworks.com