analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://92.223.105.204/

Full analysis: https://app.any.run/tasks/dc172cf7-83de-4a5e-9902-292630e49b6a
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: November 15, 2018, 15:49:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
Indicators:
MD5:

18FF0E9663FA13AAAE2B928E1BC2D6DB

SHA1:

A7C15E1D45D74C61FD0FAC102A88745BD2E70362

SHA256:

F1975C352C3785DD50B3A37FCB8C96FA02C3931F3F1C128BD43D308F15A2667F

SSDEEP:

3:N8ECLMQC:2EIRC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to CnC server

      • iexplore.exe (PID: 3524)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 3160)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3524)

    • Application launched itself

      • iexplore.exe (PID: 3160)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3160"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3524"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3160 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
363
Read events
318
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
4
Text files
20
Unknown types
0

Dropped files

PID
Process
Filename
Type
3160iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
3160iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3524iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab9E58.tmp
MD5:
SHA256:
3524iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar9E59.tmp
MD5:
SHA256:
3524iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab9E69.tmp
MD5:
SHA256:
3524iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar9E6A.tmp
MD5:
SHA256:
3524iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab9F27.tmp
MD5:
SHA256:
3524iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar9F28.tmp
MD5:
SHA256:
3524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\red_shield_48[1]image
MD5:F413DD8A75B81A154A1FD5E4C4A0A782
SHA256:F2AFC04A24C9D89D3C2F0D73F8CD6FB6B65ADBE333196C3F99CC7D6868847CEB
3524iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\errorPageStrings[1]text
MD5:1A0563F7FB85A678771450B131ED66FD
SHA256:EB5678DE9D8F29CA6893D4E6CA79BD5AB4F312813820FE4997B009A2B1A1654C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
5
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3524
iexplore.exe
GET
200
2.16.186.81:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
unknown
compressed
54.4 Kb
whitelisted
3160
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3524
iexplore.exe
92.223.105.204:443
G-Core Labs S.A.
LU
suspicious
92.223.105.204:443
G-Core Labs S.A.
LU
suspicious
3160
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3524
iexplore.exe
2.16.186.81:80
www.download.windowsupdate.com
Akamai International B.V.
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.download.windowsupdate.com
  • 2.16.186.81
  • 2.16.186.56
whitelisted

Threats

PID
Process
Class
Message
3524
iexplore.exe
A Network Trojan was detected
ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)
3524
iexplore.exe
A Network Trojan was detected
ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)
3524
iexplore.exe
A Network Trojan was detected
ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)
6 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://92.223.105.204/