analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

[email protected]

Full analysis: https://app.any.run/tasks/b0c9bb04-32d5-4c82-9566-d87ee72a8c52
Verdict: Malicious activity
Analysis date: January 14, 2022, 19:32:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5:

59D49D263BB8BF998CCF010D64B2D400

SHA1:

753B2162098FE4FAD292C945C93410D3EDE0F23F

SHA256:

D10B1C12359D1D1A8383A74BEC31EA64EC283C133385D1AAE321E23C1B9DFDC2

SSDEEP:

192:IttNuyhY+vKb3Q2sEg50LO3gg+5PprfiMX7XFQ+:mZKrQSg50L3h1JbrXFz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3644)
      • iexplore.exe (PID: 888)
      • iexplore.exe (PID: 3844)
      • iexplore.exe (PID: 1400)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2680)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3644)
      • iexplore.exe (PID: 1408)
      • iexplore.exe (PID: 480)
      • explorer.exe (PID: 276)
      • iexplore.exe (PID: 888)
      • iexplore.exe (PID: 3844)
      • iexplore.exe (PID: 1400)
      • chrome.exe (PID: 2680)
      • chrome.exe (PID: 2312)
      • chrome.exe (PID: 2676)
      • chrome.exe (PID: 2832)
      • chrome.exe (PID: 3916)
      • chrome.exe (PID: 4020)

    • Checks supported languages

      • iexplore.exe (PID: 1408)
      • iexplore.exe (PID: 3644)
      • iexplore.exe (PID: 480)
      • explorer.exe (PID: 276)
      • iexplore.exe (PID: 888)
      • iexplore.exe (PID: 1400)
      • iexplore.exe (PID: 3844)
      • chrome.exe (PID: 2680)
      • chrome.exe (PID: 1988)
      • chrome.exe (PID: 3916)
      • chrome.exe (PID: 560)
      • chrome.exe (PID: 2832)
      • chrome.exe (PID: 2676)
      • chrome.exe (PID: 2604)
      • chrome.exe (PID: 1612)
      • chrome.exe (PID: 2312)
      • chrome.exe (PID: 3092)
      • chrome.exe (PID: 3448)
      • chrome.exe (PID: 4020)
      • chrome.exe (PID: 2696)
      • chrome.exe (PID: 3696)
      • chrome.exe (PID: 3688)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1408)
      • iexplore.exe (PID: 480)
      • iexplore.exe (PID: 3644)
      • chrome.exe (PID: 3916)

    • Changes internet zones settings

      • iexplore.exe (PID: 1408)

    • Application launched itself

      • iexplore.exe (PID: 3644)
      • iexplore.exe (PID: 1408)
      • chrome.exe (PID: 2680)

    • Manual execution by user

      • explorer.exe (PID: 276)
      • chrome.exe (PID: 2680)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 480)
      • iexplore.exe (PID: 1408)
      • iexplore.exe (PID: 3644)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3644)
      • iexplore.exe (PID: 1400)
      • iexplore.exe (PID: 888)
      • iexplore.exe (PID: 3844)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1408)

    • Creates files in the user directory

      • iexplore.exe (PID: 1408)

    • Changes settings of System certificates

      • iexplore.exe (PID: 1408)

    • Reads the hosts file

      • chrome.exe (PID: 2680)
      • chrome.exe (PID: 3916)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
22
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe explorer.exe no specs iexplore.exe no specs iexplore.exe no specs iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1408"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\admin\AppData\Local\Temp\[email protected]"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3644"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
480"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:333057 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
276"C:\Windows\explorer.exe" C:\Windows\explorer.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1400"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:537615 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
888"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:603150 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3844"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:865331 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2680"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\admin\AppData\Local\Temp\foundation.htmlC:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
560"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e59d988,0x6e59d998,0x6e59d9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
2832"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,14453187563987345992,15760423622575056817,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1064 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Total events
30 499
Read events
30 058
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
125
Text files
107
Unknown types
8

Dropped files

PID
Process
Filename
Type
1408iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\V2ICIG8I.txttext
MD5:2E9CE8DC289C601FD59710022684A64C
SHA256:74DCB34B1C4FA573C9D10C120814144A1D36FED2FB89C5C6E115DCCF33D83754
1408iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\SSVE0A7G.txttext
MD5:DC749FB40AB0EF65E29F9CDB96EB7258
SHA256:88BB8407C875AAD6DDE49F63778A25D209DB5963B96C2A4EF45F66CD37BC1D8A
1408iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JC0RX18L.txttext
MD5:EC00C95F37F0650F65C70AC42278CF8D
SHA256:5C4A42E550C3279A045E76369B3890AF4C954A6CEE79D6D14E45A417962F3AE2
1408iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JAZVT2RL.txttext
MD5:D0D28710BA920E622FF14F22CBA1C7B0
SHA256:E94B14C63BD17C14DB157D81278217C974FF5AB3D6E480DE2FCE28E9F529FFFE
1408iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:ACE427D9E2E5197DA2F600C887DCFCB1
SHA256:9D985EC5E3675B2C7DED4535F7DE2CBE39934D67046E25C3D0466220FAFE9651
480iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:C3DC6AB8CAFECA75C9FE75141E3AC75B
SHA256:BAB388AFABDC103CE962F9A6492E4F134B9F273BE80237F077D2EAB93AF7B0F4
1408iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:121D3DAF4FAD9C4659277E1438EDA602
SHA256:E354C3EC98460596C3F9AE5852527C727C99B32BA440BA4D65922FA148672F5D
480iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:7DF11948760E3DEF68D7FBE2789C1DED
SHA256:C30159BF405507643DD92957FD682EB405C7A78FEBC2982174695EDBB43FD93A
1408iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\B6K3ZC2H.txttext
MD5:69487DFAD8D8BCBA1B04C265326E2627
SHA256:92550AE11C5DCB0591F945311D31B6B372CE280D00CE8F519A806E565962E737
1408iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\JDSBVRJ5.txttext
MD5:7D086EAB75C9BBBB9A7B7C5995937E7F
SHA256:CD3F4F8B7D5AB424E31930C2C7C9718DAFC97F3BD8CABDC43DB2736DC4552F58
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
44
DNS requests
30
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1408
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D
US
der
471 b
whitelisted
480
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3916
chrome.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
crx
242 Kb
whitelisted
1408
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
480
iexplore.exe
GET
200
2.16.186.89:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?566a14817dc7f284
unknown
compressed
4.70 Kb
whitelisted
1408
iexplore.exe
GET
200
2.16.186.89:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6484e3a23877cefd
unknown
compressed
4.70 Kb
whitelisted
480
iexplore.exe
GET
200
2.16.186.56:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8760f8e977f9b8e4
unknown
compressed
4.70 Kb
whitelisted
1408
iexplore.exe
GET
200
2.16.186.89:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?610a558198955de8
unknown
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1408
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1408
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1408
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
480
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
480
iexplore.exe
13.107.13.80:443
api.bing.com
Microsoft Corporation
US
whitelisted
1408
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
480
iexplore.exe
2.16.186.89:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
480
iexplore.exe
2.16.186.56:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
1408
iexplore.exe
2.16.186.89:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
3644
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ctldl.windowsupdate.com
  • 2.16.186.89
  • 2.16.186.56
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ieonline.microsoft.com
  • 204.79.197.200
whitelisted
go.microsoft.com
  • 104.111.242.51
whitelisted
www.msn.com
  • 131.253.33.203
whitelisted
query.prod.cms.msn.com
  • 40.83.186.94
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query to a *.pw domain - Likely Hostile
No debug info