URL:

http://wklejto.pl/274013

Full analysis: https://app.any.run/tasks/75047442-4ae8-4fff-89c5-8f059ffa2c9b
Verdict: No threats detected
Analysis date: February 27, 2019, 21:21:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

66B7FE782C1EE5AFDFC64401DFBDEEB8

SHA1:

676A126F76C2E195A439A61E347B83661AACF53E

SHA256:

EEC8ECA41C709BF2CEB688BF5FC7AE61D97C116BBB959332E95BEF8D8AA29ACC

SSDEEP:

3:N1KJOguEmUW:CAguEjW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Creates files in the user directory

      • iexplore.exe (PID: 3140)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3496)
      • iexplore.exe (PID: 2864)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3140)

    • Application launched itself

      • iexplore.exe (PID: 2864)

    • Changes internet zones settings

      • iexplore.exe (PID: 2864)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3140)
      • iexplore.exe (PID: 2864)

    • Dropped object may contain TOR URL's

      • iexplore.exe (PID: 3140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2864"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3140"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2864 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3496C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
471
Read events
402
Write events
66
Delete events
3

Modification events

(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{A2AD7015-3AD5-11E9-BEEC-5254004A04AF}
Value:
0
(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
3
(PID) Process:(2864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307020003001B00150015001900AA02
Executable files
0
Suspicious files
0
Text files
37
Unknown types
24

Dropped files

PID
Process
Filename
Type
2864iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
2864iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3496FlashUtil32_26_0_0_131_ActiveX.exeC:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx:Zone.Identifier
MD5:
SHA256:
3496FlashUtil32_26_0_0_131_ActiveX.exeC:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
MD5:
SHA256:
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\layout[1].csstext
MD5:
SHA256:
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\bg_input-btn[1].gifimage
MD5:
SHA256:
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\wklejto[1].jstext
MD5:
SHA256:
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\750x100%20v01[1].swfswf
MD5:
SHA256:
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\modal[1].jstext
MD5:
SHA256:
3496FlashUtil32_26_0_0_131_ActiveX.exeC:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.solsol
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
26
DNS requests
8
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3140
iexplore.exe
GET
302
31.13.90.36:80
http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwklejto.pl%2F&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=24
IE
whitelisted
3140
iexplore.exe
GET
302
31.13.90.36:80
http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fwklejto&width=690&connections=10&showfaces:true;stream=false&header=false&height=180
IE
whitelisted
3140
iexplore.exe
GET
200
46.4.69.19:80
http://wklejto.pl/274013
DE
html
144 Kb
suspicious
3140
iexplore.exe
GET
200
185.60.216.19:80
http://connect.facebook.net/pl_PL/all.js
IE
text
1.74 Kb
whitelisted
3140
iexplore.exe
GET
200
46.4.69.19:80
http://wklejto.pl/img/logo.jpg
DE
image
19.9 Kb
suspicious
3140
iexplore.exe
GET
200
46.4.69.19:80
http://wklejto.pl/js/XMLHttpRequest.js
DE
text
14.3 Kb
suspicious
3140
iexplore.exe
GET
200
46.4.69.19:80
http://wklejto.pl/bannery/750x100%20v01.swf
DE
swf
10.1 Kb
suspicious
3140
iexplore.exe
GET
200
46.4.69.19:80
http://wklejto.pl/gfx/bg_input-btn.gif
DE
image
147 b
suspicious
3140
iexplore.exe
GET
200
46.4.69.19:80
http://wklejto.pl/gfx/share/twitter.png
DE
image
1.00 Kb
suspicious
3140
iexplore.exe
GET
200
46.4.69.19:80
http://wklejto.pl/gfx/share/blip.png
DE
image
1.06 Kb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2864
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3140
iexplore.exe
46.4.69.19:80
wklejto.pl
Hetzner Online GmbH
DE
suspicious
3140
iexplore.exe
185.60.216.19:80
connect.facebook.net
Facebook, Inc.
IE
whitelisted
3140
iexplore.exe
185.60.216.19:443
connect.facebook.net
Facebook, Inc.
IE
whitelisted
3140
iexplore.exe
31.13.90.36:80
www.facebook.com
Facebook, Inc.
IE
whitelisted
3140
iexplore.exe
172.217.23.142:80
www.google-analytics.com
Google Inc.
US
whitelisted
3140
iexplore.exe
31.13.90.36:443
www.facebook.com
Facebook, Inc.
IE
whitelisted
2864
iexplore.exe
46.4.69.19:80
wklejto.pl
Hetzner Online GmbH
DE
suspicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
wklejto.pl
  • 46.4.69.19
suspicious
connect.facebook.net
  • 185.60.216.19
whitelisted
www.facebook.com
  • 31.13.90.36
whitelisted
www.google-analytics.com
  • 172.217.23.142
whitelisted
static.xx.fbcdn.net
  • 185.60.216.19
whitelisted
scontent-frx5-1.xx.fbcdn.net
  • 185.60.216.19
whitelisted
www.wklejto.pl
  • 46.4.69.19
unknown

Threats

PID
Process
Class
Message
3140
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY Outdated Flash Version M1
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://wklejto.pl/274013