analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://wwrcgjhzlrr.gq

Full analysis: https://app.any.run/tasks/675b853d-e1b6-40fb-8b31-1174a0f0f8da
Verdict: Malicious activity
Analysis date: March 14, 2019, 19:40:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

7C606D8F1BBA2956AC9B93CE42C69097

SHA1:

E700CDDFA3DA8230C7F1A1C17615482101EBCEDD

SHA256:

DD3BB0C57513F993DAD96518D8E1E2A9C0AF0EA3798A6CA237F160F39989D67D

SSDEEP:

3:N1KJSFjWU:CcBWU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3140)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3140)

    • Application launched itself

      • iexplore.exe (PID: 2848)

    • Creates files in the user directory

      • iexplore.exe (PID: 3140)
      • iexplore.exe (PID: 2848)

    • Changes internet zones settings

      • iexplore.exe (PID: 2848)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2848"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3140"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2848 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
435
Read events
373
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
2
Text files
45
Unknown types
3

Dropped files

PID
Process
Filename
Type
2848iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
2848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\wwrcgjhzlrr_gq[1].txt
MD5:
SHA256:
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\http_404[1]html
MD5:4CD84A1B063BF6DEA53E06755EF9E24D
SHA256:988CC4B451673F847D823C9D9BA14AD50D3CA1141BC1E17C6415B8F64B6E1C22
3140iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@wwrcgjhzlrr[1].txttext
MD5:8DB2E4C815D2487351639BC2331218CF
SHA256:4D3512B27B7F12D1D387AAFDB8AB2CF24DCC6F8910F4CF9E4230B3C7E75CA22A
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\addthis_widget[1].jstext
MD5:2DCDC09915E27096AAC1811C236E328B
SHA256:AE3EA387B378C0292D88B248F89469115159836AA628D33862E409F2CC7BA67A
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\http_404[2]html
MD5:4CD84A1B063BF6DEA53E06755EF9E24D
SHA256:988CC4B451673F847D823C9D9BA14AD50D3CA1141BC1E17C6415B8F64B6E1C22
2848iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019031420190315\index.datdat
MD5:2E8F2BA8C71B7CA644A8F44388230065
SHA256:6864212460B6E0DE1856BEBAF597C93E091B99B6C32E377F47F135931FD4886E
3140iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@freebooks[1].txttext
MD5:4091BB2A4BB6BB6C5727B7E606FBAEFC
SHA256:08ACE8C2BCC4F3BDB452C78D71FB16CC8404C276171EC813DA4BD56236E2C701
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\wwrcgjhzlrr_gq[1].htmhtml
MD5:ED647240671DB5AA0E37C8B15FBFF25F
SHA256:9B2F064CCC276A1A969757037847208044416E54EB09245DFAE8BB9900A6BF22
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
33
TCP/UDP connections
8
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3140
iexplore.exe
GET
301
104.24.122.127:80
http://freebooks.me/get-file.pdf?q=2003_isuzu_rodeo_radio_wiring_diagram
US
shared
3140
iexplore.exe
GET
301
104.24.122.127:80
http://freebooks.me/get-file.pdf?q=2003_isuzu_rodeo_wiring
US
shared
3140
iexplore.exe
GET
200
23.210.248.44:80
http://s7.addthis.com/js/300/addthis_widget.js
NL
text
109 Kb
whitelisted
3140
iexplore.exe
GET
200
104.28.6.147:80
http://wwrcgjhzlrr.gq/
US
html
1.60 Kb
suspicious
3140
iexplore.exe
GET
404
104.24.123.127:80
http://www.freebooks.me/get-file.pdf?q=2003_isuzu_rodeo_radio_wiring_diagram
US
html
221 b
shared
3140
iexplore.exe
GET
302
104.28.6.147:80
http://wwrcgjhzlrr.gq/6938d2/2003_isuzu_rodeo_radio_wiring_diagram.pdf
US
compressed
187 b
suspicious
3140
iexplore.exe
GET
301
104.24.122.127:80
http://freebooks.me/get-file.pdf?q=2003_hyundai_santa_fe_fuse_box_diagram
US
shared
3140
iexplore.exe
GET
301
104.24.122.127:80
http://freebooks.me/get-file.pdf?q=2003_interior_fuse_box
US
shared
3140
iexplore.exe
GET
302
104.28.6.147:80
http://wwrcgjhzlrr.gq/bd24e1/2003_isuzu_rodeo_wiring.pdf
US
compressed
187 b
suspicious
3140
iexplore.exe
GET
404
104.24.123.127:80
http://www.freebooks.me/get-file.pdf?q=2003_interior_fuse_box
US
html
221 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2848
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3140
iexplore.exe
23.210.248.44:80
s7.addthis.com
Akamai International B.V.
NL
whitelisted
3140
iexplore.exe
209.197.3.15:443
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
2848
iexplore.exe
104.28.6.147:80
wwrcgjhzlrr.gq
Cloudflare Inc
US
shared
3140
iexplore.exe
104.24.123.127:80
freebooks.me
Cloudflare Inc
US
shared
3140
iexplore.exe
104.24.122.127:80
freebooks.me
Cloudflare Inc
US
shared
2848
iexplore.exe
104.28.7.147:80
wwrcgjhzlrr.gq
Cloudflare Inc
US
shared
3140
iexplore.exe
104.28.6.147:80
wwrcgjhzlrr.gq
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
wwrcgjhzlrr.gq
  • 104.28.6.147
  • 104.28.7.147
suspicious
s7.addthis.com
  • 23.210.248.44
whitelisted
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
freebooks.me
  • 104.24.122.127
  • 104.24.123.127
unknown
www.freebooks.me
  • 104.24.123.127
  • 104.24.122.127
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .gq Domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://wwrcgjhzlrr.gq