analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://t.aslnk.link/4px7ofia4g?url_id=0&aff_id=152598&offer_id=3664&bo=2779,2778,2777,2776,2775

Full analysis: https://app.any.run/tasks/9de9acb9-2ec1-4611-b591-74a68b03ce48
Verdict: Malicious activity
Analysis date: November 18, 2020, 13:57:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

05A8399E73766AFFD81FB246D3B50FFE

SHA1:

0862B8007A1F23C2B95F394BB583E61A4D2AF89E

SHA256:

3B91A0AF389593824C84B547D83AFE58E7F66F143CE4C50DC7D62AC9C34200D4

SSDEEP:

3:N8DBZOy5RkaKnBO8bQ5dWKtxmUSuSS/ZG:2fL5RkaKnIGQH7vSd6G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3040)

  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2308)

    • Changes internet zones settings

      • iexplore.exe (PID: 2308)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2168)
      • iexplore.exe (PID: 2308)

    • Creates files in the user directory

      • iexplore.exe (PID: 2168)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3040)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2308)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 2168)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2168)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2308)

    • Application launched itself

      • iexplore.exe (PID: 2308)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2308"C:\Program Files\Internet Explorer\iexplore.exe" https://t.aslnk.link/4px7ofia4g?url_id=0&aff_id=152598&offer_id=3664&bo=2779,2778,2777,2776,2775C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2168"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2308 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3040C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version:
26,0,0,131
Total events
1 785
Read events
757
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
90
Text files
336
Unknown types
91

Dropped files

PID
Process
Filename
Type
2168iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabA1C6.tmp
MD5:
SHA256:
2168iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarA1C7.tmp
MD5:
SHA256:
2168iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WSNQISA.txt
MD5:
SHA256:
2308iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2168iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ABDTVF6J.txt
MD5:
SHA256:
2168iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\P3RP9Q9W.txt
MD5:
SHA256:
2168iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\7GC9V172.txt
MD5:
SHA256:
2308iexplore.exeC:\Users\admin\AppData\Local\Temp\CabB55E.tmp
MD5:
SHA256:
2308iexplore.exeC:\Users\admin\AppData\Local\Temp\CabB55F.tmp
MD5:
SHA256:
2308iexplore.exeC:\Users\admin\AppData\Local\Temp\TarB560.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
84
DNS requests
40
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2168
iexplore.exe
GET
200
2.16.177.195:80
http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
unknown
der
1.37 Kb
whitelisted
2168
iexplore.exe
GET
200
143.204.214.74:80
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEArnkJJquwZsSUijmXfo6BQ%3D
US
der
471 b
whitelisted
2168
iexplore.exe
GET
200
13.35.253.185:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
2168
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRyyuDOSqb8BtprWZSAvBT9kFoYdwQU%2BftQxItnu2dk%2FoMhpqnOP1WEk5kCEFTCteD2YdLBzURYFmh%2B9UU%3D
US
der
471 b
whitelisted
2168
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
2168
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQCMUDoCjXoW9Ix1kjTHLBLw
US
der
472 b
whitelisted
2168
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEQCTi7COYph7T3X5jLalBFyW
US
der
728 b
whitelisted
2168
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2168
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
2168
iexplore.exe
GET
200
13.35.253.185:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2168
iexplore.exe
205.185.216.10:443
ckstatic.com
Highwinds Network Group, Inc.
US
whitelisted
2168
iexplore.exe
2.16.177.195:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
unknown
2168
iexplore.exe
13.35.253.185:80
ocsp.rootg2.amazontrust.com
US
whitelisted
2168
iexplore.exe
99.86.2.110:443
t.aslnk.link
AT&T Services, Inc.
US
malicious
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2308
iexplore.exe
99.86.2.83:443
t.aslnk.link
AT&T Services, Inc.
US
suspicious
2168
iexplore.exe
18.195.149.11:443
a.vfgtg.com
Amazon.com, Inc.
DE
suspicious
2308
iexplore.exe
99.86.2.110:443
t.aslnk.link
AT&T Services, Inc.
US
malicious
2168
iexplore.exe
185.75.253.87:443
promo-bc.com
Viking Host B.V.
NL
suspicious
2168
iexplore.exe
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
t.aslnk.link
  • 99.86.2.83
  • 99.86.2.95
  • 99.86.2.110
  • 99.86.2.78
malicious
o.ss2.us
  • 143.204.214.219
  • 143.204.214.110
  • 143.204.214.40
  • 143.204.214.76
whitelisted
ocsp.rootg2.amazontrust.com
  • 13.35.253.185
  • 13.35.253.198
  • 13.35.253.5
  • 13.35.253.148
whitelisted
ocsp.rootca1.amazontrust.com
  • 13.35.253.185
  • 13.35.253.5
  • 13.35.253.148
  • 13.35.253.198
shared
ocsp.sca1b.amazontrust.com
  • 143.204.214.74
  • 143.204.214.169
  • 143.204.214.142
  • 143.204.214.141
whitelisted
ckstatic.com
  • 205.185.216.10
suspicious
isrg.trustid.ocsp.identrust.com
  • 2.16.177.195
  • 2.16.177.210
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
a.vfgtg.com
  • 18.195.149.11
suspicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://t.aslnk.link/4px7ofia4g?url_id=0&aff_id=152598&offer_id=3664&bo=2779,2778,2777,2776,2775