analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.business.att.com/industries/manufacturing.html?source=EBBZeqACQ00Wel00E&wtExtndSource=T108202019Bst&LNS=EM_OT_MLT_VTGBLWttB_0819&LinkID=bannerManuf&elqTrackId=91d97ba766284aa9996a918c4a2b980a&elq=baaf10220c14421096576d6de23db18d&elqaid=3560&elqat=1&elqCampaignId=665&elqcst=272&elqcsid=3545

Full analysis: https://app.any.run/tasks/c3750cc2-6254-4481-bad8-9688f7f8630d
Verdict: Malicious activity
Analysis date: July 12, 2020, 09:57:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

7505EB75E8CA4C0014F8E23E708F942E

SHA1:

67F6B7FE61240DFFF6AAE76271D5DB5C59628267

SHA256:

D37FE15E6A3B05CDC6CFB38F582E1AB9011D6A5A4A5CA088136D0BF162F65016

SSDEEP:

6:2OLwCLtGbYQ5CwUWc/KpusHwnn6H/nkfISCC8mKrRXlqAY+LWDLgxDYQX2:2aLwbYtw08YKQISCC8mARXlnLWXakM2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2324)
      • iexplore.exe (PID: 2620)
    • Changes internet zones settings

      • iexplore.exe (PID: 2620)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2324)
    • Creates files in the user directory

      • iexplore.exe (PID: 2324)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2324)
      • iexplore.exe (PID: 2620)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2620)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2620)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2620"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.business.att.com/industries/manufacturing.html?source=EBBZeqACQ00Wel00E&wtExtndSource=T108202019Bst&LNS=EM_OT_MLT_VTGBLWttB_0819&LinkID=bannerManuf&elqTrackId=91d97ba766284aa9996a918c4a2b980a&elq=baaf10220c14421096576d6de23db18d&elqaid=3560&elqat=1&elqCampaignId=665&elqcst=272&elqcsid=3545"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2324"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2620 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
5 936
Read events
743
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
56
Text files
37
Unknown types
35

Dropped files

PID
Process
Filename
Type
2324iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabABC2.tmp
MD5:
SHA256:
2324iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarABD3.tmp
MD5:
SHA256:
2324iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y430FQO0.txt
MD5:
SHA256:
2620iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\detm-container-ftr[1].jstext
MD5:8C1B899D417B2A0283AFE21B836DA604
SHA256:178FAB8F721F7639665EC6EF300452E94387AEE858D14300D1EF5C3D98442A01
2324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\clientlibs-jquery.min[1].jstext
MD5:01F260E90627A442694D2CAA80CA9829
SHA256:E25EFF5325916218CCB5703420FDB590286DF2F830A2E30E3AF7E99E864791DC
2324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\clientlibs-insights-container-page.min[1].jstext
MD5:D89458277C6D7A80403DC41D393F820C
SHA256:EF6276F247E7B863DA6493F1065DFD46AC1DD5A2C620DA44CA5FE229068CD43B
2324iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27Cbinary
MD5:45A49292D2928B83F8A6111D67AEE2FD
SHA256:0E13E7EFBA7A320F7741F1F65528A8D06F7917ABEA5250C78D2563241B58EB79
2324iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6binary
MD5:A5BEFD7EDC4CE49A8CFBAA116604A306
SHA256:A79915F989FDC4F467EEFFC7FC2E3A716A7724C74A6ECCD4BB6C1D30E2793EB1
2324iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\detm-container-hdr[1].jstext
MD5:D6DB5F95CBBEA73885248955D2EA35E3
SHA256:0EC515C4A78B150FFE85C20ABE0E36A5D57B6BA142E398FE824653FF0D51BD66
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
45
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2324
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2324
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2324
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
2620
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
2324
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCED4r%2FOxfZt%2BRCAAAAABH74c%3D
US
der
471 b
whitelisted
2324
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEH4Q2QH3rAPNCAAAAABH744%3D
US
der
471 b
whitelisted
2324
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBzaDxa68rqhAgAAAABvB7Y%3D
US
der
471 b
whitelisted
2324
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBzaDxa68rqhAgAAAABvB7Y%3D
US
der
471 b
whitelisted
2324
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEAar2mu0dHehCAAAAABH74o%3D
US
der
471 b
whitelisted
2324
iexplore.exe
GET
200
216.58.207.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEAar2mu0dHehCAAAAABH74o%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2324
iexplore.exe
84.53.165.28:443
www.business.att.com
Akamai Technologies, Inc.
US
unknown
2324
iexplore.exe
104.111.216.57:443
www.att.com
Akamai International B.V.
NL
whitelisted
2324
iexplore.exe
34.243.136.226:443
dpm.demdex.net
Amazon.com, Inc.
IE
unknown
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2324
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
34.243.136.226:443
dpm.demdex.net
Amazon.com, Inc.
IE
unknown
2324
iexplore.exe
172.217.18.102:443
fls.doubleclick.net
Google Inc.
US
suspicious
172.217.18.110:443
www.youtube.com
Google Inc.
US
whitelisted
2324
iexplore.exe
172.217.22.34:443
www.googleadservices.com
Google Inc.
US
whitelisted
2324
iexplore.exe
172.217.18.110:443
www.youtube.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.business.att.com
  • 84.53.165.28
suspicious
ocsp.digicert.com
  • 93.184.220.29
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.att.com
  • 104.111.216.57
suspicious
dpm.demdex.net
  • 34.243.136.226
  • 54.76.175.152
  • 34.241.125.133
  • 34.248.119.134
  • 52.209.239.68
  • 52.211.89.62
  • 52.30.78.155
  • 108.128.26.56
whitelisted
fls.doubleclick.net
  • 172.217.18.102
whitelisted
www.youtube.com
  • 172.217.18.110
  • 172.217.22.46
  • 172.217.21.206
  • 172.217.21.238
  • 172.217.23.142
  • 216.58.205.238
  • 172.217.22.14
  • 216.58.206.14
  • 172.217.18.14
  • 172.217.18.174
  • 216.58.207.78
  • 172.217.23.110
  • 216.58.212.142
  • 216.58.212.174
  • 172.217.16.174
  • 216.58.208.46
whitelisted
customer.cludo.com
  • 104.20.124.103
  • 104.20.123.103
whitelisted
ocsp.pki.goog
  • 216.58.207.67
whitelisted

Threats

No threats detected
No debug info