URL:

filedn.com

Full analysis: https://app.any.run/tasks/f3469330-d85e-4774-a642-4470cd5e3730
Verdict: Malicious activity
Analysis date: December 15, 2023, 16:53:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C61379FBDE99220473011C1255F31028

SHA1:

F8028C26623C040DE8F5822601707904B7DE2F53

SHA256:

F1CF4C5B5537D0F3A212AC57F239FCF257C894D6AA90DAEA1D09BB31D9558048

SSDEEP:

3:x9LGTn:xoT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2668)

    • Application launched itself

      • iexplore.exe (PID: 2920)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2668)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2528"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2920 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2668"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2920"C:\Program Files\Internet Explorer\iexplore.exe" "filedn.com"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
14 452
Read events
14 370
Write events
78
Delete events
4

Modification events

(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2920) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
31
Text files
58
Unknown types
0

Dropped files

PID
Process
Filename
Type
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:E5034468F4C766A164BB3E28D4F0E6C8
SHA256:C22DF2802E5DA3ECE8D548EE7280F764D7EDB5BA19A3661D0749DD13ACF8F2DB
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:E438C75F5E2B36F941F03410B4CB6297
SHA256:872456BEC8682B6BD63DF41D131685B457779C07896F6802B5A55FC561188034
2528iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\eu[1].htmhtml
MD5:9D34C8DFF14EF8BF3E8056C4210E8BA0
SHA256:B6B4CEB54A8318A4EDA93733E91F6716AB627B58F2E7281519A0F93062B57006
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:372DC30BF1D9FC33C34E9FE3F51CD4E9
SHA256:F48A05C21E5AF141905F2929704CB273DCB507D5B3FA9B9087906959690EC2D6
2528iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94C18AA77707A64853AFFBE6D6382F75binary
MD5:217691D7CA900939993694EB50DEABA8
SHA256:4A08BD739A2DF487922A0A94F478578B53F2424F9E1AE1CE1CA52BE03B245EF5
2528iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\jquery.throttle-debounce.min[1].jstext
MD5:97669983F6540F2BADEEF6AB07E5B637
SHA256:FA7B84BB6E37FBA06F79793937E55BAF6EBC1BEE051E350E11C7CA681A9F3DB7
2528iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\site[1].csstext
MD5:B718A5698FFCF828C95B8639A06F45BC
SHA256:C7C95C85F20749FBE81310935B3CE66AC064F9C6864298862DF7B411AA2BEBA3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
49
DNS requests
22
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2528
iexplore.exe
GET
23.109.93.100:80
http://filedn.com/
unknown
unknown
2920
iexplore.exe
GET
200
2.19.198.51:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b4bfac932d8b214d
unknown
compressed
4.66 Kb
unknown
2920
iexplore.exe
GET
200
2.19.198.51:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?da882e4def63e1a0
unknown
compressed
4.66 Kb
unknown
2920
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
2528
iexplore.exe
GET
200
192.16.49.125:80
http://ocsp.quovadisglobal.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBRBZVtnUA6aLiwM3Lp6kkf3c%2FdyaQQU7edvdlq%2FYOxJW8ald7tyFnGbxD0CFGUyR4FPX6ZruFTa8FPzKSZdcmU4
unknown
binary
1.71 Kb
unknown
2528
iexplore.exe
GET
200
192.16.49.125:80
http://ocsp.quovadisglobal.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBRqrg1xqQfOYjeQHoftTI36l6IH0gQUsxKJtalLNbwVAPCA6dh4h%2FETfHYCFHzC5HNbtvNvOdyI%2BBh5q97Rk%2Beu
unknown
binary
1.72 Kb
unknown
2528
iexplore.exe
GET
200
192.124.249.36:80
http://crl.starfieldtech.com/sfroot-g2.crl
unknown
binary
584 b
unknown
2528
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2528
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
2528
iexplore.exe
GET
200
142.250.185.99:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEA1uFYrLabZxEtE2U5X5DGM%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2528
iexplore.exe
23.109.93.100:80
filedn.com
SERVERS-COM
NL
unknown
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
2920
iexplore.exe
23.36.162.88:443
www.bing.com
Akamai International B.V.
DE
unknown
2920
iexplore.exe
2.19.198.51:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2920
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2528
iexplore.exe
45.131.244.9:443
www.pcloud.com
pCloud AG
LU
unknown
2528
iexplore.exe
192.16.49.125:80
ocsp.quovadisglobal.com
EDGECAST
US
unknown

DNS requests

Domain
IP
Reputation
filedn.com
  • 23.109.93.100
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.36.162.88
  • 23.36.162.84
  • 23.36.162.71
whitelisted
ctldl.windowsupdate.com
  • 2.19.198.51
  • 2.19.198.75
  • 23.32.238.152
  • 23.32.238.113
  • 2.19.198.66
  • 23.32.238.154
  • 23.32.238.155
  • 2.19.198.57
  • 23.32.238.161
  • 2.19.198.65
  • 23.32.238.129
  • 23.32.238.144
  • 2.19.198.41
  • 23.32.238.121
  • 2.19.198.64
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.pcloud.com
  • 45.131.244.9
  • 45.131.244.8
  • 45.131.244.7
  • 45.131.247.15
  • 45.131.247.13
  • 45.131.244.10
  • 45.131.247.14
  • 45.131.247.16
  • 45.131.244.12
whitelisted
ocsp.quovadisglobal.com
  • 192.16.49.125
  • 152.195.38.89
  • 152.195.13.36
  • 152.195.132.213
whitelisted
pcdn-www.pcloud.com
  • 172.255.6.177
unknown
fonts.googleapis.com
  • 142.250.186.170
whitelisted
cdn.polyfill.io
  • 151.101.1.26
  • 151.101.65.26
  • 151.101.129.26
  • 151.101.193.26
whitelisted

Threats

Found threats are available for the paid subscriptions
19 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
filedn.com