URL:

friendshipmale.com

Full analysis: https://app.any.run/tasks/aa3673e6-1261-4a36-977b-613a311c9553
Verdict: Malicious activity
Analysis date: March 21, 2024, 14:07:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

CB7E89C354C9E7D1DBE691967FE2373E

SHA1:

C94C5A352A9E35313AE6670020BDAEC616A05AB2

SHA256:

CCEA853B5A614E8D7DC2C5147D592716C06E89EDAF57B5CA583B13BDBD5D2365

SSDEEP:

3:Nccn:z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3956)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3276"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3956 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3956"C:\Program Files\Internet Explorer\iexplore.exe" "friendshipmale.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
15 237
Read events
15 108
Write events
93
Delete events
36

Modification events

(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
329476320
(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31095705
(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
629638820
(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31095705
(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
7
Text files
7
Unknown types
5

Dropped files

PID
Process
Filename
Type
3276iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9478009C65AD88C5849E267C05A3251D_86C186CCE8C33FFE905CB6803827F4E8binary
MD5:C631582CA5B5B5E9105C81453C6ADE95
SHA256:0CBBDA197B1188D7681C98587AA9FDBC0D7D059103DF5008746FB1DD0A6577C5
3956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{5148E61A-E78C-11EE-AE0A-12A9866C77DE}.datbinary
MD5:52BE519598DD3D5CA69D7529BD98C165
SHA256:8DF53412984166EE60FD2713E33B06F03D36D15336A5D68043AA53B8E9D1ED69
3956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verCC73.tmpxml
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10
SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9
3276iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9478009C65AD88C5849E267C05A3251D_86C186CCE8C33FFE905CB6803827F4E8binary
MD5:9ACD59FDEFDCA6E157DF04D97EB22979
SHA256:22722EA5FAF58144E257F8219F91606F853C655E90309F99760F39D5D5128262
3956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\urlblockindex[1].binbinary
MD5:FA518E3DFAE8CA3A0E495460FD60C791
SHA256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
3276iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\lander[1].htmhtml
MD5:5DEE74ED1692B538693F61C2F686C17A
SHA256:C059F9F65C835CADE6374D0AE85CDB5E2F4BF6F9C94672D8685608DCC684E387
3276iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771binary
MD5:A007030737ADB21C4A7B7F002A195FA4
SHA256:89003B26FEE2FB155D3125FBDE23E5362D753FFDB755D15F792385423CCAD2AB
3956iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:D419FEAFB4BE5C096F3924628F728D43
SHA256:2990DE6898ADFE9A921BE1E4E1DF773CA990F7C30941BF14B0183A50F3C81242
3956iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF9344025AEBFE607A.TMPgmc
MD5:F60AFB2FA323B5A391D6352534ECD4C4
SHA256:CAAE90D4C58794F28459E37BB44CA306C5D4D49248A1B78E0C5D408FAEB7A8F3
3276iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:A3666D2819C8D5C43219B1448BFA0619
SHA256:1D2023C598F8AE50927D2E4AC5A3E65DE7977111394E3D4A36110E975184345D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
24
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3276
iexplore.exe
GET
304
88.221.110.106:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?36ca310eb28aaa33
DE
unknown
3956
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
US
binary
313 b
unknown
1080
svchost.exe
GET
304
23.32.238.192:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?624d1ab720bef5f8
DE
compressed
67.5 Kb
unknown
3276
iexplore.exe
GET
301
15.197.172.60:80
http://friendshipmale.com/lander
US
html
68 b
unknown
3276
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCBa0Kzxk4g2h
US
binary
2.06 Kb
unknown
1080
svchost.exe
GET
200
23.32.238.192:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0754c686571bd23f
DE
compressed
67.5 Kb
unknown
3956
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
unknown
3956
iexplore.exe
GET
204
15.197.172.60:80
http://friendshipmale.com/favicon.ico
US
unknown
3956
iexplore.exe
GET
304
88.221.110.106:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b23edf5cfbe16fd7
DE
unknown
3276
iexplore.exe
GET
200
192.124.249.23:80
http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
US
binary
2.01 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3276
iexplore.exe
15.197.172.60:80
friendshipmale.com
AMAZON-02
US
unknown
3956
iexplore.exe
15.197.172.60:80
friendshipmale.com
AMAZON-02
US
unknown
3276
iexplore.exe
15.197.172.60:443
friendshipmale.com
AMAZON-02
US
unknown
3956
iexplore.exe
2.23.209.179:443
www.bing.com
Akamai International B.V.
GB
unknown
3276
iexplore.exe
88.221.110.106:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3956
iexplore.exe
88.221.110.106:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
friendshipmale.com
  • 15.197.172.60
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.23.209.179
  • 2.23.209.187
  • 2.23.209.133
  • 2.23.209.148
  • 2.23.209.176
  • 2.23.209.140
  • 2.23.209.149
  • 2.23.209.165
  • 2.23.209.182
whitelisted
ctldl.windowsupdate.com
  • 88.221.110.106
  • 2.16.100.168
  • 23.32.238.192
  • 23.32.238.202
  • 23.32.238.219
  • 23.32.238.218
  • 23.32.238.217
  • 23.32.238.186
  • 23.32.238.216
  • 23.32.238.209
  • 23.32.238.200
whitelisted
ocsp.godaddy.com
  • 192.124.249.23
  • 192.124.249.22
  • 192.124.249.36
  • 192.124.249.24
  • 192.124.249.41
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
friendshipmale.com