analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://t.ly

Full analysis: https://app.any.run/tasks/8e67dcf6-2e80-4463-9200-2d0ffa15cdad
Verdict: Malicious activity
Analysis date: March 31, 2023, 22:07:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C4DB5A15ADEBC7FBE2E65B2C8D00CB3C

SHA1:

55E71514AA30CD352750570657ADBBE97155DE0E

SHA256:

CB6FC67A30B9DA52773C51D8B666DA3017A5E4BA3F704878080CF829D9017942

SSDEEP:

3:N8DS:22

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2688)

    • Create files in a temporary directory

      • iexplore.exe (PID: 2688)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2688"C:\Program Files\Internet Explorer\iexplore.exe" "https://t.ly"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
876"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2688 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
29 128
Read events
28 928
Write events
200
Delete events
0

Modification events

(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2688) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
46
Text files
104
Unknown types
38

Dropped files

PID
Process
Filename
Type
876iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27der
MD5:B6F26E04F86E4B1D4E2DEF7A28500064
SHA256:51CDBEFE064909D87A8E1D4ACCE253C710AC15C670F49F389FD083C57B49DE20
2688iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:8461A037B38246996C5F98A64B5FD918
SHA256:C85675B72791F932EBE52B51BC13DCB761A469B1FBDE881C6C4EF6BA93A1B36F
876iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:BFD4C877351F234A7AFBB1F9CAA36820
SHA256:7205CFED52264B9C31CC38D740B5AE6F395D528EE3C6E5630BD0690FFDD7D16E
876iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VH9PT0D7.txttext
MD5:F4369C41C5A1B373BA1B2FB6B148FFCB
SHA256:89F97C56ACDCBCEACDF7F1922BBD71764DEA5CB77038EACE68F283B32ABAE664
876iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\X850SXCX.txttext
MD5:E204FF1CEC7E2BF07C96A2890F67A4DC
SHA256:7F9914752D8FE87369B48DC84813EA96518B1BA89250E262D021DCAD95050A73
2688iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:524B7D7C5A8411F2474E559BE98A9307
SHA256:539E435D2A9758EE449C99CA54C9E3422AD89251485403C6352BBA830ED57F01
876iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\LCDY8JNJ.htmhtml
MD5:15AAB7D26C9E76FED0D5D2C3CF96D3D6
SHA256:58BFA82FD8A90BB8D43869D260FF30678F65A103B36BE8BC5A8E4C91F8BC45E6
2688iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2688iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:01F16356C3DB8137F698C2536FCB5288
SHA256:2E12375777B595A0DF3871C03FD92570B73B95D73499FFE3B06B314AF5B9C37B
876iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\app[1].csstext
MD5:4F7B3EE7A5C92A20D1E95613632865DC
SHA256:1F611FDD17EB0DCFFF6D51EE8819D69C8E939A2F3974EFE114F3BCD6C90EB8E2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
67
DNS requests
31
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
876
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
876
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD%2FB2zZ7cy1JAocIdUzcD8Q
US
der
472 b
whitelisted
2688
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
876
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGuOw5S%2FgZeuCs2W38ctSDs%3D
US
der
471 b
whitelisted
876
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCFF8LsnHpqFgoBiSwjCX0g
US
der
472 b
whitelisted
876
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCXh%2B17FzWzVgrisikgAGpW
US
der
472 b
whitelisted
2688
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3a89d9bf30a07ddb
US
compressed
4.70 Kb
whitelisted
876
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEMhbiGFxLZ5EgQHgSI51DM%3D
US
der
471 b
whitelisted
876
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCXh%2B17FzWzVgrisikgAGpW
US
der
472 b
whitelisted
876
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDTHapPXttJahK0MpJdGmyD
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2688
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2688
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.67.75.122:443
CLOUDFLARENET
US
suspicious
876
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
876
iexplore.exe
104.26.12.201:443
CLOUDFLARENET
US
suspicious
2688
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
876
iexplore.exe
172.67.75.122:443
CLOUDFLARENET
US
suspicious
876
iexplore.exe
142.250.186.74:443
fonts.googleapis.com
GOOGLE
US
whitelisted
876
iexplore.exe
104.17.24.14:443
cdnjs.cloudflare.com
CLOUDFLARENET
suspicious
876
iexplore.exe
142.250.185.196:443
www.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
fonts.googleapis.com
  • 142.250.186.74
whitelisted
cdnjs.cloudflare.com
  • 104.17.24.14
  • 104.17.25.14
whitelisted
www.google.com
  • 142.250.185.196
whitelisted
www.googletagmanager.com
  • 142.250.186.104
whitelisted
pagead2.googlesyndication.com
  • 172.217.23.98
whitelisted
r.wdfl.co
  • 18.66.147.68
  • 18.66.147.74
  • 18.66.147.126
  • 18.66.147.86
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO URL Shortening Service Domain in DNS Lookup (t .ly)
876
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
876
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
876
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
876
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
876
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
2688
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
2688
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
876
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://t.ly