Malware analysis http://hebrasdepaz.org Malicious activity

Add for printing

URL:	http://hebrasdepaz.org
Full analysis:	https://app.any.run/tasks/f8c12951-04e2-44bf-aeb9-292fe4777ecd
Verdict:	Malicious activity
Analysis date:	April 26, 2023, 12:11:32
OS:	Windows 10 Professional (build: 19044, 32 bit)
Indicators:
MD5:	1622A7B0E5CBE1707BC2C8BEBAB7BC63
SHA1:	372491C6DF5FD37E2A94823523692F0A18C0B57C
SHA256:	E88545BB726F66378E56235938C1B185E3CA4346B19443E8A00A2D2A146BA1EE
SSDEEP:	3:N1KWA3/2u3:CW0/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.789.19041.0
Adobe Acrobat Reader (22.003.20314)
Adobe Acrobat Reader (22.003.20314)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (5.74)
CCleaner (5.74)
FileZilla Client 3.51.0 (3.51.0)
FileZilla Client 3.51.0 (3.51.0)
Google Chrome (103.0.5060.134)
Google Chrome (103.0.5060.134)
Google Update Helper (1.3.33.23)
Google Update Helper (1.3.33.23)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 92 (8.0.920.14)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (111.0.1661.62)
Microsoft Edge (111.0.1661.62)
Microsoft Edge Update (1.3.173.51)
Microsoft Edge Update (1.3.173.51)
Microsoft Edge WebView2 Runtime (105.0.1343.50)
Microsoft Edge WebView2 Runtime (105.0.1343.50)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (14.30.30704.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (14.30.30704.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (14.30.30704)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (14.30.30704)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (14.30.30704)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (14.30.30704)
Mozilla Firefox (x86 en-US) (111.0.1)
Mozilla Firefox (x86 en-US) (111.0.1)
Mozilla Maintenance Service (111.0.1)
Mozilla Maintenance Service (111.0.1)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.16026.20146)
Opera 12.15 (12.15.1748)
Opera 12.15 (12.15.1748)
Skype™ 7.39 (7.39.102)
Skype™ 7.39 (7.39.102)
Update for Windows 10 (KB4023057) (2.13.0.0)
Update for Windows 10 (KB4023057) (2.13.0.0)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
- Create files in a temporary directory
  - msedge.exe (PID: 8)
  - iexplore.exe (PID: 2016)
  - msedge.exe (PID: 2160)
- Checks supported languages
  - identity_helper.exe (PID: 4832)
  - cookie_exporter.exe (PID: 5852)
- The process checks LSA protection
  - identity_helper.exe (PID: 4832)
  - cookie_exporter.exe (PID: 5852)
- Application launched itself
  - iexplore.exe (PID: 2016)
  - msedge.exe (PID: 8)
- Reads the computer name
  - identity_helper.exe (PID: 4832)
  - cookie_exporter.exe (PID: 5852)
- Checks proxy server information
  - cookie_exporter.exe (PID: 5852)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

108

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=60220

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

ie_to_edge_stub.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

111.0.1661.62

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptbase.dll

228

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5136 --field-trial-handle=2052,i,15269856144885119696,15988039692460097130,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

111.0.1661.62

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll

544

"C:\Program Files\Microsoft\Edge\Application\111.0.1661.62\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=60220

C:\Program Files\Microsoft\Edge\Application\111.0.1661.62\BHO\ie_to_edge_stub.exe

—

iexplore.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

IEToEdge BHO

Exit code:

Version:

111.0.1661.62

Modules

Images
c:\program files\microsoft\edge\application\111.0.1661.62\bho\ie_to_edge_stub.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

616

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4308 --field-trial-handle=2052,i,15269856144885119696,15988039692460097130,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

111.0.1661.62

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll

696

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2016 CREDAT:9474 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

iexplore.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Internet Explorer

Exit code:

Version:

11.00.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\ntdll.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

1288

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5788 --field-trial-handle=2052,i,15269856144885119696,15988039692460097130,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

111.0.1661.62

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll

1516

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 --field-trial-handle=2052,i,15269856144885119696,15988039692460097130,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

111.0.1661.62

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll

1652

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4608 --field-trial-handle=2052,i,15269856144885119696,15988039692460097130,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

111.0.1661.62

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll

2016

"C:\Program Files\Internet Explorer\iexplore.exe" "http://hebrasdepaz.org"

C:\Program Files\Internet Explorer\iexplore.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Internet Explorer

Exit code:

Version:

11.00.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcp_win.dll

2136

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5760 --field-trial-handle=2052,i,15269856144885119696,15988039692460097130,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

111.0.1661.62

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll

Add for printing

Total events

20 332

Read events

20 094

Write events

204

Delete events

Modification events


(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:	write	Name:	OperationalData
Value: 0C00000000000000
(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation
Operation:	write	Name:	CVListXMLVersionLow
Value: 395196024
(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation
Operation:	write	Name:	CVListXMLVersionHigh
Value: 268435456
(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Spartan
Operation:	write	Name:	RAC_LaunchFlags
Value: 53
(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:	write	Name:	SoftwareFallback
Value: 0
(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:	write	Name:	VendorId
Value: 5140
(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:	write	Name:	DeviceId
Value: 140
(PID) Process:	(2016) iexplore.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\GPU
Operation:	write	Name:	SubSysId
Value: 0

Add for printing

Executable files

Suspicious files

160

Text files

192

Unknown types

Dropped files

PID	Process	Filename		Type
8	msedge.exe	C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\CRASHPAD\SETTINGS.DAT		binary
		MD5:EB47346CA7428F0A534B2C7639EFD344	SHA256:A5A3A7B62E8E9364943C9813A7D365B5A5635E3DC0523ECC6631B1B9320F79A5
8	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF31f28f.TMP		—
		MD5:—	SHA256:—
696	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE\XPIOF5VQ\0E5IRSLR.htm		html
		MD5:4E04331BF298C688E344F5D30AACB674	SHA256:67178D3AD6AFA21E0748C03BCF4DEE19A8DC0FC71DDAAD0E5C32A4CBCADCD811
8	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old		—
		MD5:—	SHA256:—
8	msedge.exe	C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\VARIATIONS		binary
		MD5:67408267EF01ED6B9372F04C029B602A	SHA256:B5AA30B0D3E08F80F60EFFA00FE335D2295FA494B36F33A2E8D8C66E0A34234A
8	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index		binary
		MD5:B0DF5C17B9644E8ABEACCC13ED74A35C	SHA256:DBB51606A2B9D8C55DF5288EAC0CAF06DCE70D03AE598506C46B2C653A2DDE31
696	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT		smt
		MD5:0392ADA071EB68355BED625D8F9695F3	SHA256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
8	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal		—
		MD5:—	SHA256:—
8	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0		vxd
		MD5:CF89D16BB9107C631DAABF0C0EE58EFB	SHA256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
8	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old		text
		MD5:2B6E2D86DEAE274098A1D36C4F2D5BC4	SHA256:03EE65F530C129C4B3D883FD70CB84CC9C0265F7A00545F26ECEF6CB7582A371

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
696	iexplore.exe	GET	200	172.67.203.139:80	http://hebrasdepaz.org/cdn-cgi/images/icon-exclamation.png?1376755637	US	image	452 b	suspicious
696	iexplore.exe	GET	200	172.67.203.139:80	http://hebrasdepaz.org/cdn-cgi/styles/cf.errors.css	US	text	4.42 Kb	suspicious
696	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D	US	der	471 b	whitelisted
2016	iexplore.exe	GET	410	172.67.203.139:80	http://hebrasdepaz.org/favicon.ico	US	html	109 b	suspicious
696	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D	US	der	471 b	whitelisted
2016	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	US	der	471 b	whitelisted
696	iexplore.exe	GET	200	172.67.203.139:80	http://hebrasdepaz.org/	US	html	1.73 Kb	suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
696	iexplore.exe	172.67.203.139:80	—	CLOUDFLARENET	US	suspicious
696	iexplore.exe	23.38.22.250:443	go.microsoft.com	AKAMAI-AS	NL	malicious
2016	iexplore.exe	172.67.203.139:80	—	CLOUDFLARENET	US	suspicious
2016	iexplore.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
2016	iexplore.exe	23.38.22.250:443	go.microsoft.com	AKAMAI-AS	NL	malicious
2172	msedge.exe	20.8.16.139:443	nav-edge.smartscreen.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
2172	msedge.exe	23.38.22.250:443	go.microsoft.com	AKAMAI-AS	NL	malicious
2172	msedge.exe	20.40.24.37:443	microsoftedgewelcome.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown
2172	msedge.exe	13.107.237.67:443	edgestatic-ehf9gbe6gfdfdec4.z01.azurefd.net	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
2172	msedge.exe	20.105.73.143:443	data-edge.smartscreen.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted

DNS requests

Domain	IP	Reputation
go.microsoft.com	23.38.22.250 104.64.117.184	whitelisted
config.edge.skype.com	13.107.42.16	malicious
ocsp.digicert.com	192.229.221.95	whitelisted
edge.microsoft.com	204.79.197.239 13.107.21.239	whitelisted
officeclient.microsoft.com	52.109.20.82	whitelisted
www.bing.com	104.126.37.176 104.126.37.161 104.126.37.177 104.126.37.160 104.126.37.171 104.126.37.163 104.126.37.179 104.126.37.178 104.126.37.170 104.126.37.153 104.126.37.144 104.126.37.145 104.126.37.137 104.126.37.139 104.126.37.152 104.126.37.131 104.126.37.154 104.126.37.130 92.123.104.31 92.123.104.22 92.123.104.33 92.123.104.18 92.123.104.34 92.123.104.21 92.123.104.23 92.123.104.30 92.123.104.26	whitelisted
ieonline.microsoft.com	204.79.197.200	whitelisted
nav-edge.smartscreen.microsoft.com	20.8.16.139	whitelisted
microsoftedgewelcome.microsoft.com	20.40.24.37	whitelisted
data-edge.smartscreen.microsoft.com	20.105.73.143	whitelisted

Threats

PID	Process	Class	Message
696	iexplore.exe	A Network Trojan was detected	AV POLICY CloudFlare Anti-Phishing Protection Warning in HTML Inbound

Add for printing

No debug info

General Info

http://hebrasdepaz.org

1622A7B0E5CBE1707BC2C8BEBAB7BC63

372491C6DF5FD37E2A94823523692F0A18C0B57C

E88545BB726F66378E56235938C1B185E3CA4346B19443E8A00A2D2A146BA1EE

3:N1KWA3/2u3:CW0/

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Create files in a temporary directory

Checks supported languages

The process checks LSA protection

Application launched itself

Reads the computer name

Checks proxy server information

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings