URL:

ok.ru

Full analysis: https://app.any.run/tasks/ffb81f2e-54c7-4fcf-85b7-fe5be4b2f93f
Verdict: Malicious activity
Analysis date: March 03, 2024, 21:41:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D7C190408BF6B9A4921796A3AA767C54

SHA1:

DC6DE505EEC7AA3940B4335C7D445CD199E495D9

SHA256:

D306ECDB5F4FC2045E6C5007CAE14509C75269CD92D2BEA0FF92625D2573B0C6

SSDEEP:

3:hAn:hA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3240)

    • The process uses the downloaded file

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 1576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_32_0_0_453_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1432"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3240 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1576C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exe -EmbeddingC:\Windows\System32\Macromed\Flash\FlashUtil32_32_0_0_453_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 32.0 r0
Exit code:
0
Version:
32,0,0,453
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_32_0_0_453_activex.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3240"C:\Program Files\Internet Explorer\iexplore.exe" "ok.ru"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
26 742
Read events
26 518
Write events
184
Delete events
40

Modification events

(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31092147
(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31092147
(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3240) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
52
Text files
316
Unknown types
22

Dropped files

PID
Process
Filename
Type
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12A1736FBE808EF62839E8053F12105Fder
MD5:538614744F7CD4E0BEDE53AD2A54BFD7
SHA256:CD16318ED1AFC16A9A31881E3304D42652FD9D0E09C484DA870010468CC6C53C
1432iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ncore.b5530b5c[1].csstext
MD5:B5530B5CD4A1CE91AD51045F419CC748
SHA256:1DBA1CCC22CE5232597512F016043A973920C56EFBC13C86A217EF0D6D858F0F
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:C582AFD6EBABE1ED865E905BEF45E559
SHA256:FA9AC16964A47B18184766964759B6D81AD49E78C7290A545462EAEFABA43490
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:19B04A54C89370052D1402DA79E9F262
SHA256:556CE638967D659A1828AF15FAFD3136D3AF0DC892F7A5C45E55FBDFC338829A
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:DE98EED0C7C9E98B9ACFD0801D1CD5E3
SHA256:06C93F8473AD13F1E3AB430A8731EE0D2634FE2D1D369AE65CF9D84065BB37A5
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12A1736FBE808EF62839E8053F12105Fbinary
MD5:41414B60B00AF60B6E9AB2BF9BDC68D6
SHA256:71931765351BD66095A9423BBBA1F8F07D7463084DCC57E6F4B98A752CC02CDD
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3der
MD5:28877B6AAF5DF4669818333AFF45C10E
SHA256:71A0C786DAC4BD95040720BF33C681A53FAEDCA8724C3AFF6B904938DD3A707A
1432iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SRZUCU66.txttext
MD5:A75921156176A1D8EF5C7FAC34721EA9
SHA256:9F071A6A13334F181F1F42D641DC08E7993533C0B6E896123A7DB98FF58A3C7A
1432iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\VEEDYNZT.htmhtml
MD5:FE84A3A31CB56EDD2B99C34931879581
SHA256:95741CEADD3DA6CF58E96A3F4E9205F19A4069094E41F4A8E7CD4448DFC9BF1D
1432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3binary
MD5:72F6172562BF612E6355DF328615F4FC
SHA256:1FD297F87EEDB421CB393B0A33E7ABBDDBFD5E2FDAB6A7ACC79481B0BBE3BAAE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
105
DNS requests
50
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1432
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bd117e088266f0f9
GB
unknown
1432
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
binary
1.41 Kb
unknown
1432
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
unknown
binary
1.40 Kb
unknown
1432
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDAJYICVicVfMPUlEtg%3D%3D
unknown
binary
1.40 Kb
unknown
1432
iexplore.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEH1ZfRmkcbmIEJt1GKpWSOU%3D
US
binary
471 b
unknown
1432
iexplore.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
binary
1.41 Kb
unknown
1432
iexplore.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
binary
724 b
unknown
1432
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDChe9Hbd%2BEpRcId0mw%3D%3D
unknown
binary
1.40 Kb
unknown
1432
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyI%2BPTVbmSvIKrQ%3D
unknown
binary
1.40 Kb
unknown
1432
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D
unknown
binary
1.41 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
1432
iexplore.exe
217.20.155.13:80
ok.ru
LLC VK
RU
unknown
1432
iexplore.exe
217.20.155.13:443
ok.ru
LLC VK
RU
unknown
1432
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1432
iexplore.exe
104.18.21.226:80
ocsp.globalsign.com
CLOUDFLARENET
shared
1432
iexplore.exe
104.18.20.226:80
ocsp.globalsign.com
CLOUDFLARENET
shared
1432
iexplore.exe
142.250.185.200:443
www.googletagmanager.com
GOOGLE
US
unknown
1432
iexplore.exe
217.20.152.226:443
st.mycdn.me
LLC VK
RU
unknown

DNS requests

Domain
IP
Reputation
ok.ru
  • 217.20.155.13
  • 5.61.23.11
  • 217.20.147.1
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
ocsp2.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
st.mycdn.me
  • 217.20.152.226
  • 217.20.147.7
  • 217.20.156.72
  • 217.20.155.82
unknown
www.googletagmanager.com
  • 142.250.185.200
whitelisted
ocsp.pki.goog
  • 142.250.74.195
whitelisted
mc.yandex.ru
  • 77.88.21.119
  • 87.250.251.119
  • 87.250.250.119
  • 93.158.134.119
whitelisted
top-fwz1.mail.ru
  • 95.163.52.67
whitelisted
www.google-analytics.com
  • 142.250.185.174
whitelisted

Threats

No threats detected
No debug info