analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.easa.europa.eu/domains/air-operations/czibs/czib-2022-01__;!!KEc8uF_xo8-al5zF!BitRBcHfvymn9ttXA7YnmDyYKZwbpjWq7Z6p2Te1fsxx4Bskb2PErd0EBwD6VzQW$

Full analysis: https://app.any.run/tasks/58ec81a6-0864-4fd7-884b-3dc35a9e25e5
Verdict: Malicious activity
Analysis date: June 27, 2022, 05:59:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

0BB09B1C33F09E61FEED8E2F906EA2BD

SHA1:

5AEB9E9A923444428FC678A269893F26D7E9EA7C

SHA256:

EDDA0EACDC9172BF8B04E09F7A780A14181332BECA78D0C18016A2AA68653DEA

SSDEEP:

3:N8DSLAEpbpFPKqMok0nShvKddN4MRXO5M3DhdFGWaWfgOczd:2OLAuPvrDfCd5M9paWG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2944)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 2944)
      • iexplore.exe (PID: 1416)

    • Checks supported languages

      • iexplore.exe (PID: 2944)
      • iexplore.exe (PID: 1416)

    • Changes internet zones settings

      • iexplore.exe (PID: 1416)

    • Application launched itself

      • iexplore.exe (PID: 1416)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2944)
      • iexplore.exe (PID: 1416)

    • Creates files in the user directory

      • iexplore.exe (PID: 2944)
      • iexplore.exe (PID: 1416)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2944)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2944)
      • iexplore.exe (PID: 1416)

    • Changes settings of System certificates

      • iexplore.exe (PID: 1416)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1416)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1416"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.easa.europa.eu/domains/air-operations/czibs/czib-2022-01__;!!KEc8uF_xo8-al5zF!BitRBcHfvymn9ttXA7YnmDyYKZwbpjWq7Z6p2Te1fsxx4Bskb2PErd0EBwD6VzQWf7f81a39-5f63-5b42-9efd-1f13b5431005quot;C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2944"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1416 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
10 337
Read events
10 210
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
11
Text files
34
Unknown types
14

Dropped files

PID
Process
Filename
Type
2944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\css_yD1xZs_YNQF5-pNQRY7MXmQ2U-OES_iWBr4AUopobBs[1].csstext
MD5:B90EADA738736C381F64ABD481B36316
SHA256:C83D7166CFD8350179FA9350458ECC5E643653E3844BF89606BE00528A686C1B
2944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0766DB9AB186806BB9A6B6802D3BA734der
MD5:F5EFF713EDF0718127F6A79C0A983C56
SHA256:5029F0164592CEAAC69E1F57D1AAD712A5C379042FB2632D6578323F7E2DEAC3
2944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\css_ysZM0QpUEfj_oF1ckV9CLsStUsz1LQxCNisDQ6di3OE[1].csstext
MD5:9426A765E4D4C2E56D24CF8D03FD6258
SHA256:CAC64CD10A5411F8FFA05D5C915F422EC4AD52CCF52D0C42362B0343A762DCE1
2944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\css_YrknVLs6SkzwsiS_XLJY8a8zQkjSUKP2ulHiT0IFbBc[1].csstext
MD5:4C4C7D7B9A4A71B5D1BD923E0BDBD28F
SHA256:62B92754BB3A4A4CF0B224BF5CB258F1AF334248D250A3F6BA51E24F42056C17
2944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\js_j7N6WB2-5o43weWA4EQ5pn_nF99RuQKLxTBAZfodMNw[1].jstext
MD5:D0355BF173AA965E75CDC690E7A43D71
SHA256:8FB37A581DBEE68E37C1E580E04439A67FE717DF51B9028BC5304065FA1D30DC
2944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\js_D2UxlkJDjwSmp30FwWIc3mwurLgXd623OBU13EUeg7k[1].jstext
MD5:ADF8DC95D8932C8B217B0DF2A2AE0812
SHA256:0F65319642438F04A6A77D05C1621CDE6C2EACB81777ADB7381535DC451E83B9
2944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\eu_flag_small[1].pngimage
MD5:C071A7B495E1507A86176F81722A811A
SHA256:8E341FD9BA1B3809286A76034A846A58F52E0183941BC32BCFEDC59D35E4D65F
2944iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ASNHWNMZ.txttext
MD5:63D1B934FA21DB1F9ADC59E3729B7303
SHA256:DF8B80358462ABE230C53C8FA615F9594083AE0C4E107BD9591A83A44198BF05
2944iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\matomo[1].jstext
MD5:3D077048BD6BB5A2CB8EC8862C59145D
SHA256:2EA9F132DE1CAEAE1FEC7C1706A9142CB7619BB28B92BB60558D39911BBE06D3
2944iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0766DB9AB186806BB9A6B6802D3BA734binary
MD5:C86BB8FB376D39927D0D39AE7C9C3098
SHA256:720E846221119237F8BC61328632E0F12DA1952C4C8B7659E3848CF32445063A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
41
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2944
iexplore.exe
GET
104.18.20.226:80
http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHophRq39F1meVBmQbb%2F1x0%3D
US
whitelisted
2944
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
2944
iexplore.exe
GET
200
104.18.20.226:80
http://crl.globalsign.com/root-r3.crl
US
der
1.77 Kb
whitelisted
2944
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?97a1382d4b79da6c
US
compressed
4.70 Kb
whitelisted
2944
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEESz3%2FmlG2yGCtBzjzp1dVc%3D
US
der
471 b
whitelisted
2944
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
1416
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
1416
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
2944
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCqm%2FLZVwk%2FcRLv5CtSZANu
US
der
472 b
whitelisted
1416
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2944
iexplore.exe
151.101.2.132:443
www.easa.europa.eu
Fastly
US
malicious
2944
iexplore.exe
142.250.184.195:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2944
iexplore.exe
151.101.66.132:443
www.easa.europa.eu
Fastly
US
suspicious
2944
iexplore.exe
104.18.20.226:80
ocsp2.globalsign.com
Cloudflare Inc
US
shared
2944
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
1416
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2944
iexplore.exe
142.251.36.138:443
fonts.googleapis.com
Google Inc.
US
whitelisted
1416
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2944
iexplore.exe
142.251.36.131:443
fonts.gstatic.com
Google Inc.
US
unknown
1416
iexplore.exe
104.89.38.104:443
go.microsoft.com
Akamai Technologies, Inc.
NL
malicious

DNS requests

Domain
IP
Reputation
www.easa.europa.eu
  • 151.101.2.132
  • 151.101.66.132
  • 151.101.130.132
  • 151.101.194.132
malicious
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ocsp2.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
crl.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
fonts.googleapis.com
  • 142.251.36.138
whitelisted
ocsp.pki.goog
  • 142.250.184.195
whitelisted
fonts.gstatic.com
  • 142.251.36.131
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.easa.europa.eu/domains/air-operations/czibs/czib-2022-01__;!!KEc8uF_xo8-al5zF!BitRBcHfvymn9ttXA7YnmDyYKZwbpjWq7Z6p2Te1fsxx4Bskb2PErd0EBwD6VzQW$