download:

index.html

Full analysis: https://app.any.run/tasks/07722bf5-69d8-4af9-ad3b-2cfb43297870
Verdict: Malicious activity
Analysis date: April 15, 2019, 05:54:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5:

F92E5D6A588411D34A9F766D17ECC2B1

SHA1:

6F6C2718755E0B4722C70EDC1877B6750A0E43D9

SHA256:

CFB33DF9C3EB99709D5810A0792CECCFF3B98CCEBFDC3D45EF07344FE2587FAF

SSDEEP:

3072:m7WJUSs4xH3H0G28gVr1upr/m7NapCc/+/Uf3PsnHwnKzQWhjbYfLGp2R8:mqDvH3H01srHF/+yvfLGp26

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 860)

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 3380)

    • Reads CPU info

      • firefox.exe (PID: 860)

    • Changes internet zones settings

      • iexplore.exe (PID: 2596)

    • Dropped object may contain Bitcoin addresses

      • firefox.exe (PID: 860)

    • Application launched itself

      • firefox.exe (PID: 860)

    • Reads settings of System Certificates

      • firefox.exe (PID: 860)

    • Creates files in the user directory

      • firefox.exe (PID: 860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

msapplicationTileColor: #224f7b
msapplicationTileImage: //static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png
msapplicationConfig: none
Robots: noydir,noodp
Title: MSN UK: Latest news, weather, Hotmail sign in, Outlook email, Bing
Description: Read today's top stories news, weather, sport, entertainment, lifestyle, money, cars and more, all expertly curated from across top UK and global news providers
viewport: width=device-width,initial-scale=1.0,maximum-scale=2.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
7
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
860"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2280"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.0.383361466\1484485054" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 860 "\\.\pipe\gecko-crash-server-pipe.860" 1092 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2476"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.6.727553358\1543569309" -childID 1 -isForBrowser -prefsHandle 1596 -prefMapHandle 1592 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 860 "\\.\pipe\gecko-crash-server-pipe.860" 1588 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2596"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3380"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2596 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3424"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.20.618613957\1149471078" -childID 3 -isForBrowser -prefsHandle 3360 -prefMapHandle 3364 -prefsLen 5882 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 860 "\\.\pipe\gecko-crash-server-pipe.860" 3376 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3736"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.13.772560425\1067830675" -childID 2 -isForBrowser -prefsHandle 2500 -prefMapHandle 2504 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 860 "\\.\pipe\gecko-crash-server-pipe.860" 2516 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
Total events
820
Read events
754
Write events
65
Delete events
1

Modification events

(PID) Process:(2596) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2596) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2596) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2596) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2596) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2596) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2596) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{F224DF39-5F42-11E9-B63D-5254004A04AF}
Value:
0
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Type
Value:
3
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Time
Value:
E307040001000F000500360024005001
Executable files
1
Suspicious files
78
Text files
44
Unknown types
93

Dropped files

PID
Process
Filename
Type
2596iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2596iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2596iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFAF829D83201335E5.TMP
MD5:
SHA256:
2596iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF2BE0E6FEF3A93AB0.TMP
MD5:
SHA256:
2596iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFF62FED7CE15F9DB3.TMP
MD5:
SHA256:
2596iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFC24E8216EDFDB205.TMP
MD5:
SHA256:
2596iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F224DF39-5F42-11E9-B63D-5254004A04AF}.dat
MD5:
SHA256:
860firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
860firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
MD5:
SHA256:
860firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
60
DNS requests
150
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
860
firefox.exe
POST
200
216.58.207.35:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
860
firefox.exe
POST
200
173.223.106.130:80
http://ocsp.comodoca.com/
NL
der
471 b
whitelisted
860
firefox.exe
POST
200
104.18.24.243:80
http://ocsp.msocsp.com/
US
der
1.79 Kb
whitelisted
860
firefox.exe
POST
200
2.16.186.11:80
http://ocsp.int-x3.letsencrypt.org/
unknown
der
527 b
whitelisted
860
firefox.exe
POST
200
104.18.24.243:80
http://ocsp.msocsp.com/
US
der
1.79 Kb
whitelisted
860
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
860
firefox.exe
POST
200
104.18.24.243:80
http://ocsp.msocsp.com/
US
der
1.79 Kb
whitelisted
860
firefox.exe
POST
200
173.223.106.130:80
http://ocsp.comodoca.com/
NL
der
471 b
whitelisted
860
firefox.exe
POST
200
173.223.106.130:80
http://ocsp.comodoca.com/
NL
der
470 b
whitelisted
860
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
2.16.186.9:445
static-global-s-msn-com.akamaized.net
Akamai International B.V.
whitelisted
2596
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
4
System
2.16.186.35:445
static-global-s-msn-com.akamaized.net
Akamai International B.V.
whitelisted
4
System
2.16.186.35:139
static-global-s-msn-com.akamaized.net
Akamai International B.V.
whitelisted
860
firefox.exe
2.16.186.50:80
detectportal.firefox.com
Akamai International B.V.
whitelisted
860
firefox.exe
34.213.175.109:443
search.services.mozilla.com
Amazon.com, Inc.
US
unknown
860
firefox.exe
52.10.122.55:443
tiles.services.mozilla.com
Amazon.com, Inc.
US
unknown
860
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
860
firefox.exe
13.32.159.2:443
snippets.cdn.mozilla.net
Amazon.com, Inc.
US
unknown
860
firefox.exe
172.217.21.234:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
static-global-s-msn-com.akamaized.net
  • 2.16.186.9
  • 2.16.186.35
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared
detectportal.firefox.com
  • 2.16.186.50
  • 2.16.186.112
whitelisted
a1089.dscd.akamai.net
  • 2.16.186.112
  • 2.16.186.50
whitelisted
search.services.mozilla.com
  • 34.213.175.109
  • 52.88.150.81
  • 35.166.112.39
whitelisted
search.r53-2.services.mozilla.com
  • 35.166.112.39
  • 52.88.150.81
  • 34.213.175.109
whitelisted
tiles.services.mozilla.com
  • 52.10.122.55
  • 52.35.250.5
  • 52.34.132.219
  • 52.43.91.152
  • 52.39.131.77
  • 52.43.40.243
  • 52.26.103.165
  • 52.88.59.160
whitelisted
tiles.r53-2.services.mozilla.com
  • 52.88.59.160
  • 52.26.103.165
  • 52.43.40.243
  • 52.39.131.77
  • 52.43.91.152
  • 52.34.132.219
  • 52.35.250.5
  • 52.10.122.55
whitelisted
snippets.cdn.mozilla.net
  • 13.32.159.2
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html