URL:

http://dicasemgeral.xpg.uol.com.br/noticias/22254/investimento-em-tecnologia-e-a-solucao-para-os-tempos-de-crise/?fdx_switcher=true

Full analysis: https://app.any.run/tasks/d26d5a85-98c8-4638-b16b-faf53a6ab431
Verdict: Malicious activity
Analysis date: November 08, 2019, 13:39:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

049D95BC1A32158AF06B89221E9193E6

SHA1:

D56F7595918CC86DA26564426380C3B088CD4A7C

SHA256:

C647714938143D3C3B4609B57D65EE8D0CE264EFC5A9D3EF13AB2A64FAC95879

SSDEEP:

3:N1KaMGIygLdWhyKVKMWA5BYKqIx5E95IWSQTTVEU3dCd4WSQayYRXV:CaH1gL4hZxHaKqINQTTVEoClAyYRl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3784)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2740)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3424)

    • Creates files in the user directory

      • iexplore.exe (PID: 3424)
      • iexplore.exe (PID: 2740)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3784)

    • Application launched itself

      • iexplore.exe (PID: 2740)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3424)

    • Dropped object may contain TOR URL's

      • iexplore.exe (PID: 3424)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2740"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3424"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2740 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3784C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
669
Read events
557
Write events
112
Delete events
0

Modification events

(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{2C38B361-022D-11EA-AB41-5254004A04AF}
Value:
0
(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2740) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E3070B00050008000D0027001800EE00
Executable files
0
Suspicious files
6
Text files
163
Unknown types
40

Dropped files

PID
Process
Filename
Type
2740iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2740iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3424iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@dicasemgeral.xpg.com[1].txt
MD5:
SHA256:
3424iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q10DDF14\investimento-em-tecnologia-e-a-solucao-para-os-tempos-de-crise[1].txt
MD5:
SHA256:
3424iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@dicasemgeral.xpg.com[2].txttext
MD5:
SHA256:
3424iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:
SHA256:
3424iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z7M8IRR2\f[1].txttext
MD5:
SHA256:
3424iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q10DDF14\small[1].jstext
MD5:
SHA256:
3424iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q10DDF14\investimento-em-tecnologia-e-a-solucao-para-os-tempos-de-crise[1].htmhtml
MD5:
SHA256:
3424iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1V18IP9\menu[1].csstext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
114
TCP/UDP connections
105
DNS requests
42
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3424
iexplore.exe
GET
301
172.217.23.142:80
http://www.youtube.com/embed/videoseries?list=PLynm_Lel57z1ckrB1OBUHZeJWuaGMN6Hq&hl=pt_BR&autoplay=0&loop=1&showinfo=0&rel=0&hd=0&iv_load_policy=1&allowfullscreen=1&wmode=transparent
US
whitelisted
3424
iexplore.exe
GET
200
187.17.123.243:80
http://dicasemgeral.xpg.com.br/noticias/22254/investimento-em-tecnologia-e-a-solucao-para-os-tempos-de-crise/?fdx_switcher=true
BR
html
12.3 Kb
unknown
3424
iexplore.exe
GET
200
50.17.188.236:80
http://lizard1301.spider.ad/spd_display?p1=1821.divSpdSuperBanner
US
text
3.26 Kb
unknown
3424
iexplore.exe
GET
200
187.17.123.243:80
http://dicasemgeral.xpg.com.br/wp-content/themes/dg9/css/menu.css
BR
text
1.38 Kb
unknown
3424
iexplore.exe
GET
200
187.17.123.243:80
http://dicasemgeral.xpg.com.br/wp-content/plugins/Viva-ThumbZoom/lib/v-zoom/viva-zoom.css
BR
text
807 b
unknown
3424
iexplore.exe
GET
200
187.17.123.243:80
http://dicasemgeral.xpg.com.br/wp-content/themes/dg9/css/posts.css
BR
text
1.10 Kb
unknown
3424
iexplore.exe
GET
200
187.17.123.243:80
http://dicasemgeral.xpg.com.br/img/fechar.gif
BR
image
407 b
unknown
3424
iexplore.exe
GET
200
187.17.123.243:80
http://dicasemgeral.xpg.com.br/imagens/darkblue.png
BR
image
181 b
unknown
3424
iexplore.exe
GET
200
187.17.123.243:80
http://dicasemgeral.xpg.com.br/wp-content/themes/dg9/img/fundo_topo.jpg
BR
image
748 b
unknown
3424
iexplore.exe
GET
200
187.17.123.243:80
http://dicasemgeral.xpg.com.br/img/bandeiras/br.png
BR
image
695 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3424
iexplore.exe
172.217.21.238:80
www.google-analytics.com
Google Inc.
US
whitelisted
2740
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3424
iexplore.exe
187.17.123.243:80
dicasemgeral.xpg.com.br
Universo Online S.A.
BR
unknown
3424
iexplore.exe
200.147.35.224:80
dicasemgeral.xpg.uol.com.br
Universo Online S.A.
BR
unknown
3424
iexplore.exe
187.17.123.245:80
js.xpg.com.br
Universo Online S.A.
BR
unknown
3424
iexplore.exe
172.217.18.2:443
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
3424
iexplore.exe
185.225.208.133:80
widgets.amung.us
suspicious
3424
iexplore.exe
192.0.77.32:80
s0.wp.com
Automattic, Inc
US
suspicious
3424
iexplore.exe
172.217.23.142:80
www.youtube.com
Google Inc.
US
whitelisted
3424
iexplore.exe
31.13.92.36:80
www.facebook.com
Facebook, Inc.
IE
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
dicasemgeral.xpg.uol.com.br
  • 200.147.35.224
suspicious
dicasemgeral.xpg.com.br
  • 187.17.123.243
unknown
pagead2.googlesyndication.com
  • 172.217.18.2
whitelisted
widgets.amung.us
  • 185.225.208.133
whitelisted
js.xpg.com.br
  • 187.17.123.245
unknown
lizard1301.spider.ad
  • 50.17.188.236
  • 54.243.79.219
  • 54.225.131.246
unknown
www.google-analytics.com
  • 172.217.21.238
whitelisted
cdn4.mediakit.com.br
  • 187.17.123.137
malicious
apis.google.com
  • 172.217.16.206
whitelisted

Threats

PID
Process
Class
Message
3424
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY Outdated Flash Version M1
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://dicasemgeral.xpg.uol.com.br/noticias/22254/investimento-em-tecnologia-e-a-solucao-para-os-tempos-de-crise/?fdx_switcher=true