analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://smex-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsecure%2dweb.cisco.com%2f1IN5tPBBut36NoMoAQ1rs%2do0IRgPI1xrkpGe6sISKEBGx8erKnUvVLJuwPUPLnBB5IaAn6iCF6pni2anShVgo1FSUw%5fQTNOU38Y9REbIXSNylb8v4Ms7f77ARLrKp1MFrkBW%2dB6lhODGXNzRX75YhEoQk0n49ih%5f6nflzD2BtHMc3PB8lNotjbvhkTwC%2dQOKfufpFLhjfAgpSSW1R%2doQip3ZDkt0qcUz68fbsnQ%5fHDRIHdTDKu1BlYpAG%2dPaS5ksWoaJRyWei4I7m2R1PmxwT7yjpBjdqMfGlYLNz9VfT6L49qZqwKwBfcrv1LbqCXH7%2dKx6vM0Q906GQSpygWVyi%2dA%2fhttps%253A%252F%252Furldefense.com%252Fv3%252F%5f%5fhttps%253A%252Fapc01.safelinks.protection.outlook.com%252F%253Furl%253Dhttp%252A3A%252A2F%252A2Fwww.empiricmedia.co.in%252A2F%2526data%253D04%252A7C01%252A7Cmsb%252A40bpl.net%252A7C1dbb2532cc00464ee91d08d97c00ced6%252A7C4da7c811dd004dd48e9f4ec36e00d36f%252A7C1%252A7C0%252A7C637677165362624461%252A7CUnknown%252A7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%252A3D%252A7C1000%2526sdata%253DmS2CtR9pX4RWPS0A%252A2FP%252A2FsiE0H%252A2FshMnW2Lc7XgJjFEI5w%252A3D%2526reserved%253D0%5f%5f%253BJSUlJSUlJSUlJSUlJSUlJSUlJSU%2521%2521N3hqHg43uw%25219Jwkc0AWEFkOQ8UxpWwf9hIqbVmzgA1O2eKiCwT9UnRJL1aMuRUAyt8g855u%2d7Hi9u0tlg%2524&umid=6225f225-132a-49da-acdd-e9906ee490f1&auth=77a7b035285166a4390d2f3296f78c65b32e3c85-505ab78fe2e97a7a1b439a337072a0d0df072687

Full analysis: https://app.any.run/tasks/ef9fbbd6-6bab-4768-a735-ec192d03e46f
Verdict: Malicious activity
Analysis date: June 27, 2022, 12:02:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

59CE377FAADA4BDD6D664988BCA0AF8B

SHA1:

89B65115811DB5DE50C9D5E731DB5CD26728F084

SHA256:

E3E5402AC59AAA6F7031BA6E2BBF23773447B47E0EE638884FCFF88E3EA14EE2

SSDEEP:

24:2biDAiGneLWwq+4eXb4qMCOmoHWTGOP74FuhW7Lo2HLJy7Kx:ii//nb4q5OYqOjC/1Oc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2964)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 1416)
      • iexplore.exe (PID: 2964)
    • Reads the computer name

      • iexplore.exe (PID: 2964)
      • iexplore.exe (PID: 1416)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2964)
      • iexplore.exe (PID: 1416)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2964)
    • Application launched itself

      • iexplore.exe (PID: 1416)
    • Changes internet zones settings

      • iexplore.exe (PID: 1416)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1416)
      • iexplore.exe (PID: 2964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1416"C:\Program Files\Internet Explorer\iexplore.exe" "https://smex-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsecure%2dweb.cisco.com%2f1IN5tPBBut36NoMoAQ1rs%2do0IRgPI1xrkpGe6sISKEBGx8erKnUvVLJuwPUPLnBB5IaAn6iCF6pni2anShVgo1FSUw%5fQTNOU38Y9REbIXSNylb8v4Ms7f77ARLrKp1MFrkBW%2dB6lhODGXNzRX75YhEoQk0n49ih%5f6nflzD2BtHMc3PB8lNotjbvhkTwC%2dQOKfufpFLhjfAgpSSW1R%2doQip3ZDkt0qcUz68fbsnQ%5fHDRIHdTDKu1BlYpAG%2dPaS5ksWoaJRyWei4I7m2R1PmxwT7yjpBjdqMfGlYLNz9VfT6L49qZqwKwBfcrv1LbqCXH7%2dKx6vM0Q906GQSpygWVyi%2dA%2fhttps%253A%252F%252Furldefense.com%252Fv3%252F%5f%5fhttps%253A%252Fapc01.safelinks.protection.outlook.com%252F%253Furl%253Dhttp%252A3A%252A2F%252A2Fwww.empiricmedia.co.in%252A2F%2526data%253D04%252A7C01%252A7Cmsb%252A40bpl.net%252A7C1dbb2532cc00464ee91d08d97c00ced6%252A7C4da7c811dd004dd48e9f4ec36e00d36f%252A7C1%252A7C0%252A7C637677165362624461%252A7CUnknown%252A7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%252A3D%252A7C1000%2526sdata%253DmS2CtR9pX4RWPS0A%252A2FP%252A2FsiE0H%252A2FshMnW2Lc7XgJjFEI5w%252A3D%2526reserved%253D0%5f%5f%253BJSUlJSUlJSUlJSUlJSUlJSUlJSU%2521%2521N3hqHg43uw%25219Jwkc0AWEFkOQ8UxpWwf9hIqbVmzgA1O2eKiCwT9UnRJL1aMuRUAyt8g855u%2d7Hi9u0tlg%2524&umid=6225f225-132a-49da-acdd-e9906ee490f1&auth=77a7b035285166a4390d2f3296f78c65b32e3c85-505ab78fe2e97a7a1b439a337072a0d0df072687"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2964"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1416 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
19 215
Read events
19 100
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
16
Text files
6
Unknown types
11

Dropped files

PID
Process
Filename
Type
2964iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_866C50176A5034E1EC2311E8E3D34074der
MD5:4555913A74F6E88A24C7C507F0879177
SHA256:E16CF310177430B4EA4AD0067D2F43CA029214E205DE1E4B5FE0B618255C7386
2964iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6CFED4E1A8866BE87BE17622BFB4D726_FBADB8F7FD7B56EE191ACF24A8989D94binary
MD5:C7D312BD03C0A571FBE3D5BA8996DD5F
SHA256:B9EFC58BD624330C4841D2B928128FEF28654E04477A8B043526425A9946BAA7
2964iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:F565495061C10B0D18E2380421AA8BF7
SHA256:8F6DAA25856244211458F6FD151B485EC5AB2CAD71AF741340D6C8C6834A412C
1416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:B4A8EF2DC0CBEB6DFE557C91D7D4D4C8
SHA256:8949BA3089A548EFAF4335E6F5AA11C5D1BA7D9DE43EB57A3035D396B517B816
2964iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3binary
MD5:47430BDD7F1BCDE9B7D6E0D22E661A17
SHA256:6E109ABC377936A67D6CA1D2B2AA9CFD2325E6F5A9240563A48671FE61210800
2964iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\263821BCA2CBC5EA0B25012F05788322_41310C887E59D4EB5B8FD9D3DCA2C98Dder
MD5:9511CAED9D5BB1CD0D9CF116D95B9E83
SHA256:F943AB21164C6FEBF7391B6890F4A92E9E4BAEB1D97849D3CEAD8A66BDF0626B
1416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:FE56DE7A8C2A48C593B90C777538C0F9
SHA256:8984045FD2F93CAC6E19FB6CFF061BC49D329DCE1F33BB79B1C84FD6605CE918
2964iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\263821BCA2CBC5EA0B25012F05788322_41310C887E59D4EB5B8FD9D3DCA2C98Dbinary
MD5:CF4A5732FE07E55428C21814B8BCFAD5
SHA256:A051AD1DFD14B0976AD2A87265AA998F3DC72DEB53A223AC71CCCD6B3799A8D5
1416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:28CC3D4B0DA8A29A9DCD6D4755C84342
SHA256:A4CA2DD1D4545838F7A9102623442BC76BDEB2185E9991A294BCB0B6456DDA0E
1416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:37D302410753DE2A9C3CCB0E6BFD500C
SHA256:1DC45C4E66764A25F893336E65974A2D3061BB50EBA935DFFA4786F8002702F9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
42
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2964
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
US
der
1.40 Kb
whitelisted
2964
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
US
der
727 b
whitelisted
2964
iexplore.exe
GET
200
192.35.177.23:80
http://commercial.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTQfEOioPd4%2FtCA3%2FhgDklRXB0FwgQU7UQZwNPwBovupHu%2BQucmVMiONnYCEEABbvsKIFz66%2BGPcdc6u3g%3D
US
der
1.63 Kb
whitelisted
2964
iexplore.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDEW%2BmJUAT2jAp1nrDA%3D%3D
US
der
1.40 Kb
whitelisted
2964
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
1416
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
1416
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
2964
iexplore.exe
GET
200
192.35.177.23:80
http://commercial.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTULRG8NAnkG2vMiFulhUophWOf2gQUibibtp7t%2B7DGvQ3sZ048o5KdLfkCEEABfOt6GkOKldoRYnQ%2BdUA%3D
US
der
1.46 Kb
whitelisted
2964
iexplore.exe
GET
200
188.114.98.173:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQh80WaEMqmyEvaHjlisSfVM4p8SAQUF9nWJSdn%2BTHCSUPZMDZEjGypT%2BsCEBBsbMdZKid6hcZfT6LpnsI%3D
US
der
471 b
whitelisted
1416
iexplore.exe
GET
200
23.216.77.69:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?40a679b8c63fdc7a
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1416
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
192.168.100.2:53
whitelisted
1416
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2964
iexplore.exe
104.18.21.226:80
ocsp2.globalsign.com
Cloudflare Inc
US
shared
1416
iexplore.exe
23.216.77.69:80
ctldl.windowsupdate.com
NTT DOCOMO, INC.
US
suspicious
2964
iexplore.exe
8.250.185.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
unknown
2964
iexplore.exe
104.18.20.226:80
ocsp2.globalsign.com
Cloudflare Inc
US
shared
2964
iexplore.exe
35.82.107.49:443
smex-ctp.trendmicro.com
Merit Network Inc.
US
unknown
2964
iexplore.exe
8.252.73.126:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
2964
iexplore.exe
146.112.255.69:443
secure-web.cisco.com
OpenDNS, LLC
suspicious

DNS requests

Domain
IP
Reputation
smex-ctp.trendmicro.com
  • 35.82.107.49
  • 35.164.12.238
  • 34.208.11.42
whitelisted
www.microsoft.com
whitelisted
ctldl.windowsupdate.com
  • 8.250.185.254
  • 8.252.73.126
  • 8.252.188.126
  • 8.252.191.254
  • 8.252.192.126
  • 23.216.77.69
  • 23.216.77.80
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
ocsp2.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
ocsp.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
secure-web.cisco.com
  • 146.112.255.69
whitelisted
commercial.ocsp.identrust.com
  • 192.35.177.23
whitelisted

Threats

No threats detected
No debug info