analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://trappedtree.com/

Full analysis: https://app.any.run/tasks/c79ed94e-fe9d-4b24-a701-c7b8d801e83b
Verdict: Malicious activity
Analysis date: August 12, 2022, 18:33:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

7FAC7F28B6B3724AC0B4587102B128F8

SHA1:

C761D13CE779F269C8BCF969E89DA57E4397D29D

SHA256:

F981914151DFDFBC10EB731EA59FFBAA94D0B55C4D2255A42F4BEEB057A4292B

SSDEEP:

3:N1KKXEVqnfIK:CKXJfIK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3416)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3416)
      • iexplore.exe (PID: 1300)
    • Checks supported languages

      • iexplore.exe (PID: 1300)
      • iexplore.exe (PID: 3416)
    • Changes internet zones settings

      • iexplore.exe (PID: 1300)
    • Application launched itself

      • iexplore.exe (PID: 1300)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 1300)
      • iexplore.exe (PID: 3416)
    • Changes settings of System certificates

      • iexplore.exe (PID: 1300)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3416)
      • iexplore.exe (PID: 1300)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3416)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1300"C:\Program Files\Internet Explorer\iexplore.exe" "http://trappedtree.com/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3416"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1300 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
10 021
Read events
9 898
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
11
Text files
11
Unknown types
7

Dropped files

PID
Process
Filename
Type
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:FC4481675963028318EA82CBE21ECE3F
SHA256:0EAD5760BF55B283AA10DDB80197420980C98386E6F29DFC5A3FE56D8554D131
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_7A6811D4A6D8E5D9A83111D47C405249der
MD5:DC8E8924DDF298805E2F08938429D085
SHA256:B7E8204149DA4FF6068979DDF698FD46AC084A8E5B57BC44A5A64D81F9572B46
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:F11DA20B38226B06C6B73D5B09CD580A
SHA256:22FD1FA46ACD32841013669A552E573D73CFF66F02182D2B1ACD0B1C611A16F3
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_7A6811D4A6D8E5D9A83111D47C405249binary
MD5:2496701492DBCA9259FB753F4F88C2F0
SHA256:0D32F89FEC1A2621B47B6B348CDBCB3AF723A74E836402700AF05D55AAE66A8B
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAder
MD5:5A11C6099B9E5808DFB08C5C9570C92F
SHA256:91291A5EDC4E10A225D3C23265D236ECC74473D9893BE5BD07E202D95B3FB172
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_6C5C4E1A482F75D0EA0262D75C3C6DA4binary
MD5:C0FB4D81F8DCCCBBF3AB244223B13133
SHA256:F5EFEDF544A95713AED99EABCD40AB64736CD8AF122F756B602D10AC25214E8C
1300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:EE87BB11E233C12009CC11725035DBDC
SHA256:D82930A5B051B3C3F1639C24E83BDDF41D5AA66E467A0944D1AC3D59AE6330C5
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:FC4A5A9D19C073BF2FCB2090CE0F8D1E
SHA256:33DEFDCBE87BC5E257D30F2FA45683F7898FF0FF1327D1E6753BD51A657A3DA2
3416iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EHPLLYM8.txttext
MD5:1F07CFEB2AA829D70BB0A8D1198566DC
SHA256:61B25B576F838907FB1EA15D0EA5C390993C60A522374D67917B5E036E9D45E7
3416iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:AE56D8949D705BBAF7E7766C56E7E5D8
SHA256:041C998CC6795DF95F1B02CAA883A90396388A4EA513FCF4002DEDF620FE3DEA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
32
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3416
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
3416
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCsaQm9IjtQWwpY0PgImSGA
US
der
472 b
whitelisted
1300
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3416
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC7KoDMFPzdvBICsqCGvR0X
US
der
472 b
whitelisted
3416
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
3416
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDGaM9nfILxSxIGz%2Bm2TRwQ
US
der
472 b
whitelisted
1300
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3416
iexplore.exe
GET
200
8.249.61.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9eae438d1ab9dc75
US
compressed
4.70 Kb
whitelisted
3416
iexplore.exe
GET
301
192.243.59.12:80
http://trappedtree.com/
US
html
169 b
malicious
3416
iexplore.exe
GET
200
8.249.61.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a9528d093f22c3eb
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3416
iexplore.exe
172.217.16.206:443
google.com
Google Inc.
US
whitelisted
3416
iexplore.exe
192.243.59.12:80
trappedtree.com
DataWeb Global Group B.V.
US
malicious
3416
iexplore.exe
142.250.185.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted
1300
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3416
iexplore.exe
8.249.61.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
3416
iexplore.exe
216.58.212.132:443
www.google.com
Google Inc.
US
whitelisted
1300
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3416
iexplore.exe
142.250.184.206:443
consent.google.com
Google Inc.
US
whitelisted
3416
iexplore.exe
142.250.184.227:443
www.gstatic.com
Google Inc.
US
whitelisted
1300
iexplore.exe
13.107.22.200:443
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
trappedtree.com
  • 192.243.59.12
  • 192.243.59.13
  • 192.243.61.225
  • 192.243.59.20
  • 192.243.61.227
malicious
google.com
  • 172.217.16.206
whitelisted
ctldl.windowsupdate.com
  • 8.249.61.254
  • 8.241.45.126
  • 8.249.63.254
  • 8.238.176.254
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 131.253.33.200
  • 13.107.22.200
whitelisted
ocsp.pki.goog
  • 142.250.185.163
whitelisted
www.google.com
  • 216.58.212.132
whitelisted
consent.google.com
  • 142.250.184.206
shared
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.gstatic.com
  • 142.250.184.227
whitelisted

Threats

No threats detected
No debug info