analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| URL: | http://focuquc.com/update?os=win&arch=x86&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=58.0.3025.0&lang=en-US&x=id=inhdgbalcopmbpjfincjponejamhaeop&v=14.1.4.51&installsource=notfromwebstore&uc&ap=aflt=wcb_fjnh3nrsiacegikm3ve_18_46_cg19783&guid=2ff55a5c-926e-43bc-904e-0f0585d0243c&xlp_sess_guid=2ff55a5c-926e-43bc-904e-0f0585d0243c&client=chromium&cd=2XzuyEtN2Y1L1Qzu0FzzzyyE0CtBtAzy0ByDyDyCyD0E0EtAtN0D0Tzu0StByDtDzytN1L2XzuyEtFtBzztFtDtFtCtBtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0CtD0C0CtAtGtC0C0C0BtGtBzz0AzytGyDtA0CzytG0C0B0E0ByBtAyB0A0E0Dzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1Q1O1PyBtDtC1OtGyEyE1TyCtGyE1TtA1TtGzztA1QzytG1R1RtD1QyC1TtA1Tzz1R1T1Q2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzyyBzztAtN1Q2Z1B1P1RzutCyDyEtBtByEzztBzztD&cr=1761082230 |
| Full analysis: | https://app.any.run/tasks/8724188e-e888-4cb7-b5ee-94f9e3839154 |
| Verdict: | Malicious activity |
| Analysis date: | December 06, 2019, 16:26:05 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 106DD2859F90B6F53275B3516A3E1D5C |
| SHA1: | 246861065C73A83980326405E98A55D34FE349F8 |
| SHA256: | F9B5DBD98BA2169BB6CE2734895292A819ABDE47EB62592070C09CFE5BE9D622 |
| SSDEEP: | 12:NqUN7I0CDvdtGXf/rAE9OBMeOBMju0TVB0Ov0nbNazyBcxCkRGoZ4cB+St3L01yR:NXR+2fkE9OBMLBMDxpoNSskRGG4w9tnR |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
Reads Internet Cache Settings
- iexplore.exe (PID: 3156)
Changes internet zones settings
- iexplore.exe (PID: 2148)
Application launched itself
- iexplore.exe (PID: 2148)
Reads internet explorer settings
- iexplore.exe (PID: 3156)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2148 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://focuquc.com/update?os=win&arch=x86&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=58.0.3025.0&lang=en-US&x=id=inhdgbalcopmbpjfincjponejamhaeop&v=14.1.4.51&installsource=notfromwebstore&uc&ap=aflt=wcb_fjnh3nrsiacegikm3ve_18_46_cg19783&guid=2ff55a5c-926e-43bc-904e-0f0585d0243c&xlp_sess_guid=2ff55a5c-926e-43bc-904e-0f0585d0243c&client=chromium&cd=2XzuyEtN2Y1L1Qzu0FzzzyyE0CtBtAzy0ByDyDyCyD0E0EtAtN0D0Tzu0StByDtDzytN1L2XzuyEtFtBzztFtDtFtCtBtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0CtD0C0CtAtGtC0C0C0BtGtBzz0AzytGyDtA0CzytG0C0B0E0ByBtAyB0A0E0Dzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1Q1O1PyBtDtC1OtGyEyE1TyCtGyE1TtA1TtGzztA1QzytG1R1RtD1QyC1TtA1Tzz1R1T1Q2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzyyBzztAtN1Q2Z1B1P1RzutCyDyEtBtByEzztBzztD&cr=1761082230" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
| 3156 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2148 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
Total events
343
Read events
282
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
5
Unknown types
4
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2148 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
| 2148 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
| 3156 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120620191207\index.dat | dat | |
MD5:6A6938293C5491FD8E008127E55713B9 | SHA256:09501FC3EC11D37AB10FA92F8FDBA0ACBB45A7D39A55D720212BC781503CAFA1 | |||
| 3156 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:BE945BDE58A302FE75167850749C1905 | SHA256:3D5C15CD750084B99102587159B31EEAC3559E157A6CE213A68734D2596DA39C | |||
| 3156 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:2216A944DDA0303AC65F7A1ACDC6933D | SHA256:67E6F2B716D40E75D7CFD5A94DCE6738EFAAE05ECA8131B2D36934EF73BCA589 | |||
| 2148 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
| 3156 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\20M5X0V6\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
| 2148 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120620191207\index.dat | dat | |
MD5:82BBC4D3F5EA598E364B0F3A6B9289C0 | SHA256:8EAE46BFDE7E9C59129934B74D75F5FEB0EA3FFD4351C228F7FC436EEE8E57FA | |||
| 3156 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K5F2HQ7J\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
| 3156 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D4RKSZO4\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
3
DNS requests
2
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
3156 | iexplore.exe | GET | 200 | 54.225.123.93:80 | http://focuquc.com/update?os=win&arch=x86&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=58.0.3025.0&lang=en-US&x=id=inhdgbalcopmbpjfincjponejamhaeop&v=14.1.4.51&installsource=notfromwebstore&uc&ap=aflt=wcb_fjnh3nrsiacegikm3ve_18_46_cg19783&guid=2ff55a5c-926e-43bc-904e-0f0585d0243c&xlp_sess_guid=2ff55a5c-926e-43bc-904e-0f0585d0243c&client=chromium&cd=2XzuyEtN2Y1L1Qzu0FzzzyyE0CtBtAzy0ByDyDyCyD0E0EtAtN0D0Tzu0StByDtDzytN1L2XzuyEtFtBzztFtDtFtCtBtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StD0Fzy0CtD0C0CtAtGtC0C0C0BtGtBzz0AzytGyDtA0CzytG0C0B0E0ByBtAyB0A0E0Dzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1Q1O1PyBtDtC1OtGyEyE1TyCtGyE1TtA1TtGzztA1QzytG1R1RtD1QyC1TtA1Tzz1R1T1Q2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzyyBzztAtN1Q2Z1B1P1RzutCyDyEtBtByEzztBzztD&cr=1761082230 | US | binary | 1 b | malicious |
2148 | iexplore.exe | GET | 403 | 54.225.123.93:80 | http://focuquc.com/favicon.ico | US | — | — | malicious |
2148 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3156 | iexplore.exe | 54.225.123.93:80 | focuquc.com | Amazon.com, Inc. | US | malicious |
— | — | 54.225.123.93:80 | focuquc.com | Amazon.com, Inc. | US | malicious |
DNS requests
Domain | IP | Reputation |
|---|---|---|
focuquc.com |
| malicious |
www.bing.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
3156 | iexplore.exe | Misc activity | ADWARE [PTsecurity] AdLoad (PUA:Win32/Catalina) |