URL:

proxyninja.org

Full analysis: https://app.any.run/tasks/b6079466-c98b-4ece-bf12-4bce48ec1e2c
Verdict: Malicious activity
Analysis date: October 26, 2023, 12:25:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

BB6464191C58AD8CD511AB6B3B1436975BB5E5A8

SHA256:

DF67089DCB40B99ED72F21FB9FBBE3F70030EB20F7FBAC68F122F0F7CF2BE5FF

SSDEEP:

3:oZEoCn:o6fn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 4024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3184"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4024 CREDAT:3282188 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sechost.dll
3404"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4024 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4024"C:\Program Files\Internet Explorer\iexplore.exe" "proxyninja.org"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
21 894
Read events
21 807
Write events
85
Delete events
2

Modification events

(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4024) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
44
Text files
63
Unknown types
0

Dropped files

PID
Process
Filename
Type
3404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\JS7TMBS2text
MD5:FDA44910DEB1A460BE4AC5D56D61D837
SHA256:933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
3404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\limetorrents[1].pngimage
MD5:5B4CA8051BCDD8B8606028880AE722DF
SHA256:2B2CB370508CD7B84BF7B470CD6F6EA5CB446CC7AC6F7B4954572AB4441447AA
3404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\logo[1].pngimage
MD5:7BEDE119F72E47C2DD9F8E8D607F9816
SHA256:20D5B82E4235FE7AC28EB3F1582C70697BD85861E8FB6482FA641E173A31847E
3404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:F85EDE3B9ABE4FF649B2E55DE237CA1F
SHA256:6BA5AE6D8B1874DC2E79BCB9857F9E61095CC9EDDE254BF89BF9D4441BCB2064
3404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\eztv[1].pngimage
MD5:617DDB69AA46700F503B83ED20D06912
SHA256:FD361790EEBAD5F3078EFA80BBDBC0282DDB4C0FA9671FED13B8EC71247AA7DD
3404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\kickass[1].pngimage
MD5:EEBC2868EF60AB5C1070185E7B711C55
SHA256:5E691C98939CE4B9A21F981CEF72F4260762589725996EEB45CE3AF636C40125
3404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\1337x[1].pngimage
MD5:8FDD21FE0AF9F979259AED5F2AF9F965
SHA256:85DBE341CE74828C2592A4421335077066A3D6B7033341ACB688B8083BA454EE
3404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\0Y6L2YVI.htmhtml
MD5:5AD4A45AE201013285987A18D4F9100A
SHA256:769492EFB71471174CEFBED4FC335A55C25A57EF3431108C76C994913A70BB47
3404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3404iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\yts[1].pngimage
MD5:BAA187EAD44A1547F5C847FE335154B5
SHA256:B3B35F86E23DFF469C9AC3F5406207603B7EABE80279FFD7A785939CCC8ADB89
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
61
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3404
iexplore.exe
GET
200
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?74fcf55ea3fc841e
US
compressed
4.66 Kb
unknown
3184
iexplore.exe
GET
200
2.16.241.8:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgN%2FMg6Z0nAlFpgApvftFnBTpg%3D%3D
DE
binary
503 b
unknown
3184
iexplore.exe
GET
200
23.60.200.134:80
http://x1.c.lencr.org/
DE
binary
717 b
unknown
3404
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
binary
1.47 Kb
unknown
4024
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
US
binary
313 b
unknown
3184
iexplore.exe
GET
200
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?7eec0797cc6f31f4
US
compressed
61.6 Kb
unknown
3184
iexplore.exe
GET
200
95.140.236.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?3ac685dbbc3e178d
US
compressed
61.6 Kb
unknown
3184
iexplore.exe
GET
200
2.16.241.8:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgN%2FMg6Z0nAlFpgApvftFnBTpg%3D%3D
DE
binary
503 b
unknown
3184
iexplore.exe
GET
200
2.16.241.8:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgS1ezsAj2TqHExlh7ENMbUDRQ%3D%3D
DE
binary
503 b
unknown
3184
iexplore.exe
GET
200
172.217.18.3:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
binary
1.41 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1088
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
3404
iexplore.exe
95.140.236.0:80
ctldl.windowsupdate.com
LLNW
US
whitelisted
3404
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3404
iexplore.exe
104.21.67.39:443
1337x.proxyninja.org
CLOUDFLARENET
unknown
4024
iexplore.exe
104.21.67.39:443
1337x.proxyninja.org
CLOUDFLARENET
unknown
4024
iexplore.exe
104.126.37.144:443
www.bing.com
Akamai International B.V.
DE
unknown
4024
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 95.140.236.0
  • 95.140.236.128
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 104.126.37.144
  • 104.126.37.153
  • 104.126.37.154
  • 104.126.37.146
  • 104.126.37.145
  • 104.126.37.137
  • 104.126.37.161
  • 104.126.37.152
  • 104.126.37.136
whitelisted
1337x.proxyninja.org
  • 104.21.67.39
  • 172.67.211.246
unknown
quasimanagespreparation.com
  • 192.243.61.227
  • 173.233.137.36
  • 192.243.59.13
  • 173.233.137.44
  • 173.233.137.52
  • 192.243.61.225
  • 173.233.137.60
  • 173.233.139.164
  • 192.243.59.12
  • 192.243.59.20
unknown
simplewebanalysis.com
unknown
muzzlematrix.com
  • 192.243.61.225
  • 192.243.59.20
  • 173.233.137.44
  • 192.243.59.13
  • 173.233.137.52
  • 173.233.137.60
  • 173.233.137.36
  • 173.233.139.164
  • 192.243.59.12
  • 192.243.61.227
unknown
x1.c.lencr.org
  • 23.60.200.134
whitelisted
r3.o.lencr.org
  • 2.16.241.8
  • 2.16.241.15
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
proxyninja.org