analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.mediafire.com/file/582c2vsehr43xjx/7Clicker.rar/file

Full analysis: https://app.any.run/tasks/f8dcbc80-6073-48af-b763-20908cc8c927
Verdict: Malicious activity
Analysis date: January 23, 2019, 00:03:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1F7CD5FB76BE070C20B2E068D202AE5A

SHA1:

AECFD48A001DE1529DEEF3F18AA033F912216FE3

SHA256:

DA5C36423F5728D205D0FA3B7E9128C2BFA4B8FAEE40616049CBB4FEC6F092F8

SSDEEP:

3:N1KJS4w3eGUoQV2WKS+CZAzKA:Cc4w3eGe2lw3A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Creates files in the user directory

      • filezilla.exe (PID: 3688)
      • filezilla.exe (PID: 4024)
  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3228)
    • Creates files in the user directory

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2192)
      • iexplore.exe (PID: 3228)
      • firefox.exe (PID: 2572)
    • Changes internet zones settings

      • iexplore.exe (PID: 2948)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3228)
    • Application launched itself

      • iexplore.exe (PID: 2948)
      • firefox.exe (PID: 2572)
      • chrome.exe (PID: 3692)
      • chrome.exe (PID: 3048)
      • chrome.exe (PID: 2592)
      • chrome.exe (PID: 3848)
      • chrome.exe (PID: 2968)
      • chrome.exe (PID: 2076)
      • chrome.exe (PID: 2220)
      • chrome.exe (PID: 3328)
      • chrome.exe (PID: 3516)
      • chrome.exe (PID: 3312)
      • chrome.exe (PID: 3632)
      • chrome.exe (PID: 2316)
      • chrome.exe (PID: 3160)
      • chrome.exe (PID: 2980)
      • chrome.exe (PID: 3476)
      • chrome.exe (PID: 3776)
      • chrome.exe (PID: 2596)
      • chrome.exe (PID: 3076)
      • chrome.exe (PID: 4820)
      • chrome.exe (PID: 5068)
      • chrome.exe (PID: 4448)
      • chrome.exe (PID: 5480)
      • chrome.exe (PID: 4924)
      • chrome.exe (PID: 5532)
      • chrome.exe (PID: 4876)
      • chrome.exe (PID: 3108)
      • chrome.exe (PID: 2768)
      • chrome.exe (PID: 4524)
      • chrome.exe (PID: 4372)
      • chrome.exe (PID: 4976)
      • chrome.exe (PID: 4480)
      • chrome.exe (PID: 4220)
      • chrome.exe (PID: 4620)
      • chrome.exe (PID: 4548)
      • chrome.exe (PID: 6128)
      • chrome.exe (PID: 5288)
      • chrome.exe (PID: 4540)
      • chrome.exe (PID: 5744)
      • chrome.exe (PID: 4856)
      • chrome.exe (PID: 4124)
      • chrome.exe (PID: 5680)
      • chrome.exe (PID: 5928)
    • Reads CPU info

      • firefox.exe (PID: 3920)
      • firefox.exe (PID: 2800)
      • firefox.exe (PID: 2572)
      • firefox.exe (PID: 3724)
      • firefox.exe (PID: 3552)
      • firefox.exe (PID: 3544)
    • Reads settings of System Certificates

      • chrome.exe (PID: 2968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
151
Monitored processes
120
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs acrord32.exe no specs acrord32.exe no specs rdrcef.exe no specs rdrcef.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs filezilla.exe no specs filezilla.exe no specs firefox.exe filezilla.exe no specs firefox.exe filezilla.exe no specs filezilla.exe no specs firefox.exe firefox.exe firefox.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs opera.exe no specs chrome.exe no specs chrome.exe no specs opera.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2948"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3228"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2948 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2192C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
3064"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeexplorer.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Exit code:
1
Version:
15.23.20070.215641
3888"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=rendererC:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Exit code:
1
Version:
15.23.20070.215641
3932"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16448250C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe RdrCEF
Exit code:
3221225547
Version:
15.23.20053.211670
2732"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3932.0.2066875217\1448460402" --allow-no-sandbox-job /prefetch:673131151C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
15.23.20053.211670
2572"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
61.0.2
3596"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
61.0.2
2852"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
61.0.2
Total events
3 258
Read events
2 989
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
167
Text files
134
Unknown types
37

Dropped files

PID
Process
Filename
Type
3228iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediafire[1].txt
MD5:
SHA256:
3228iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ie.css_120998[1].php
MD5:
SHA256:
3228iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\master_120998[1].jstext
MD5:FBDC81976065185955362FC1F55553F1
SHA256:3536F143BA89A1E54A481E8809C1E709DCCE55DAA67A5721E4CFB7442C7F6DDD
3228iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\css[1].txttext
MD5:4C7DAD4090D0A72B34CC1BCD13885C73
SHA256:4CD4BD4AF907718DD6B740F3A4710FA82BD3EA724274EEFDE8D3DDB54DAB894F
3228iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\mfv3_120998[1].phptext
MD5:5E62F3E10379368A22427862DC34E5E1
SHA256:25B69E90E278E3707D6AF6EE1EDB201F1DA57DF7CED5DFF105C95CD43C406EBF
3228iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediafire[2].txttext
MD5:4E380A5245A89BD7BC2A9C996174DEBC
SHA256:5FF66C4BE8C89EECE63277D215EE3285D0A4FE6165146067491478DD227144A7
3228iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\api[1].jstext
MD5:5EEEC816ED17C9A3723C74EE926BF063
SHA256:B6B33FCFAD08B72F95371C2FA72640715F2D5B9C0F8D7EC2A86C10D5DEB608C9
3228iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\mem8YaGs126MiZpBA-UFVZ0f[1].eoteot
MD5:9DCE7F01715340861BDB57318E2F3FDC
SHA256:EE6885417A5772A42BE3280CF34581001CAFD5548D12B66B5466E53F05DABF96
3228iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ie.css_120998[1].phptext
MD5:C62A41328879F16C69A2CB9B0E08FD96
SHA256:2AB1C7856C7370B9D71C68118559C7C6D769A438D8659592B882278B22C73DEE
3228iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:D1884DF6997F70FC7EAAA319A385E4C2
SHA256:EBEDF26264A27B9C068B9BAB169539480480A2B725CB01D33D4E3144CDC707E4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
53
TCP/UDP connections
62
DNS requests
78
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3228
iexplore.exe
GET
302
104.19.194.29:80
http://www.mediafire.com/file/582c2vsehr43xjx/7Clicker.rar/file
US
shared
3228
iexplore.exe
GET
200
104.19.195.29:80
http://static.mediafire.com/css/ie.css_120998.php?ver=nonssl
US
text
2.71 Kb
shared
3228
iexplore.exe
GET
200
104.19.195.29:80
http://static.mediafire.com/css/ie.css_120998.php?ver=nonssl
US
text
2.71 Kb
shared
3228
iexplore.exe
GET
200
104.19.195.29:80
http://static.mediafire.com/js/master_120998.js
US
text
152 Kb
shared
3228
iexplore.exe
GET
200
104.19.195.29:80
http://static.mediafire.com/css/mfv3_120998.php?ver=nonssl
US
text
61.9 Kb
shared
3228
iexplore.exe
GET
200
104.19.195.29:80
http://static.mediafire.com/images/icons/dropdown-arrow-left-white.png
US
image
123 b
shared
3228
iexplore.exe
GET
200
104.19.195.29:80
http://static.mediafire.com/css/mfv3_120998.php?ver=nonssl
US
text
61.9 Kb
shared
3228
iexplore.exe
GET
200
104.19.195.29:80
http://static.mediafire.com/images/icons/mysteryman.png
US
image
452 b
shared
3228
iexplore.exe
GET
200
104.19.194.29:80
http://www.mediafire.com/blank.html
US
html
157 b
shared
3228
iexplore.exe
GET
404
104.19.194.29:80
http://www.mediafire.com/error.php?errno=323&quickkey=582c2vsehr43xjx&origin=download
US
html
28.2 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3228
iexplore.exe
216.58.205.234:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3228
iexplore.exe
172.217.18.100:443
www.google.com
Google Inc.
US
whitelisted
3228
iexplore.exe
172.217.168.227:443
fonts.gstatic.com
Google Inc.
US
whitelisted
3228
iexplore.exe
104.19.195.29:80
www.mediafire.com
Cloudflare Inc
US
shared
3228
iexplore.exe
157.240.1.23:80
connect.facebook.net
Facebook, Inc.
US
whitelisted
2948
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3228
iexplore.exe
172.217.22.67:443
www.gstatic.com
Google Inc.
US
whitelisted
3228
iexplore.exe
104.19.194.29:80
www.mediafire.com
Cloudflare Inc
US
shared
3228
iexplore.exe
172.217.22.42:80
ajax.googleapis.com
Google Inc.
US
whitelisted
3228
iexplore.exe
172.217.21.200:443
www.googletagmanager.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.mediafire.com
  • 104.19.194.29
  • 104.19.195.29
shared
static.mediafire.com
  • 104.19.195.29
  • 104.19.194.29
shared
fonts.googleapis.com
  • 216.58.205.234
whitelisted
fonts.gstatic.com
  • 172.217.168.227
whitelisted
www.google.com
  • 172.217.18.100
whitelisted
ajax.googleapis.com
  • 172.217.22.42
  • 172.217.22.74
  • 172.217.22.106
  • 216.58.210.10
  • 172.217.16.202
  • 172.217.18.106
  • 172.217.23.170
  • 216.58.205.234
  • 172.217.21.234
  • 172.217.22.10
  • 172.217.18.10
  • 172.217.18.170
  • 172.217.23.138
  • 216.58.206.10
  • 216.58.207.42
  • 216.58.207.74
whitelisted
www.gstatic.com
  • 172.217.22.67
whitelisted
www.googletagmanager.com
  • 172.217.21.200
whitelisted
connect.facebook.net
  • 157.240.1.23
whitelisted

Threats

No threats detected
No debug info