analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://insurancefraud.us1.list-manage.com/track/click?u=a440c5b647697de580a2fd586&id=f4d9244446&e=b3a3ca1808

Full analysis: https://app.any.run/tasks/ed361c1f-153a-481b-9c12-52af656c77c7
Verdict: Malicious activity
Analysis date: August 12, 2022, 17:38:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C9519097A8A5DFEE6EA064646C169E3D

SHA1:

39BE2528F24AD737D0CEB1FF53086FD55602EDB5

SHA256:

D95F37EF8D8599F6FAED489229705A6272CD91EA8037BB1ABD050B345FCAD534

SSDEEP:

3:N8LQYyCNULGGRXEGcJMkNcsSG91OuPMuNqB3OtEyUd3n:2rHNULEGcJMl21/MuQI2yE3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3944)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 3944)
      • iexplore.exe (PID: 3416)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3944)
      • iexplore.exe (PID: 3416)
    • Reads the computer name

      • iexplore.exe (PID: 3944)
      • iexplore.exe (PID: 3416)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3944)
      • iexplore.exe (PID: 3416)
    • Changes internet zones settings

      • iexplore.exe (PID: 3416)
    • Application launched itself

      • iexplore.exe (PID: 3416)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3944)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3416"C:\Program Files\Internet Explorer\iexplore.exe" "https://insurancefraud.us1.list-manage.com/track/click?u=a440c5b647697de580a2fd586&id=f4d9244446&e=b3a3ca1808"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3944"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3416 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
9 564
Read events
9 459
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
9
Text files
10
Unknown types
7

Dropped files

PID
Process
Filename
Type
3944iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\G1JP1M5J.txttext
MD5:F56DA7DB53003DEFA9C9C98FFE9FBBFF
SHA256:728570BF2EE65EB205B7E0937310A1CDAE36B9C20693661C5D982C4FA2548BC8
3944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:66B9E7578DA697CACFB6D77D7353309F
SHA256:5AC713FAB8BB390ECC0530029687353F0AD4A75F44259F18D475720BD26438B5
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:EE87BB11E233C12009CC11725035DBDC
SHA256:D82930A5B051B3C3F1639C24E83BDDF41D5AA66E467A0944D1AC3D59AE6330C5
3944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:E70BC0E8E439FA92F78734AB5E1E682F
SHA256:26112DB14ACF6F134E6EEBBA67E9BE6C64A16647F5EAEF46FDF0F19A3A656260
3944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62der
MD5:A7CDC811501D83BAF917E463902F4013
SHA256:0B35FBEE1934DC85028A604A80A7D13C273B6DB9B17AB7FF79F8F5BD561B3979
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:B97590ED4175F40E7F7C1D361C1AC0CC
SHA256:CB7EA4681499660A09A8507D425B97C7277C381D8EDB0E3D94A7D323ADB6AA21
3944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4Fder
MD5:6FAF4790347754548A5D117C2924C96F
SHA256:3D0CAF59233C54A2CD05FB52DE176C164869F75E618107578413B09C10D9C5D9
3944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:05C03029CE347DE897320F63B6B8C786
SHA256:838A123D47FCA7D2A4523FF5D3A096F364D82BA4B0A52DC50F95C970D6F10C85
3944iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RK40BYBC.txttext
MD5:17203877B0364E8B51C08F540C41C992
SHA256:775058B576AF8EC54B7043E679D0079650F2DC3833F6EAB63073E61A592FF239
3944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:C39BA84BA3E171BA576DE79B814DE921
SHA256:0A3221DC0EB89395A4B06B0161368300C6F6C933874AB64EF5B52181C698E7F4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
22
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3944
iexplore.exe
GET
200
13.225.84.49:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
3944
iexplore.exe
GET
200
13.225.84.175:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
3416
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3944
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
3944
iexplore.exe
GET
200
13.225.84.42:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
3944
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?029c0370863e3102
US
compressed
4.70 Kb
whitelisted
3944
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
3944
iexplore.exe
GET
200
13.225.84.88:80
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAJRJcPyb7UmwrcKbdnPRcE%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3944
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3416
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3944
iexplore.exe
96.16.159.175:443
insurancefraud.us1.list-manage.com
Akamai Technologies, Inc.
US
suspicious
3944
iexplore.exe
13.225.84.42:80
o.ss2.us
US
unknown
3944
iexplore.exe
13.225.78.15:443
www.surveymonkey.com
US
suspicious
3944
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3944
iexplore.exe
13.225.84.49:80
ocsp.rootg2.amazontrust.com
US
whitelisted
3944
iexplore.exe
104.17.25.14:443
cdnjs.cloudflare.com
Cloudflare Inc
US
suspicious
3416
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
insurancefraud.us1.list-manage.com
  • 96.16.159.175
suspicious
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.surveymonkey.com
  • 13.225.78.15
  • 13.225.78.117
  • 13.225.78.11
  • 13.225.78.16
whitelisted
o.ss2.us
  • 13.225.84.42
  • 13.225.84.66
  • 13.225.84.97
  • 13.225.84.68
whitelisted
ocsp.rootg2.amazontrust.com
  • 13.225.84.175
  • 13.225.84.145
  • 13.225.84.13
  • 13.225.84.49
whitelisted
ocsp.rootca1.amazontrust.com
  • 13.225.84.49
  • 13.225.84.175
  • 13.225.84.13
  • 13.225.84.145
shared
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
whitelisted

Threats

No threats detected
No debug info