URL:

cutt.ly/QRxGyy1

Full analysis: https://app.any.run/tasks/64c41363-88b5-40a4-bb31-76d9a153060f
Verdict: Malicious activity
Analysis date: November 10, 2023, 18:02:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

5C48271FE3078F251C04E3FFFB7B92C2E3F47424

SHA256:

CB51FF01A3EDB83F0F35E09D4E5553804EEAC4F258820770B7FB0E44AD5943C8

SSDEEP:

3:xYKOZcU:xacU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3440)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3936)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3936)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3936)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3440"C:\Program Files\Internet Explorer\iexplore.exe" "cutt.ly/QRxGyy1"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3484"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3440 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3936"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
4020"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3440 CREDAT:3806477 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
21 207
Read events
21 131
Write events
71
Delete events
5

Modification events

(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3440) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
50
Text files
91
Unknown types
0

Dropped files

PID
Process
Filename
Type
3484iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\unnamed[1].pngimage
MD5:3D553900813C909560ED13B0B8D1B845
SHA256:62C6F83E97D9ADE9ABB474FFEF8503B10150DA0E9215D173E4873BC7AE045667
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1binary
MD5:F995FBC24A8B5C5BCDCAC7CCD135721E
SHA256:9F2D9F774682C5346032CA6A08F245C788891C0DF92752B35EF56F50B8AD283E
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:0CF4231B99FBC4A92244CBDE6F591742
SHA256:BFD8C414EE55B27DEB0C28F2814302005E1AEEF093E769793EFC377C3B40AB3F
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_430EA0912164D1B129D6E1DC07C63959binary
MD5:80BF58499FC42962CD2459B681832610
SHA256:310057F348D064069F260868506674B9A90AB34671D5B4F5A0BCA47292E1D8A4
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:90F85193691551BCF9F8B6849EFB0018
SHA256:BC2055A98FD8F63445D10E553C6F585E25DD7C380661A129DECCBEA460B13583
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_430EA0912164D1B129D6E1DC07C63959binary
MD5:45552F8868009EE3C300AD8E5FE49008
SHA256:475FCE7F6D42F3B07319DD29A9A600CAC7E8F9486C44F308D6C0BF294E2B6F08
3484iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\R4ZMUJQV.txttext
MD5:5A8EB8D2465D95C2F9D3AD65C6916CFC
SHA256:4453FB04025DD067CABE4358DCDED2F89276739D0E53B2351087431ADB48D3F9
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1binary
MD5:B5EA5557D182FBBBA86EAA7D0DA9AE5E
SHA256:2EA5693CA1DBDD25D40CB76BEC1D0134AD44DEE993A1CAEE09F1114859F2A307
3484iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:AC89A852C2AAA3D389B2D2DD312AD367
SHA256:0B720E19270C672F9B6E0EC40B468AC49376807DE08A814573FE038779534F45
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
91
DNS requests
32
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3484
iexplore.exe
GET
200
67.27.159.126:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?55dbe395bef71797
US
compressed
4.66 Kb
unknown
3484
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
binary
1.41 Kb
unknown
3484
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC4wBUGz%2FM%2FbxJoyJUH9Zs4
US
binary
472 b
unknown
3484
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDjwMqr5md2thAEkT8uWlcR
US
binary
472 b
unknown
3484
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
binary
724 b
unknown
3484
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGNkd7zfgP4rEhC%2BpCYwNEA%3D
US
binary
471 b
unknown
3484
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEB2DDV7rEq4oEuPb98DuKJ4%3D
US
binary
471 b
unknown
3484
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGNkd7zfgP4rEhC%2BpCYwNEA%3D
US
binary
471 b
unknown
3484
iexplore.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDCjDk6BcP0YRJkTzSsQwBD
US
binary
472 b
unknown
3440
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
US
binary
313 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
3484
iexplore.exe
67.27.159.126:80
ctldl.windowsupdate.com
LEVEL3
US
malicious
3484
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3484
iexplore.exe
142.250.181.238:443
docs.google.com
GOOGLE
US
whitelisted
3484
iexplore.exe
142.250.185.227:80
ocsp.pki.goog
GOOGLE
US
whitelisted
3484
iexplore.exe
142.250.185.206:443
www.google-analytics.com
GOOGLE
US
whitelisted
3484
iexplore.exe
142.250.181.232:443
www.googletagmanager.com
GOOGLE
US
unknown
3484
iexplore.exe
172.217.18.3:443
ssl.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 67.27.159.126
  • 8.248.115.254
  • 67.27.158.254
  • 8.238.189.126
  • 67.26.81.254
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
docs.google.com
  • 142.250.181.238
shared
ocsp.pki.goog
  • 142.250.185.227
whitelisted
support.google.com
  • 142.250.181.238
whitelisted
www.google-analytics.com
  • 142.250.185.206
whitelisted
www.googletagmanager.com
  • 142.250.181.232
whitelisted
ssl.gstatic.com
  • 172.217.18.3
whitelisted
lh3.googleusercontent.com
  • 172.217.18.97
whitelisted
fonts.gstatic.com
  • 142.250.185.195
whitelisted

Threats

PID
Process
Class
Message
1080
svchost.exe
Misc activity
ET INFO URL Shortener Service Domain in DNS Lookup (cutt .ly)
3484
iexplore.exe
Misc activity
ET INFO Observed URL Shortener Service Domain (cutt .ly in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cutt.ly/QRxGyy1