analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://younglist.net/?167

Full analysis: https://app.any.run/tasks/9bfdf4b4-40cb-4cfa-99a7-e0d0812318ea
Verdict: No threats detected
Analysis date: July 29, 2020, 00:42:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

65865B930E333D200E55B86FD272C38E

SHA1:

93549CF18E2D516D633A02854AC146D77101BE05

SHA256:

29DEB157D1B4500DA63E92064C3C9A13634CFCB01CA1F6DAB2BF0C0E3B974B92

SSDEEP:

3:N1KHKJXxe:CqJo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2140)
      • iexplore.exe (PID: 1724)

    • Changes internet zones settings

      • iexplore.exe (PID: 2140)

    • Creates files in the user directory

      • iexplore.exe (PID: 1724)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1724)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2140)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2140)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2140"C:\Program Files\Internet Explorer\iexplore.exe" http://younglist.net/?167C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1724"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2140 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
794
Read events
712
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
24
Text files
15
Unknown types
11

Dropped files

PID
Process
Filename
Type
1724iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab6707.tmp
MD5:
SHA256:
1724iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar6708.tmp
MD5:
SHA256:
2140iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1724iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\MC7D178Z.txt
MD5:
SHA256:
1724iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\2HWN41B5.txt
MD5:
SHA256:
1724iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\34HWS5L1.txt
MD5:
SHA256:
1724iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\OI4M6CCO.txt
MD5:
SHA256:
1724iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\brt[1].jstext
MD5:B8F3C9259CBC58ECCFB4E5117A1B4862
SHA256:8AB3218D7D139E1FB278F454E4AEBB64BDD6923C77B5E8DBBE123838F29E4E1F
1724iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\22V1UURC.txt
MD5:
SHA256:
1724iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RZ80FWJN.txt
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
35
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1724
iexplore.exe
GET
200
2.16.186.11:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgOKRO2JsupAVbg4yKMG3RxR1A%3D%3D
unknown
der
527 b
whitelisted
1724
iexplore.exe
GET
200
2.16.186.11:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgT9FXU76DUYAducHgIEBbGd6A%3D%3D
unknown
der
527 b
whitelisted
1724
iexplore.exe
GET
200
37.1.223.246:80
http://younglist.net/?167
DE
html
4.04 Kb
suspicious
1724
iexplore.exe
GET
200
2.16.186.11:80
http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
unknown
der
1.37 Kb
whitelisted
1724
iexplore.exe
GET
200
151.139.128.10:80
http://cdn.popcash.net/pop.js
US
text
35.8 Kb
whitelisted
1724
iexplore.exe
GET
200
2.16.186.11:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgOYNHnQArS7TzmuZh7nogmJVA%3D%3D
unknown
der
527 b
whitelisted
1724
iexplore.exe
GET
200
37.1.223.246:80
http://younglist.net/cinzcntcnqyz.php
DE
text
11.2 Kb
suspicious
1724
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/gsalphasha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSE1Wv4CYvTB7dm2OHrrWWWqmtnYQQU9c3VPAhQ%2BWpPOreX2laD5mnSaPcCDCJFEKgPDTLEr%2BDWwQ%3D%3D
US
der
1.49 Kb
whitelisted
2140
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
1724
iexplore.exe
GET
200
109.206.162.83:80
http://meowpushnot.com/t/9/fret/meow4/1006276/brt.js
NL
text
31.4 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1724
iexplore.exe
109.206.162.83:80
meowpushnot.com
Serverel Inc.
NL
suspicious
1724
iexplore.exe
151.139.128.11:80
cdn.popcash.net
Highwinds Network Group, Inc.
US
malicious
1724
iexplore.exe
2.16.186.11:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
whitelisted
151.139.128.10:80
cdn.popcash.net
Highwinds Network Group, Inc.
US
malicious
2140
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1724
iexplore.exe
37.1.223.246:80
younglist.net
Leaseweb Deutschland GmbH
DE
unknown
1724
iexplore.exe
52.71.209.44:443
dcba.popcash.net
Amazon.com, Inc.
US
unknown
1724
iexplore.exe
109.206.162.83:443
meowpushnot.com
Serverel Inc.
NL
suspicious
1724
iexplore.exe
46.105.201.240:80
s10.histats.com
OVH SAS
FR
suspicious
1724
iexplore.exe
192.99.8.27:443
s4.histats.com
OVH SAS
CA
suspicious

DNS requests

Domain
IP
Reputation
younglist.net
  • 37.1.223.246
suspicious
meowpushnot.com
  • 109.206.162.83
whitelisted
cdn.popcash.net
  • 151.139.128.11
  • 151.139.128.10
whitelisted
isrg.trustid.ocsp.identrust.com
  • 2.16.186.11
  • 2.16.186.35
whitelisted
ocsp.int-x3.letsencrypt.org
  • 2.16.186.11
  • 2.16.186.27
whitelisted
ulukaris.com
  • 109.206.162.83
suspicious
sdkfjxjertertry.com
  • 109.206.162.83
suspicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
dcba.popcash.net
  • 52.71.209.44
  • 52.44.164.223
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://younglist.net/?167