analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://u574567.ct.sendgrid.net/ls/click?upn=xZD1O2yRALjGcZLNue4BS55ANzBJs-2B7rtNj5QTnaAlGRz028Eu-2FdgZhEUQTOQ5WMFlxEzr-2FZnp-2FyJvDOrgcBbDbqsVphU6dIVASRGpGfZzC5KhdHYx8z4zTOfhcJ7F-2Bi94AWE9211utQK5ghWkwv8X030YKitU0lVuYivAr-2FiValoSrKMcrGarXs0Sw7yKSSIjNNEQMUArXA0X5DkYBNZg-3D-3Dy0Bm_Y-2FFuWc4FNaAt4FpY8ZU69yWUFb-2BwLgu-2Fe2vaWTHffi9nDUOLpe9PTYOfb33vsoomt16RGdAdWOBKzHeD5r0UwEYVKt9wUMorx0sIovyMALemJ-2Fwavz-2FMX0S3YB107lb-2BDqpEU1rgA4cY3si9IE1LkYgJeadpdOAjpFb8UvWS5jwOrTVdpkj1qwNRZjJXkYInB8rAvDBg5aTNkmfv0zMB3g-3D-3D

Full analysis: https://app.any.run/tasks/7b1f074a-0001-43f8-b86b-6434331dea17
Verdict: Malicious activity
Analysis date: October 04, 2022, 20:06:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

2D3F133EF769527C18487800DC158DA3

SHA1:

28D37EFB54CE54517086131E86FA1D73481291A1

SHA256:

C6991E7604ED8DC5751578696E74FF240695409935D5FE5F081C9149ABB0CA23

SSDEEP:

12:2luSuCsF1j/tRTh0/idST9/hEfasAbDFN07zjquXyvC:2luqs3j/tRTh0/iAZ/hESnCzjquXmC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 1432)

  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 1432)
      • iexplore.exe (PID: 300)

    • Reads the computer name

      • iexplore.exe (PID: 300)
      • iexplore.exe (PID: 1432)

    • Changes internet zones settings

      • iexplore.exe (PID: 300)

    • Application launched itself

      • iexplore.exe (PID: 300)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1432)
      • iexplore.exe (PID: 300)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 300)
      • iexplore.exe (PID: 1432)

    • Changes settings of System certificates

      • iexplore.exe (PID: 300)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1432)

    • Creates files in the user directory

      • iexplore.exe (PID: 1432)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\Program Files\Internet Explorer\iexplore.exe" "https://u574567.ct.sendgrid.net/ls/click?upn=xZD1O2yRALjGcZLNue4BS55ANzBJs-2B7rtNj5QTnaAlGRz028Eu-2FdgZhEUQTOQ5WMFlxEzr-2FZnp-2FyJvDOrgcBbDbqsVphU6dIVASRGpGfZzC5KhdHYx8z4zTOfhcJ7F-2Bi94AWE9211utQK5ghWkwv8X030YKitU0lVuYivAr-2FiValoSrKMcrGarXs0Sw7yKSSIjNNEQMUArXA0X5DkYBNZg-3D-3Dy0Bm_Y-2FFuWc4FNaAt4FpY8ZU69yWUFb-2BwLgu-2Fe2vaWTHffi9nDUOLpe9PTYOfb33vsoomt16RGdAdWOBKzHeD5r0UwEYVKt9wUMorx0sIovyMALemJ-2Fwavz-2FMX0S3YB107lb-2BDqpEU1rgA4cY3si9IE1LkYgJeadpdOAjpFb8UvWS5jwOrTVdpkj1qwNRZjJXkYInB8rAvDBg5aTNkmfv0zMB3g-3D-3D"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
1432"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:300 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
14 206
Read events
14 073
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
21
Text files
56
Unknown types
23

Dropped files

PID
Process
Filename
Type
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE663020D19099DF1F0301BC70AB2E57_FFD867000A0830D5CC0FA7946195DDD4binary
MD5:BE98F518B31C50B4E817D4CC5C50D95E
SHA256:5D90E941C3A3DEE7E5B8DA803EA2FB850ABEFAA425C38DF833FC370C2A72F779
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771binary
MD5:9488939F96B47D0070F590184BF5955E
SHA256:065F13AFE0C114C02F432C907082B4372AFEF6B5DDEB717BB714C83F05D7F582
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:A7AA58F8AFD1F13F531335B980B4DED5
SHA256:A008440CE65F78686B7BCE61C5C2186D7AA1BF60D20ADC6968D414CF7494922E
300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:DA625C7B3C4629B580B9F04CA08D8487
SHA256:C283DFC7A8ADA2EB11727EEB17E43FFB334CF6AECA8CACD7BE35A1F9660BC150
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE663020D19099DF1F0301BC70AB2E57_FFD867000A0830D5CC0FA7946195DDD4der
MD5:0F38CC138C0CA93EE6B82C34BD1FA3A0
SHA256:E3B3B0832136CDCBB3997524CBD68B2C257C1B56527631BA5EF679BC3478C777
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:694802834DBB4C982CBE5526B872A2B3
SHA256:63BEC3D888EB81363D0F20152CD5F56744D06D5845D8A1AE9396B8B40C25344B
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2Dder
MD5:C592E482A700E972E14C46C59EABD9BB
SHA256:3BD64AE8F25AD4DE3186018F5609D7B474B3F2FAF60C210DB787044055E78CAD
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:45D376A28632E60F2DBD25DE91743F84
SHA256:AE06BD7CE65D910D7D2557F257C42B58C9C31049071A1BC73EB44D833489A31F
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8der
MD5:B45B15BB651CC185EA82D91A51F06B5A
SHA256:F0B61426DE169CF2EFDE87AC98D5123EA785004AD05C05932A099B644B2FDF64
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8binary
MD5:40AB739073B6F21394D38F1CCBEBB420
SHA256:CBF94A7DF58C3C2C5F7B3C5EA7EFAE8F007B756D57063A64B5171BB1FEB3D74C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
67
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1432
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQCbtonfHJ3EDA%3D%3D
US
der
1.74 Kb
whitelisted
1432
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D
US
der
1.66 Kb
whitelisted
1432
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
US
der
1.69 Kb
whitelisted
1432
iexplore.exe
GET
142.251.39.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
whitelisted
300
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
1432
iexplore.exe
GET
200
13.225.84.42:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
1432
iexplore.exe
GET
200
13.225.84.175:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
1432
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCAwembkYho4l
US
der
1.74 Kb
whitelisted
1432
iexplore.exe
GET
200
142.251.39.67:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD6a7qQTCYd8hJU9n3M3mXb
US
der
472 b
whitelisted
1432
iexplore.exe
GET
200
142.251.39.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
300
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
300
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
1432
iexplore.exe
8.253.207.120:80
ctldl.windowsupdate.com
LEVEL3
US
malicious
1432
iexplore.exe
192.124.249.23:80
ocsp.godaddy.com
SUCURI-SEC
US
suspicious
1432
iexplore.exe
142.251.39.67:80
ocsp.pki.goog
GOOGLE
US
whitelisted
1432
iexplore.exe
142.250.180.228:443
www.google.com
GOOGLE
US
whitelisted
1432
iexplore.exe
167.89.123.122:443
u574567.ct.sendgrid.net
SENDGRID
US
suspicious
1432
iexplore.exe
35.190.117.7:443
support.paloaltonetworks.com
GOOGLE
US
unknown
300
iexplore.exe
142.250.180.228:443
www.google.com
GOOGLE
US
whitelisted
1432
iexplore.exe
96.16.132.243:443
www.paloaltonetworks.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
u574567.ct.sendgrid.net
  • 167.89.123.122
  • 167.89.118.28
  • 167.89.118.35
  • 167.89.123.16
suspicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 8.253.207.120
  • 8.248.141.254
  • 67.27.235.126
  • 8.248.117.254
  • 8.253.95.121
whitelisted
ocsp.godaddy.com
  • 192.124.249.23
  • 192.124.249.41
  • 192.124.249.24
  • 192.124.249.22
  • 192.124.249.36
whitelisted
www.google.com
  • 142.250.180.228
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
ocsp.pki.goog
  • 142.251.39.67
whitelisted
support.paloaltonetworks.com
  • 35.190.117.7
unknown
www.paloaltonetworks.com
  • 96.16.132.243
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://u574567.ct.sendgrid.net/ls/click?upn=xZD1O2yRALjGcZLNue4BS55ANzBJs-2B7rtNj5QTnaAlGRz028Eu-2FdgZhEUQTOQ5WMFlxEzr-2FZnp-2FyJvDOrgcBbDbqsVphU6dIVASRGpGfZzC5KhdHYx8z4zTOfhcJ7F-2Bi94AWE9211utQK5ghWkwv8X030YKitU0lVuYivAr-2FiValoSrKMcrGarXs0Sw7yKSSIjNNEQMUArXA0X5DkYBNZg-3D-3Dy0Bm_Y-2FFuWc4FNaAt4FpY8ZU69yWUFb-2BwLgu-2Fe2vaWTHffi9nDUOLpe9PTYOfb33vsoomt16RGdAdWOBKzHeD5r0UwEYVKt9wUMorx0sIovyMALemJ-2Fwavz-2FMX0S3YB107lb-2BDqpEU1rgA4cY3si9IE1LkYgJeadpdOAjpFb8UvWS5jwOrTVdpkj1qwNRZjJXkYInB8rAvDBg5aTNkmfv0zMB3g-3D-3D