analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.sanlorenzoyacht.com

Full analysis: https://app.any.run/tasks/2c017400-cc60-4139-8115-278ef8a7f15c
Verdict: Malicious activity
Analysis date: September 30, 2020, 08:26:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

6F595BC3E5135A731DBB3C19091F9C82

SHA1:

0CE8FDBD85704C102EE4F94EC98CCD7F36143E77

SHA256:

DD213FF701BA5D5BE29C09BCAC5A8221A7B0D4D39687A1F94DD76942AEE57E7B

SSDEEP:

3:N8DSL0XfQ2:2OLmx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 628)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 628)
      • iexplore.exe (PID: 1468)

    • Application launched itself

      • iexplore.exe (PID: 628)

    • Changes internet zones settings

      • iexplore.exe (PID: 628)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 628)

    • Changes settings of System certificates

      • iexplore.exe (PID: 628)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1468)

    • Creates files in the user directory

      • iexplore.exe (PID: 1468)
      • iexplore.exe (PID: 628)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
628"C:\Program Files\Internet Explorer\iexplore.exe" https://www.sanlorenzoyacht.comC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1468"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:628 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
408
Read events
330
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
42
Text files
112
Unknown types
40

Dropped files

PID
Process
Filename
Type
1468iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabB164.tmp
MD5:
SHA256:
1468iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarB165.tmp
MD5:
SHA256:
1468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\jquery.fancybox[1].csstext
MD5:DBDB72C29EF0037544656BD1C53C3D94
SHA256:513C3685155CA40958A74B71F24A938B7D07CEDDD08D274277F4013312173451
1468iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220der
MD5:EFB1ED1E8AD40B5C6E01D99719CAF474
SHA256:1DCF71275AA614238230E4C0D2F71DE285F9EAEA7AA00CD7C94D6D1B35238FA2
1468iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RE8QKA3R.txttext
MD5:1B5A84EBDC9F41E991DAA671549953D6
SHA256:F8C6D82B24DE3C2B15EAE8D369A16157CAE3346DF010E27EDB5E528FBD26FC63
1468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\style[1].csstext
MD5:2E4C6B61681AB9CC39D49C73900B5466
SHA256:5D2F4E4D635ED4F3DBFB0F9A6614D4113AF7F995FDFFE0347D620AA24AF2B5C8
1468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\datepicker[1].csstext
MD5:B5F2AC3C3E20AF1039A4D00E712B5BBB
SHA256:BB17324A56D686CF65B2AF76DFB38C41A8AABEB7C9D265051AFCD697BC853625
1468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\jquery.fancybox-1.3.4-min[1].csstext
MD5:CF321F190CBBDE88DAD694ABE46D84D9
SHA256:D285C913428C5EC7830E698DBF330071BD1F5B9229AA365E89B6DBFCD04BDC1F
1468iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EY4VAXO6.txttext
MD5:253D5AB7EE7D67DD5AB777ACD3CCF1CC
SHA256:DE0DFB63A9796763DE2CFD4E641F0390EFCB27C4C09576B003D2D603A95BCF9C
1468iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\layout-home[1].csstext
MD5:C24AD8BB59570A7BD8CF460A29972B33
SHA256:DC2D0A17633CEB3AF06B1CF2C76397ADD6C0393D98F05EFF12994A9184B6C63C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
49
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1468
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEArLKLpGXuU5CHZ0cPPNxhI%3D
US
der
471 b
whitelisted
1468
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D
US
der
727 b
whitelisted
1468
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
1468
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTnvAI%2FnN49qPTJY2qTQtfkLxjvEAQUo53mH%2FnaOU%2FAbuiRy5Wl2jHiCp8CEAFlK6jKOKePWQ%2BgvKM%2B9nQ%3D
US
der
312 b
whitelisted
1468
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAT%2FaBG%2BJBrPQTGNtW7lyUM%3D
US
der
471 b
whitelisted
628
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
1468
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
628
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
1468
iexplore.exe
GET
200
216.58.206.3:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
1468
iexplore.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/DigiCertGlobalRootCA.crl
US
der
631 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1468
iexplore.exe
104.16.160.16:443
static.getclicky.com
Cloudflare Inc
US
shared
628
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1468
iexplore.exe
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
1468
iexplore.exe
104.31.91.118:443
www.sanlorenzoyacht.com
Cloudflare Inc
US
malicious
1468
iexplore.exe
209.197.3.24:443
code.jquery.com
Highwinds Network Group, Inc.
US
malicious
1468
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
209.197.3.24:443
code.jquery.com
Highwinds Network Group, Inc.
US
malicious
1468
iexplore.exe
216.58.207.40:443
www.googletagmanager.com
Google Inc.
US
whitelisted
1468
iexplore.exe
104.17.79.107:443
cdnjs.cloudflare.com
Cloudflare Inc
US
suspicious
628
iexplore.exe
104.31.91.118:443
www.sanlorenzoyacht.com
Cloudflare Inc
US
malicious

DNS requests

Domain
IP
Reputation
www.sanlorenzoyacht.com
  • 104.31.91.118
  • 104.31.90.118
  • 172.67.146.39
malicious
code.jquery.com
  • 209.197.3.24
whitelisted
cdnjs.cloudflare.com
  • 104.17.79.107
  • 104.17.78.107
whitelisted
static.getclicky.com
  • 104.16.160.16
  • 104.16.221.29
whitelisted
ocsp.comodoca.com
  • 151.139.128.14
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
www.googletagmanager.com
  • 216.58.207.40
whitelisted
connect.facebook.net
  • 157.240.20.19
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.sanlorenzoyacht.com