URL:

filedn.com

Full analysis: https://app.any.run/tasks/f3469330-d85e-4774-a642-4470cd5e3730
Verdict: Malicious activity
Analysis date: December 15, 2023, 16:53:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C61379FBDE99220473011C1255F31028

SHA1:

F8028C26623C040DE8F5822601707904B7DE2F53

SHA256:

F1CF4C5B5537D0F3A212AC57F239FCF257C894D6AA90DAEA1D09BB31D9558048

SSDEEP:

3:x9LGTn:xoT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2920)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2668)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2668)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2528"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2668"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2920"C:\Program Files\Internet Explorer\iexplore.exe" "filedn.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
14 452
Read events
14 370
Write events
78
Delete events
4

Modification events

(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
31
Text files
58
Unknown types
0

Dropped files

PID
Process
Filename
Type
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:E5034468F4C766A164BB3E28D4F0E6C8
SHA256:C22DF2802E5DA3ECE8D548EE7280F764D7EDB5BA19A3661D0749DD13ACF8F2DB
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:372DC30BF1D9FC33C34E9FE3F51CD4E9
SHA256:F48A05C21E5AF141905F2929704CB273DCB507D5B3FA9B9087906959690EC2D6
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2528iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0F0945B561A8BE54159FFE10CD99C43_76E50FE98316D983DB31BE4CB2447E1Cbinary
MD5:AA4CB522B76BA062D7840C503510D880
SHA256:F7190DD41D5018D516798906728E0F1DEC2379FBA7535815D22A45F0DC431862
2528iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E26720EB7B24305B879FF48383C19C91_6ED3AA29EAEE08B526DF7AA25A71A9C2binary
MD5:8B1F9ED1CD682E0698D00710ED13F6C8
SHA256:B777C6BCE49939AB67B9C80F3CD8ED6E3BBE56EE6C35A5B35B05B0DAE5407B85
2528iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0F0945B561A8BE54159FFE10CD99C43_76E50FE98316D983DB31BE4CB2447E1Cbinary
MD5:7B9D33BD545F4224613544DF699EE31C
SHA256:0F0D0FAECF64F3B4ECDCACA7494EBDC9C92F4D16F2E06722C0F453C113371B0E
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2528iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E26720EB7B24305B879FF48383C19C91_6ED3AA29EAEE08B526DF7AA25A71A9C2binary
MD5:0999678003E9A0B77C0E848BB25CA3DB
SHA256:282E5FB47135583E41B9003E98F4ED42AE03A284AC5F23CDACCEEFBA4D9146F0
2528iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GP9U7U10.txttext
MD5:A64852F3234B5B6A41D3DC8AC42F38A8
SHA256:08AB906D00AC5882630BD016F88E6866E92AB5F262B3C05888DDD914263F1C1C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
49
DNS requests
22
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2528
iexplore.exe
GET
23.109.93.100:80
http://filedn.com/
unknown
unknown
2920
iexplore.exe
GET
200
2.19.198.51:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b4bfac932d8b214d
unknown
compressed
4.66 Kb
unknown
2920
iexplore.exe
GET
200
2.19.198.51:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?da882e4def63e1a0
unknown
compressed
4.66 Kb
unknown
2920
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
2528
iexplore.exe
GET
200
192.16.49.125:80
http://ocsp.quovadisglobal.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBRBZVtnUA6aLiwM3Lp6kkf3c%2FdyaQQU7edvdlq%2FYOxJW8ald7tyFnGbxD0CFGUyR4FPX6ZruFTa8FPzKSZdcmU4
unknown
binary
1.71 Kb
unknown
2528
iexplore.exe
GET
200
192.124.249.36:80
http://crl.starfieldtech.com/sfroot-g2.crl
unknown
binary
584 b
unknown
2528
iexplore.exe
GET
200
192.16.49.125:80
http://ocsp.quovadisglobal.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBRqrg1xqQfOYjeQHoftTI36l6IH0gQUsxKJtalLNbwVAPCA6dh4h%2FETfHYCFHzC5HNbtvNvOdyI%2BBh5q97Rk%2Beu
unknown
binary
1.72 Kb
unknown
2528
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2528
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
2528
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEA1uFYrLabZxEtE2U5X5DGM%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2528
iexplore.exe
23.109.93.100:80
filedn.com
SERVERS-COM
NL
unknown
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
2920
iexplore.exe
23.36.162.88:443
www.bing.com
Akamai International B.V.
DE
unknown
2920
iexplore.exe
2.19.198.51:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2920
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2528
iexplore.exe
45.131.244.9:443
www.pcloud.com
pCloud AG
LU
unknown
2528
iexplore.exe
192.16.49.125:80
ocsp.quovadisglobal.com
EDGECAST
US
unknown

DNS requests

Domain
IP
Reputation
filedn.com
  • 23.109.93.100
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.36.162.88
  • 23.36.162.84
  • 23.36.162.71
whitelisted
ctldl.windowsupdate.com
  • 2.19.198.51
  • 2.19.198.75
  • 23.32.238.152
  • 23.32.238.113
  • 2.19.198.66
  • 23.32.238.154
  • 23.32.238.155
  • 2.19.198.57
  • 23.32.238.161
  • 2.19.198.65
  • 23.32.238.129
  • 23.32.238.144
  • 2.19.198.41
  • 23.32.238.121
  • 2.19.198.64
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.pcloud.com
  • 45.131.244.9
  • 45.131.244.8
  • 45.131.244.7
  • 45.131.247.15
  • 45.131.247.13
  • 45.131.244.10
  • 45.131.247.14
  • 45.131.247.16
  • 45.131.244.12
whitelisted
ocsp.quovadisglobal.com
  • 192.16.49.125
  • 152.195.38.89
  • 152.195.13.36
  • 152.195.132.213
whitelisted
pcdn-www.pcloud.com
  • 172.255.6.177
unknown
fonts.googleapis.com
  • 142.250.186.170
whitelisted
cdn.polyfill.io
  • 151.101.1.26
  • 151.101.65.26
  • 151.101.129.26
  • 151.101.193.26
whitelisted

Threats

Found threats are available for the paid subscriptions
19 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
filedn.com