URL:

https://ww17.5movierulz.top/category/telugu-movies-2023/page/3/

Full analysis: https://app.any.run/tasks/d92510f0-080f-4b8b-8206-1b85e4dfcd3a
Verdict: Malicious activity
Analysis date: December 21, 2023, 13:29:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

AC5386D9A642D04F10853F7F70BE975A

SHA1:

DB3253ECBCB7559AC2D5B01D0EBA41592240D9EF

SHA256:

C8001287B718C4589D94A4A9D1041E6DF68380376B27064A11E645CD6490BF55

SSDEEP:

3:N8DbDjKDN/xT1BuUsn:2T4FBk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1288"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2124 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2124"C:\Program Files\Internet Explorer\iexplore.exe" "https://ww17.5movierulz.top/category/telugu-movies-2023/page/3/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2304"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2124 CREDAT:2430232 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2532"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2124 CREDAT:4134163 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2588"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2124 CREDAT:2757947 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2712"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2124 CREDAT:2430274 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
48 330
Read events
48 146
Write events
180
Delete events
4

Modification events

(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
3
Suspicious files
129
Text files
225
Unknown types
0

Dropped files

PID
Process
Filename
Type
1288iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
1288iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
1288iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:D3BC2972A5CE7AA6355FFEFF2F781B0C
SHA256:30693BEFCCB9A17295EF589E595930ADCB2DA1013E14A01E45B8FB049B929819
1288iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\3[1].htmhtml
MD5:C8E659A5B2239E6993E95F880C9EE498
SHA256:123894E929B2AD25E8A29B27587D307EA4482A913C06BFB65A512E00E6C3CC1C
1288iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:65B72EA5194327968A5D224EBED95F75
SHA256:1D1C88FCD34DB009DDE342E30D06DE4BB9894B7AD981C2DBA25518AD2A2A4880
1288iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Salaar-Release-Trailer[1].jpgimage
MD5:596EEC9A09BBB905DB772EDB4477DE06
SHA256:98A8B3425F840AFA5013C3F35EAD0F0073B711840DA68A2B296BC35DCEB845F6
1288iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\wp-embed.min[1].jstext
MD5:570AE0F3C201604926EA599D3D1F6C04
SHA256:5138D39633DC69FCD0ED7F33A5E38DC339123F682FA7F5242066879C2BBC8C9B
1288iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:BE21180398972EF9A5E7CA43C10B7706
SHA256:1C70C9FE1FA15C1F65A2EA62F0C1F6CF462D595726BABA6BBDC8A8FCE4B9C11E
1288iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\style[1].csstext
MD5:872F8A071F9B622ECB4567BC1E2DE7ED
SHA256:6C2E1575B8413E3CDAF362E9DA1AA500B28FAD117145C10834993516DC2B8285
1288iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Vikram-Rathod-Telugu-Poster[1].jpgimage
MD5:BEB05CDBA08F3B75620B2937FC1DBEF1
SHA256:E9BF814593C6D59522A6A3CD28BF0DFDE5F81208A77BE55703D2B6AA0088A617
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
163
DNS requests
74
Threats
16

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1288
iexplore.exe
GET
200
184.24.77.194:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6f825234c2810feb
unknown
compressed
4.66 Kb
unknown
1288
iexplore.exe
GET
200
184.24.77.194:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f1ccb56d74be6756
unknown
compressed
4.66 Kb
unknown
1288
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
1288
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
binary
724 b
unknown
1288
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
1288
iexplore.exe
GET
200
184.24.77.150:80
http://ocsp.buypass.com/MEowSDBGMEQwQjAJBgUrDgMCGgUABBRyx0WAUkki6aW2LiOMsWzYh0At3gQUyYB34GKSgvVGnPO690zD3rijrTkCCTL6CDdr8jwgEw%3D%3D
unknown
binary
1.67 Kb
unknown
1288
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCZXmpIP%2Bo%2BHhJmodADfw%2Fc
unknown
binary
472 b
unknown
1288
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEA1uFYrLabZxEtE2U5X5DGM%3D
unknown
binary
471 b
unknown
2124
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
314 b
unknown
2588
iexplore.exe
GET
200
23.201.254.55:80
http://x2.c.lencr.org/
unknown
binary
300 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1288
iexplore.exe
104.21.7.162:443
ww17.5movierulz.top
CLOUDFLARENET
unknown
1288
iexplore.exe
184.24.77.194:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1288
iexplore.exe
142.250.186.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
1288
iexplore.exe
142.250.181.232:443
www.googletagmanager.com
GOOGLE
US
unknown
1288
iexplore.exe
212.117.190.201:443
9nyup8ul7.com
LU
unknown
1288
iexplore.exe
172.217.16.202:443
ajax.googleapis.com
GOOGLE
US
whitelisted
1288
iexplore.exe
184.24.77.150:80
ocsp.buypass.com
Akamai International B.V.
DE
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

Domain
IP
Reputation
ww17.5movierulz.top
  • 104.21.7.162
  • 172.67.136.244
unknown
ctldl.windowsupdate.com
  • 184.24.77.194
  • 184.24.77.202
  • 87.248.204.0
whitelisted
ocsp.pki.goog
  • 142.250.186.131
whitelisted
ww21.5movierulz.top
  • 104.21.7.162
  • 172.67.136.244
unknown
www.googletagmanager.com
  • 142.250.181.232
whitelisted
ajax.googleapis.com
  • 172.217.16.202
whitelisted
9nyup8ul7.com
  • 212.117.190.201
unknown
ocsp.buypass.com
  • 184.24.77.150
  • 184.24.77.165
whitelisted
region1.google-analytics.com
  • 216.239.32.36
  • 216.239.34.36
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted

Threats

PID
Process
Class
Message
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
1288
iexplore.exe
Generic Protocol Command Decode
SURICATA TLS certificate invalid der
1288
iexplore.exe
Generic Protocol Command Decode
SURICATA TLS certificate invalid der
1288
iexplore.exe
Generic Protocol Command Decode
SURICATA TLS certificate invalid der
1288
iexplore.exe
Generic Protocol Command Decode
SURICATA TLS certificate invalid der
2304
iexplore.exe
Generic Protocol Command Decode
SURICATA TLS certificate invalid der
2304
iexplore.exe
Generic Protocol Command Decode
SURICATA TLS certificate invalid der
2304
iexplore.exe
Generic Protocol Command Decode
SURICATA TLS certificate invalid der
2304
iexplore.exe
Generic Protocol Command Decode
SURICATA TLS certificate invalid der
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://ww17.5movierulz.top/category/telugu-movies-2023/page/3/