URL:

http://client.dominionwebdesigns.com/free/pages44/usa?=75825311

Full analysis: https://app.any.run/tasks/78e92166-dced-4718-8766-db381477b922
Verdict: Malicious activity
Analysis date: December 05, 2022, 23:44:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

FB1EE9A83C29517205507A8BD175D5C8

SHA1:

9E572EC21507B57C70E1A4B6C3D30AF36EAE666A

SHA256:

F92496ADE53017E7C0566B31946B55BC7346F51FEF37C1E93B8ED5B59F8F3F3F

SSDEEP:

3:N1KdJMpBAWMCLWxQNrzirIATU:CMMCimE0ATU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 1580)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1580"C:\Program Files\Internet Explorer\iexplore.exe" "http://client.dominionwebdesigns.com/free/pages44/usa?=75825311"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
568"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1580 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
14 586
Read events
14 483
Write events
103
Delete events
0

Modification events

(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31000835
(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31000835
(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1580) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
9
Text files
14
Unknown types
6

Dropped files

PID
Process
Filename
Type
568iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:8B60B58D1B487E38C2AFFF5F2EB386D8
SHA256:6DD585D180DB336AF725845895F26418CC5CD83ACA73D9CC357F8013F2EF4C73
568iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\iframe_api[1].jstext
MD5:77A384BCACB1C919563809DCA361341D
SHA256:D87A601BB91CDD6680DD3A5BE12E1ABC360429F3AFF20220E3C76C10E40444F1
568iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4A183155DB502CF599F3A8AD6680B8C3binary
MD5:3DCD191A2A5476B027BC99340A1B5AA6
SHA256:BFDB66313592AE625286BFE8DC5DF8AA6B67B37BEA200D6FA5EACDE84BB656DC
568iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\fonts[1].csstext
MD5:484807A8544A9CCD48672030985F25EF
SHA256:9A125DF1D257D6CC1F82F703C40B513DF8A6CFA1B710C5F7955E97AAEBB496AA
568iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4A183155DB502CF599F3A8AD6680B8C3der
MD5:8EAD0AC4CE19CEF2471BAE0458759D89
SHA256:507B93C64BAB73E393CF8D8131415EF4D4B01E65E0F2AB73597715197845E75E
568iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ENUKEW6Z.txttext
MD5:8A1C986CEC302CDE50B43BB5D0966D8F
SHA256:A68C04DAE95E6930AD24D68FADCD6287A73E5B725C61B98BAF17BE57C024F685
568iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
568iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:F569E1D183B84E8078DC456192127536
SHA256:287BC80237497EB8681DBF136A56CC3870DD5BD12D48051525A280AE62AAB413
568iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:E3A33362509A831A0837B977F4A77609
SHA256:FA8FF6202181586DD59F60DE13F0E7D496E5A77860D5F8FA52C9597BEFF2AB87
568iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:D521DF7318E183602D51A2BC18E08FE1
SHA256:0B03014B05830A5B1E843191C63ABA39A92DB30A38E0CED311E0E387D4FDA4C2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
27
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
568
iexplore.exe
GET
200
95.140.236.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a0899a21215706b2
GB
compressed
4.70 Kb
whitelisted
568
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
568
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
568
iexplore.exe
GET
200
216.239.32.21:80
http://im-creator.com/css/fonts.css?v=1.5.8d
US
text
4.85 Kb
malicious
1580
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
568
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQChCu7DCLr1EhI22ZXa5ZSs
US
der
472 b
whitelisted
568
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDuZCz4OZecyRJCVianxG0K
US
der
472 b
whitelisted
568
iexplore.exe
GET
200
142.250.186.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDreCS75DAIaRKqvCi%2FvL9c
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
568
iexplore.exe
216.239.32.21:80
im-creator.com
GOOGLE
US
whitelisted
1580
iexplore.exe
13.107.21.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
568
iexplore.exe
142.250.186.142:443
www.youtube.com
GOOGLE
US
whitelisted
568
iexplore.exe
95.140.236.128:80
ctldl.windowsupdate.com
LLNW
US
malicious
142.250.185.180:443
imos006-dot-im--os.appspot.com
GOOGLE
US
unknown
568
iexplore.exe
142.250.185.180:443
imos006-dot-im--os.appspot.com
GOOGLE
US
unknown
568
iexplore.exe
142.250.181.238:443
www.youtube.com
GOOGLE
US
whitelisted
142.250.186.163:80
ocsp.pki.goog
GOOGLE
US
whitelisted
568
iexplore.exe
142.250.186.106:443
fonts.googleapis.com
GOOGLE
US
whitelisted
142.250.186.106:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
client.dominionwebdesigns.com
  • 142.250.185.211
malicious
www.youtube.com
  • 142.250.181.238
  • 142.250.186.142
  • 172.217.16.206
  • 216.58.212.174
  • 172.217.18.110
  • 142.250.74.206
  • 142.250.186.78
  • 142.250.186.110
  • 216.58.212.142
  • 142.250.186.174
  • 142.250.184.206
  • 142.250.184.238
  • 172.217.23.110
  • 142.250.185.142
  • 142.250.185.78
  • 142.250.185.110
whitelisted
imos006-dot-im--os.appspot.com
  • 142.250.185.180
malicious
im-creator.com
  • 216.239.32.21
malicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ctldl.windowsupdate.com
  • 95.140.236.128
  • 178.79.242.0
whitelisted
ocsp.pki.goog
  • 142.250.186.163
whitelisted
fonts.googleapis.com
  • 142.250.186.106
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info