analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/f47b703f-2137-4775-ba09-bcbb0b68d499
Verdict: Malicious activity
Analysis date: March 14, 2019, 10:36:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

8BB43B744CFDECA7C7AD993B9D87FD7C

SHA1:

BAEAC6B217198A6542226B4396D7AEE25C953E1A

SHA256:

DBA1290560DE31B271E37F3A5D7397F997E048BBA21657825CD9DA1787772BB3

SSDEEP:

768:MJHdop+eeKbnA7OhgP4GnjDwCeYLxFCOmRg6y14VgrsP+w:8dop+eeKbnA7O/GXwsxFLmAnsGw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 3892)

    • Changes internet zones settings

      • iexplore.exe (PID: 3488)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3892)

    • Application launched itself

      • iexplore.exe (PID: 3488)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3892)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3892)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3488)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

gdpr: 1
themeColor: #fff
viewport: width=device-width, initial-scale=1
Robots: all
Author: Uptodown Technologies SL
Keywords: winqsb, winqsb windows 7, descargar winqsb, descargar winqsb gratis, software gratuitos en espanol para la toma de decisiones, winqsb mac crossover, demo de simulador de toma de decisiones
Description: Descargar WinQSB 2.0. ¿Necesitas una ayuda en la toma de decisiones?. WinQSB es una herramienta cuyo objetivo es facilitarnos la labor en la toma de decisiones empresariales, El programa está dividido en una serie de módulos que nos ayudarán en los distintos tipos de tomas de decisiones. Así, tenemos
Title: WinQSB 2.0 - Descargar
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3488"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3892"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3488 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
444
Read events
355
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
1
Text files
14
Unknown types
2

Dropped files

PID
Process
Filename
Type
3488iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
3488iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\logo[1].pngimage
MD5:B24732198E72EED13B49787462763B8E
SHA256:C69A37DD5CEF48BDFCAE78363A0C1D28EF2B1DD001147126F4900A4457B85F9E
3892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\winqsb-1[1].jpgimage
MD5:7F4323CE96E2B3355B074BDA29270D96
SHA256:13C02FF91A3AAEFA41A2EBEA90CEB50D835375416F33B6BB2140FF0C933E6382
3892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\flags[1].pngimage
MD5:833B3E44D149DE05236D4D5303228D91
SHA256:AF2EBF3A4AB248D59348EEEBE0D9C52CEDC2AA2EA054FF37271A72F3CF8F04A8
3892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_1af561562dc04fe1c0b5fc708b878eafb75129_0f2eee39\Report.werbinary
MD5:88DD0CD4F52F0FB50C9B9C23EFC28005
SHA256:97E418E1576EF51A83C6FAC8995BB1BF955A582BC5BF06320668EA5E6DC00C4A
3892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\winqsb-001[1].jpgimage
MD5:7F4323CE96E2B3355B074BDA29270D96
SHA256:13C02FF91A3AAEFA41A2EBEA90CEB50D835375416F33B6BB2140FF0C933E6382
3892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\app.es.280[1].csstext
MD5:7AE0CB45287B89597989DC7A20A34758
SHA256:4822B5318C8F42725EA346D927CCCA73F72BEBB85671C8B3A94F1AA891CE8862
3892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\logo_new[1].pngimage
MD5:2CAF9C77B1F7CA57E30B791E5F923840
SHA256:42F12B2FFDDA5BC781197C783C933DA14C47FE83FCD9A3110A3C6BF08FFC8BEF
3892iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.datdat
MD5:99D11B391B42E2ECBD3459EF0978BCF0
SHA256:8426B287DC2139B6584037B6FA31C5A447637D2FE59CD25B40215DDCBB8C3092
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
17
DNS requests
5
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3488
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3892
iexplore.exe
216.58.208.34:443
www.googletagservices.com
Google Inc.
US
whitelisted
3488
iexplore.exe
23.67.137.76:443
stc.utdstc.com
Akamai International B.V.
NL
whitelisted
3892
iexplore.exe
23.67.137.76:443
stc.utdstc.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
stc.utdstc.com
  • 23.67.137.76
suspicious
www.googletagservices.com
  • 216.58.208.34
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
img.utdstc.com
  • 23.67.137.76
whitelisted
www.uptodown.com
  • 23.67.137.76
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html