download:

index.html

Full analysis: https://app.any.run/tasks/acd29e77-373b-4321-9cf1-5dcfd57b6c1a
Verdict: Malicious activity
Analysis date: November 16, 2019, 16:24:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
MD5:

08D7D252BF287C2B84D9F34C055DDB35

SHA1:

90434CE4E2DEAF50D60413EE50CF40CB1FE0ED70

SHA256:

EEFCCDAB89D36FF4AC3D210A28F2E013B40D10B8BEE97DC2A4731F61D407130A

SSDEEP:

768:Cd7QuIxTN+OQtOBOVOwOxOSOOUOKOBOFOr:CtQuax+OakwvsAd3Uwc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2132)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2004)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2004)

    • Application launched itself

      • iexplore.exe (PID: 2132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

tids: a='13017' b='15045' c='fwdssp.com' d='taxo_cat'
Title: Fwdssp.com
ContentType: text/html; charset=UTF-8
viewport: width=device-width, initial-scale=1, maximum-scale=1
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2004"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2132 CREDAT:79873C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2132"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
345
Read events
280
Write events
64
Delete events
1

Modification events

(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{9C64A93B-088D-11EA-AB41-5254004A04AF}
Value:
0
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2132) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E3070B00060010001000180033005E00
Executable files
0
Suspicious files
0
Text files
10
Unknown types
5

Dropped files

PID
Process
Filename
Type
2132iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
MD5:
SHA256:
2132iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019111620191117\index.datdat
MD5:
SHA256:
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ubuntu-b[1].eoteot
MD5:7993208D5E2A6F3D6F461B69B292A47E
SHA256:F61D164B9E4C3DBDBE6F34B7D9FCA55A3B9DAE1929AA65E59408673410662FD3
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\logo[1].pngimage
MD5:9C98595145E8A8F5A7B6D4F88DCEEA6A
SHA256:B690A0CC0AD3A4899A5E6C52E4A5C7CA6C2F334F946C72B2AAFECB316D83B932
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\hostergator[1].gifimage
MD5:1898AAD5D11BE03025F15B9137EFA371
SHA256:C91B0F2A8767A2C2DFB64EE200BD110A476B613A855A0C8982DD3C9B93095BB3
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\search-icon[1].pngimage
MD5:750928EC52C1B77AA2E72D76895D3A96
SHA256:CF2E997ED10DB7EEF3394C65EC68720FCE20C858BF202A8C83328B7C1586D87D
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\kwbg[1].jpgimage
MD5:AC32F78C89E9E21E66009A46E538E8CA
SHA256:F38235E9EEEEF5F8B2E931C53A950B8AFA0691A4F8BDD32FC79708318CEE71FC
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\ubuntu-r[1].eoteot
MD5:DBA7374F1813F5D55190C2851181409F
SHA256:645A384C895A5E3F9ABDFE2C8FE1BDAB2CFBAE6E69BA711F58DD3F237F2839FE
2004iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\bodybg[1].pngimage
MD5:5082CE2CA4166A85AC3651BC34EC3EC8
SHA256:E5C767653898A8E9ACB1E966ACA9D01F39A45609557D1A4811AD26CD48234A1F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
31
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=2
VG
whitelisted
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=1
VG
whitelisted
2004
iexplore.exe
GET
2.16.186.64:80
http://i1.cdn-image.com/__media__/js/min.js?v2.2
unknown
whitelisted
2004
iexplore.exe
GET
2.16.186.64:80
http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?
unknown
whitelisted
2004
iexplore.exe
GET
208.91.196.4:80
http://searchdiscovered.com/__media__/pics/657/hostergator.gif
VG
malicious
2004
iexplore.exe
GET
208.91.196.4:80
http://searchdiscovered.com/__media__/pics/657/error-bg.gif
VG
malicious
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=1
VG
whitelisted
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=1
VG
whitelisted
2004
iexplore.exe
GET
2.16.186.64:80
http://i1.cdn-image.com/__media__/js/min.js?v2.2
unknown
whitelisted
2004
iexplore.exe
GET
208.91.196.46:80
http://fwdssp.com/px.js?ch=2
VG
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2004
iexplore.exe
2.16.186.106:80
i1.cdn-image.com
Akamai International B.V.
whitelisted
2004
iexplore.exe
208.91.196.4:80
searchdiscovered.com
Confluence Networks Inc
VG
malicious
208.91.196.4:80
searchdiscovered.com
Confluence Networks Inc
VG
malicious
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2.16.186.64:80
i1.cdn-image.com
Akamai International B.V.
whitelisted
208.91.196.46:80
fwdssp.com
Confluence Networks Inc
VG
malicious
2004
iexplore.exe
2.16.186.64:80
i1.cdn-image.com
Akamai International B.V.
whitelisted
2004
iexplore.exe
208.91.196.46:80
fwdssp.com
Confluence Networks Inc
VG
malicious

DNS requests

Domain
IP
Reputation
i1.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
fwdssp.com
  • 208.91.196.46
whitelisted
i4.cdn-image.com
  • 2.16.186.64
  • 2.16.186.106
whitelisted
searchdiscovered.com
  • 208.91.196.4
malicious
i2.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
freeresultsguide.com
  • 208.91.196.4
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html