analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://gamefabrique.com/games/sad-satan/

Full analysis: https://app.any.run/tasks/39dc953e-e34e-41b8-8418-248fa0b54bcd
Verdict: Malicious activity
Analysis date: May 30, 2020, 04:52:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

AC1C12507FE128BE8C71E92B699F276F

SHA1:

A7C61BCFD0F3103C984BB1E89BB1D31F845EBF65

SHA256:

E8218D5A84932FCE939B518308338EA6E84A9F9FCD48ECE7471A91A7BD7FABBF

SSDEEP:

3:N8l0XMUhGGCEIzKKDXn:22XMPVFDX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2292)
    • Changes internet zones settings

      • iexplore.exe (PID: 2292)
    • Reads internet explorer settings

      • iexplore.exe (PID: 1576)
      • iexplore.exe (PID: 1220)
    • Creates files in the user directory

      • iexplore.exe (PID: 1576)
      • iexplore.exe (PID: 1220)
      • iexplore.exe (PID: 2292)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2292)
      • iexplore.exe (PID: 1576)
      • iexplore.exe (PID: 1220)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 1220)
      • iexplore.exe (PID: 2292)
      • iexplore.exe (PID: 1576)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2292)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2292)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2292"C:\Program Files\Internet Explorer\iexplore.exe" https://gamefabrique.com/games/sad-satan/C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1220"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2292 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1576"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2292 CREDAT:922897 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
9 468
Read events
2 013
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
65
Text files
76
Unknown types
31

Dropped files

PID
Process
Filename
Type
1220iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab9DA9.tmp
MD5:
SHA256:
1220iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar9DAA.tmp
MD5:
SHA256:
1220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9Bder
MD5:1ADB7259D3774FDAE6EBB52B25B8E747
SHA256:1FEFE033AC38B1C691109D8A7CAC4117E7CAEC4BBE403C546AA3B77F6D64D5D9
1220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:9F9E2E082C13EF356734F06910A904BC
SHA256:B4EA3484D413D66A40F7A4BE4E2EEE373AB842C563870AA3A9690008B9831151
1220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9Bbinary
MD5:1D2A8A500F69B3C04DFF83E7827C7E3D
SHA256:5BECB644C6AFA89CC3187AE9BC429C0C1DD17E5A48AF6266E5C6193E3B848121
1220iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\sad-satan[1].htmhtml
MD5:33FF7F049203A243574EBF30D08AFEC3
SHA256:2EA7BEC4AB49EBBA42DB3E947AFEC38582ECEA9072AEF7C95D7B9D2DF000A20A
1220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6F05F673165962219D0799BB87B9A0CCbinary
MD5:C27D307C2F5BEF36259A5E44C9532FE3
SHA256:49F85BBE629F8CFAEF19224F99AA84B1592B0281C801725BF54E6DD93948518D
1220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6F05F673165962219D0799BB87B9A0CCder
MD5:D8E23239113614735B0E4AC9A3AC8986
SHA256:B00AD907BE6FBBB2A3A73D6F1D91E8A0C0843DA99BE275FE13EDA0D7D32B9FBA
1220iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:2DC1C15204061C19EA2B5276C32D328C
SHA256:9DC4632399A3DC0859ED4E9717A0120E71A415B3EDEF1FCBD3158045608B368F
1220iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\sad-satan-03[1].jpgimage
MD5:B98DC91D9CD6F65F4B231781CEE4C688
SHA256:75C214B310FEFF202BD20961090EE5B1BFF240468639BBAAF3585501510D2A8A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
50
TCP/UDP connections
83
DNS requests
35
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
1220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEA6O%2BBjVXZc2rpJ%2B516RAgc%3D
US
der
471 b
whitelisted
1220
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D
US
der
471 b
whitelisted
1220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
1220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
1220
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
1220
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQC9fnmTEhS4DT0E%2Bsxj2bzA
US
der
472 b
whitelisted
1220
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEA6O%2BBjVXZc2rpJ%2B516RAgc%3D
US
der
471 b
whitelisted
1220
iexplore.exe
GET
200
52.222.157.76:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
1220
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQC9fnmTEhS4DT0E%2Bsxj2bzA
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1220
iexplore.exe
185.60.216.19:443
connect.facebook.net
Facebook, Inc.
IE
whitelisted
1220
iexplore.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
1220
iexplore.exe
209.197.3.15:443
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
1220
iexplore.exe
216.58.212.138:443
ajax.googleapis.com
Google Inc.
US
whitelisted
1220
iexplore.exe
23.210.248.44:443
s7.addthis.com
Akamai International B.V.
NL
whitelisted
1220
iexplore.exe
52.222.149.121:443
js.games4windownloads.com
Amazon.com, Inc.
US
whitelisted
1220
iexplore.exe
89.248.171.137:443
gamefabrique.com
Quasi Networks LTD.
SC
suspicious
2292
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1220
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1220
iexplore.exe
52.222.157.76:80
ocsp.rootg2.amazontrust.com
Amazon.com, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
gamefabrique.com
  • 89.248.171.137
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
ajax.googleapis.com
  • 216.58.212.138
whitelisted
js.games4windownloads.com
  • 52.222.149.121
  • 52.222.149.233
  • 52.222.149.141
  • 52.222.149.20
whitelisted
connect.facebook.net
  • 185.60.216.19
whitelisted
s7.addthis.com
  • 23.210.248.44
whitelisted
o.ss2.us
  • 52.222.157.151
  • 52.222.157.48
  • 52.222.157.56
  • 52.222.157.176
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

No threats detected
No debug info