analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://track.amishbrand.com

Full analysis: https://app.any.run/tasks/8027c003-6a89-45e0-a07c-0cfa9e78955f
Verdict: Malicious activity
Analysis date: March 14, 2019, 17:19:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

2BB932057D997C53F146DD8B15F39CB4

SHA1:

D61CDC4DBA8810FDC34FD7C34659FD7684E6A321

SHA256:

DBDD572A116BEAE7FFBA96B644E69244E595FD4B46D359F46E151168A725E313

SSDEEP:

3:N1KKXEGaXZT:CKXvET

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes scripts

      • iexplore.exe (PID: 3368)

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 3988)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3368)

    • Application launched itself

      • iexplore.exe (PID: 3368)

    • Changes internet zones settings

      • iexplore.exe (PID: 3368)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wscript.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3368"C:\Program Files\Internet Explorer\iexplore.exe" http://track.amishbrand.comC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3988"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3368 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3192"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\s_code[1].js" C:\Windows\System32\WScript.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Total events
715
Read events
640
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
3
Unknown types
2

Dropped files

PID
Process
Filename
Type
3988iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\track_amishbrand_com[1].htm
MD5:
SHA256:
3368iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
3368iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3368iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.datdat
MD5:426AA4A8C2869AA999542D04E5476B8D
SHA256:66D6F0F5049B86D2CCDDC02EC0B0386E57A98E844DD760342CD71681C6A3114A
3368iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:C805264D42780260F0FF8051AD9D8F58
SHA256:55D5E5F9A7F4EE418C46769768C3791677B82AD341D2E284F88BCB140A4F0B9E
3988iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019031420190315\index.datdat
MD5:6C0D6FF6403749BC7B98C2E002B0E839
SHA256:50C447193F5D1ECE99BF8E2886E64729F2BB7178B657AE7B91F20CA12C98380C
3368iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\s_code[1].js:Zone.Identifiertext
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
3368iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].pngimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
3
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3988
iexplore.exe
GET
200
81.4.122.193:80
http://track.amishbrand.com/
NL
malicious
3368
iexplore.exe
GET
200
81.4.122.193:80
http://track.amishbrand.com/favicon.ico
NL
malicious
3988
iexplore.exe
GET
200
81.4.122.193:80
http://track.amishbrand.com/s_code.js
NL
malicious
3988
iexplore.exe
GET
200
81.4.122.193:80
http://track.amishbrand.com/s_code.js
NL
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3368
iexplore.exe
81.4.122.193:80
track.amishbrand.com
RouteLabel V.O.F.
NL
malicious
3368
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3988
iexplore.exe
81.4.122.193:80
track.amishbrand.com
RouteLabel V.O.F.
NL
malicious

DNS requests

Domain
IP
Reputation
track.amishbrand.com
  • 81.4.122.193
unknown
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://track.amishbrand.com