analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.ventasfemsa.com/

Full analysis: https://app.any.run/tasks/186da91c-8cb1-4352-9f82-1502e194d958
Verdict: Malicious activity
Analysis date: November 15, 2018, 21:14:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

F31A863F61D0DF43291ECDAC93C74441

SHA1:

71477FE2136BD5912AC09714C72A303D160DC1ED

SHA256:

F94D961DA93B6B34D0D6FC367A0B70350CB21C4D0FF454CFE9364639A4737AC4

SSDEEP:

3:N8DSLMLREpIDLGTK:2OLMlxWTK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2456)
    • Application launched itself

      • iexplore.exe (PID: 2788)
    • Creates files in the user directory

      • iexplore.exe (PID: 2456)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2456)
    • Changes internet zones settings

      • iexplore.exe (PID: 2788)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2788"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2456"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2788 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
366
Read events
321
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
3
Unknown types
56

Dropped files

PID
Process
Filename
Type
2788iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
2788iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ventasfemsa_com[1].txt
MD5:
SHA256:
2456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ventasfemsa_com[1].htmhtml
MD5:B5167F612FEA1494BDBA956D2B04DB12
SHA256:017ED12DE23AAEBD11C7653B4830838AEC067351EBCB4B64F390FD1EBA6F6600
2456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bmC0pGMXrhphrZJmniIZpeZiE7IA0Up7-VwGqa0iGVY[1].eoteot
MD5:B97E6FED3CF4F0134048278950B8538A
SHA256:A3DE3CC934110E6701EA0CC905891AEFEC27856948F8658297A16E28FEB5EE41
2456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\9_7S_tWeGDh5Pq3u05RVkvY6323mHUZFJMgTvxaG2iE[1].eoteot
MD5:F0B51B4FFD3407ED17AB9C0453520E23
SHA256:70AC7B1C8B379E82DBD3D80AEFA387BA913BA7FA62004B4AE13621D9B67F120F
2456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\9VWMTeb5jtXkNoTv949NpVQlYEbsez9cZjKsNMjLOwM[1].eoteot
MD5:1032A4D88A62EE188F0BB110578CB852
SHA256:45EEE778D3C89838FD2AAF6B83B219A9FFCE674CAA434364281C94C78A87C42B
2456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\t6Nd4cfPRhZP44Q5QAjcC-ZiE7IA0Up7-VwGqa0iGVY[1].eoteot
MD5:032C16DBE18C90570EBE489A666A5020
SHA256:5F4D371BFE71907B6D0C57B29246970D3BEEFAFE260662EBD752836474579546
2456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\h3r77AwDsldr1E_2g4qqGFQlYEbsez9cZjKsNMjLOwM[1].eoteot
MD5:38E475FA8F7B8B2AE5007F129EA66D51
SHA256:7809B88F1511587DC80B4E1652367D7C23FC4941D775C970974955CA88DB487C
2456iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\-GlaWpWcSgdVagNuOGuFKalSqKUsDpiXlwfj-ZM2w_A[1].eoteot
MD5:68B419964204957CB14C0DF6794E6FF4
SHA256:AA933CFFE3B6309AFE39A28D82DFCC2B8A33C428237198F5CBBD9763170452DF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
564
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2788
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2788
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2456
iexplore.exe
216.58.215.227:443
fonts.gstatic.com
Google Inc.
US
whitelisted
2456
iexplore.exe
13.35.253.18:443
static.parastorage.com
US
unknown
2456
iexplore.exe
185.230.62.161:443
www.ventasfemsa.com
malicious
13.35.253.18:443
static.parastorage.com
US
unknown
2788
iexplore.exe
13.35.253.92:443
static.parastorage.com
US
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.ventasfemsa.com
  • 185.230.62.161
malicious
static.parastorage.com
  • 13.35.253.18
  • 13.35.253.92
  • 13.35.253.53
  • 13.35.253.126
shared
fonts.gstatic.com
  • 216.58.215.227
whitelisted

Threats

No threats detected
No debug info