analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/acd29e77-373b-4321-9cf1-5dcfd57b6c1a
Verdict: Malicious activity
Analysis date: November 16, 2019, 16:24:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
MD5:

08D7D252BF287C2B84D9F34C055DDB35

SHA1:

90434CE4E2DEAF50D60413EE50CF40CB1FE0ED70

SHA256:

EEFCCDAB89D36FF4AC3D210A28F2E013B40D10B8BEE97DC2A4731F61D407130A

SSDEEP:

768:Cd7QuIxTN+OQtOBOVOwOxOSOOUOKOBOFOr:CtQuax+OakwvsAd3Uwc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2132)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2004)

    • Application launched itself

      • iexplore.exe (PID: 2132)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2004)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

tids: a='13017' b='15045' c='fwdssp.com' d='taxo_cat'
Title: Fwdssp.com
ContentType: text/html; charset=UTF-8
viewport: width=device-width, initial-scale=1, maximum-scale=1
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2132"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2004"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2132 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
345
Read events
280
Write events
64
Delete events
1

Modification events

(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{9C64A93B-088D-11EA-AB41-5254004A04AF}
Value:
0
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E3070B00060010001000180033005E00
Executable files
0
Suspicious files
0
Text files
10
Unknown types
5

Dropped files

PID
Process
Filename
Type
2132iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
MD5:
SHA256:
2132iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2132iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].pngimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ubuntu-b[1].eoteot
MD5:7993208D5E2A6F3D6F461B69B292A47E
SHA256:F61D164B9E4C3DBDBE6F34B7D9FCA55A3B9DAE1929AA65E59408673410662FD3
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\arrow[1].pngimage
MD5:9B3B30BF536E8E02958B60FE30988CD3
SHA256:368C4A249C5EEB012917122F5314AF8F89E7A7CC583D8BEF33950F60CF0214D0
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\ubuntu-r[1].eoteot
MD5:DBA7374F1813F5D55190C2851181409F
SHA256:645A384C895A5E3F9ABDFE2C8FE1BDAB2CFBAE6E69BA711F58DD3F237F2839FE
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\libg[1].pngimage
MD5:B06CC0EE3C9BE723861A2FE8F3B594E6
SHA256:3D876C43F21D31D03EEF6D5B51E9CF7D28F6B0F017239300980AF88522A173A0
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\search-icon[1].pngimage
MD5:750928EC52C1B77AA2E72D76895D3A96
SHA256:CF2E997ED10DB7EEF3394C65EC68720FCE20C858BF202A8C83328B7C1586D87D
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019111620191117\index.datdat
MD5:097423EB44B6FF7311A8129331131ABB
SHA256:D4C3EB7247BBD81270EC6F69AF6DF89240CE7BD6CF3EDF01FD3BD5E8810C6606
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\logo[1].pngimage
MD5:9C98595145E8A8F5A7B6D4F88DCEEA6A
SHA256:B690A0CC0AD3A4899A5E6C52E4A5C7CA6C2F334F946C72B2AAFECB316D83B932
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
31
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=2
VG
whitelisted
2004
iexplore.exe
GET
2.16.186.64:80
http://i1.cdn-image.com/__media__/js/min.js?v2.2
unknown
whitelisted
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=1
VG
whitelisted
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=1
VG
whitelisted
2004
iexplore.exe
GET
208.91.196.4:80
http://searchdiscovered.com/__media__/pics/657/error-bg.gif
VG
malicious
2004
iexplore.exe
GET
2.16.186.64:80
http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?
unknown
whitelisted
2004
iexplore.exe
GET
2.16.186.64:80
http://i1.cdn-image.com/__media__/js/min.js?v2.2
unknown
whitelisted
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=2
VG
whitelisted
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=1
VG
whitelisted
2004
iexplore.exe
GET
208.91.196.4:80
http://searchdiscovered.com/__media__/pics/657/hostergator.gif
VG
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2004
iexplore.exe
2.16.186.64:80
i1.cdn-image.com
Akamai International B.V.
whitelisted
2004
iexplore.exe
208.91.196.46:80
fwdssp.com
Confluence Networks Inc
VG
malicious
2004
iexplore.exe
2.16.186.106:80
i1.cdn-image.com
Akamai International B.V.
whitelisted
2004
iexplore.exe
208.91.196.4:80
searchdiscovered.com
Confluence Networks Inc
VG
malicious
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2.16.186.64:80
i1.cdn-image.com
Akamai International B.V.
whitelisted
208.91.196.4:80
searchdiscovered.com
Confluence Networks Inc
VG
malicious
208.91.196.46:80
fwdssp.com
Confluence Networks Inc
VG
malicious

DNS requests

Domain
IP
Reputation
i1.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
fwdssp.com
  • 208.91.196.46
whitelisted
i4.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
searchdiscovered.com
  • 208.91.196.4
malicious
i2.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
freeresultsguide.com
  • 208.91.196.4
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html