analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| URL: | https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/qa1/crossdomain.html |
| Full analysis: | https://app.any.run/tasks/d1c70cab-7b23-44ee-8056-f069d399074a |
| Verdict: | Malicious activity |
| Analysis date: | May 12, 2020, 20:53:13 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MD5: | 6C127F733EC88D9B92EE45FE3814A080 |
| SHA1: | EF3F38BABCC6B08084E25A54106A64E058E4E858 |
| SHA256: | CA708B12670D6B795325C4DB0FBAC5F98FD443277B5709253F2BC13CD8F5FBF6 |
| SSDEEP: | 3:N8gGdUXR7IASefAZHJIUkRnGdKRPIJ:2gKe53RV0 |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
Changes internet zones settings
- iexplore.exe (PID: 1328)
Application launched itself
- iexplore.exe (PID: 1328)
Reads Internet Cache Settings
- iexplore.exe (PID: 1328)
- iexplore.exe (PID: 2124)
Reads internet explorer settings
- iexplore.exe (PID: 2124)
Reads settings of System Certificates
- iexplore.exe (PID: 2124)
- iexplore.exe (PID: 1328)
Adds / modifies Windows certificates
- iexplore.exe (PID: 1328)
Changes settings of System certificates
- iexplore.exe (PID: 1328)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
41
Monitored processes
2
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 1328 | "C:\Program Files\Internet Explorer\iexplore.exe" https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/qa1/crossdomain.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
| 2124 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1328 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
Total events
5 260
Read events
440
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
18
Text files
4
Unknown types
9
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2124 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab859A.tmp | — | |
MD5:— | SHA256:— | |||
| 2124 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar859B.tmp | — | |
MD5:— | SHA256:— | |||
| 1328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
| 1328 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab2479.tmp | — | |
MD5:— | SHA256:— | |||
| 1328 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar247A.tmp | — | |
MD5:— | SHA256:— | |||
| 1328 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2631.tmp | — | |
MD5:— | SHA256:— | |||
| 2124 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B | binary | |
MD5:A75970D10CB970780722162509328546 | SHA256:2349CC3907EEF2221B417C4D41CBFF0491F336593C5B43161E90CA8C189D1C75 | |||
| 2124 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6399599283C741F0889D605400BE94F4 | binary | |
MD5:C7EF8729319CB7F650ED6F57E2DBAADE | SHA256:D3360B0DDFB4E1D96C5D118784AB933C813646639416732E7972585CA9DD0800 | |||
| 2124 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6399599283C741F0889D605400BE94F4 | der | |
MD5:725D9C0F520065F477E1B88BFB1E29CA | SHA256:05F5A8015239EAEE3A1992D70A894ED92DC292A28966DB8F5EC64E200EAF8324 | |||
| 2124 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | der | |
MD5:3F76E98E5D7D11258B3BC2727C3AE6A4 | SHA256:339B6CD0A131D3B087EF966C98E55B71761361A4B0E4C90DA756A8D49C18D892 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
16
DNS requests
11
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
1328 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2124 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
2124 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
2124 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D | US | der | 471 b | whitelisted |
2124 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDiHhzixa%2FTaUI0wuaLdg4N | US | der | 472 b | whitelisted |
2124 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D | US | der | 471 b | whitelisted |
2124 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDiHhzixa%2FTaUI0wuaLdg4N | US | der | 472 b | whitelisted |
1328 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
1328 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
1328 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2124 | iexplore.exe | 151.139.128.14:80 | ocsp.usertrust.com | Highwinds Network Group, Inc. | US | suspicious |
— | — | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1328 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1328 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2124 | iexplore.exe | 13.35.254.90:443 | 1.c81358859121583b7adf2ace89cb39f44.com | — | US | whitelisted |
1328 | iexplore.exe | 13.35.254.90:443 | 1.c81358859121583b7adf2ace89cb39f44.com | — | US | whitelisted |
— | — | 13.35.254.90:443 | 1.c81358859121583b7adf2ace89cb39f44.com | — | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
1.c81358859121583b7adf2ace89cb39f44.com |
| shared |
ocsp.usertrust.com |
| whitelisted |
ocsp.sectigo.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |