URL:

https://hackfreeonline.com/hack-facebook/

Full analysis: https://app.any.run/tasks/38b4235c-9ee5-49e9-9058-572670c4b949
Verdict: No threats detected
Analysis date: June 23, 2019, 17:47:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

F6E9A08C38B6003D18A8EC148D0074C4

SHA1:

4BC4647EF1261C0FA7A9FE3CAC95F2667EB74477

SHA256:

F9A0DF0B977C7D1B6AFA54896B5A13A6CAEEF94DDEB867FDAA3FFA8C16126992

SSDEEP:

3:N841eIA2KNE2YXXn:241dNXX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2404)

  • INFO

    • Changes settings of System certificates

      • iexplore.exe (PID: 3300)

    • Creates files in the user directory

      • iexplore.exe (PID: 3300)
      • iexplore.exe (PID: 2436)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2404)

    • Application launched itself

      • iexplore.exe (PID: 3300)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3300)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2436)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2436)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3300)

    • Changes internet zones settings

      • iexplore.exe (PID: 3300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3300"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2436"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3300 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2404C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
476
Read events
395
Write events
77
Delete events
4

Modification events

(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{F636811D-95DE-11E9-A09E-5254004A04AF}
Value:
0
(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(3300) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E30706000000170011002F001B000F01
Executable files
0
Suspicious files
0
Text files
67
Unknown types
10

Dropped files

PID
Process
Filename
Type
3300iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
3300iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2436iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02YNA1ZY\hack-facebook[1].txt
MD5:
SHA256:
2436iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S6LYXI3P\js[1]text
MD5:1E17E57C7D445D126D7DC0E2544AB876
SHA256:6684519F92B4E1C5CF955ECC6041318EDB0546A24DE63B0CB094CE0EA82527C1
2436iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:F154D5FF31833F88EF869A1715070484
SHA256:F8A9DFF309CF12461E58BC2F2E45C824B2A25E1CE77B3FFFAF1D3E5BC0E82B37
2436iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@hackfreeonline[1].txttext
MD5:5808665B2CEF7CA0D6C775910195CBFA
SHA256:8439969CC4BB2AD7A096172B6EF14544E47A8F7BC1541DF7BE535FD910D6EFDF
2436iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02YNA1ZY\hack-facebook[1].htmhtml
MD5:7535F8AD105C8FF71B258AC4C5936556
SHA256:3D243368E42B0A015CBBF6F5026A3949BDFFDE5166CFBB5380C5A2208172D944
2436iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:034C05D1592CB088812CDB3923779F3E
SHA256:C9ED10FB3556D53779E5BE540FB3EAD3343D9E95D1132DE181AEB124AB4208E4
2436iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02YNA1ZY\hack_facebook[1].pngimage
MD5:5E5745E20DAD718B29A21706647C2058
SHA256:48BCA0DB9C8B1519F4D5E9B52D9689AB03E0B98B0A370F3525796B6BF885051B
2436iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\66P9UXPT\wait[1].svgimage
MD5:BAF13A7EDAB76CC9AC2D58EB8ACCEAAD
SHA256:BEF88752618C7E022F23D6787668B01A337F2371D35F2C266C6B1347F4D1A233
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
41
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3300
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3300
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2436
iexplore.exe
209.197.3.15:443
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
2436
iexplore.exe
104.18.32.178:443
hackfreeonline.com
Cloudflare Inc
US
shared
2436
iexplore.exe
216.58.205.232:443
www.googletagmanager.com
Google Inc.
US
whitelisted
2436
iexplore.exe
172.217.18.100:443
www.google.com
Google Inc.
US
whitelisted
2436
iexplore.exe
172.217.22.78:443
www.google-analytics.com
Google Inc.
US
whitelisted
2436
iexplore.exe
104.19.198.151:443
cdnjs.cloudflare.com
Cloudflare Inc
US
shared
2436
iexplore.exe
172.217.23.138:443
ajax.googleapis.com
Google Inc.
US
whitelisted
2436
iexplore.exe
205.185.208.52:443
code.jquery.com
Highwinds Network Group, Inc.
US
unknown
2436
iexplore.exe
172.217.23.163:443
www.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
hackfreeonline.com
  • 104.18.32.178
  • 104.18.33.178
malicious
www.googletagmanager.com
  • 216.58.205.232
whitelisted
www.google-analytics.com
  • 172.217.22.78
whitelisted
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
ajax.googleapis.com
  • 172.217.23.138
  • 216.58.206.10
  • 216.58.207.42
  • 216.58.207.74
  • 172.217.16.170
  • 216.58.208.42
  • 172.217.16.138
  • 172.217.22.42
  • 172.217.22.74
  • 216.58.210.10
  • 172.217.16.202
  • 172.217.18.106
  • 172.217.21.202
  • 216.58.205.234
  • 172.217.21.234
  • 172.217.22.10
whitelisted
www.google.com
  • 172.217.18.100
malicious
cdnjs.cloudflare.com
  • 104.19.198.151
  • 104.19.195.151
  • 104.19.196.151
  • 104.19.199.151
  • 104.19.197.151
whitelisted
www.gstatic.com
  • 172.217.23.163
whitelisted
code.jquery.com
  • 205.185.208.52
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://hackfreeonline.com/hack-facebook/