General Info - ANY.RUN

Trang chủ » Http://atlasti.com/product/v8-windows/ » General Info - ANY.RUN

Có thể bạn quan tâm

General Info

Add for printing
URL: https://atlasti.com/product/v8-windows/
Full analysis: https://app.any.run/tasks/b8fa4326-e714-422b-8e13-a566f10680f0
Verdict: No threats detected
Analysis date: June 26, 2019, 18:44:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1463338D25405A7BC155C13F4230EC13

SHA1:

0E584204F2BF93D58858083F88BB7B44DA220B2D

SHA256:

32E78783874221A45489592965203EF47F99075937878782E9BAA9940BF6E2DA

SSDEEP:

3:N8yZiaQGRKTdsN:2yBRKRsN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration: 60 secondsHeavy Evasion option: offNetwork geolocation: offAdditional time used: noneMITM proxy: offPrivacy: Public submissionFakenet option: offRoute via Tor: offAutoconfirmation of UAC: onNetwork: on
Software preset
  • Internet Explorer 8.0.7601.17514 undefined
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)
Hotfixes
  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

Add for printing

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2484)

  • INFO

    • Creates files in the user directory

      • iexplore.exe (PID: 2576)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2484)
      • iexplore.exe (PID: 2124)

    • Changes internet zones settings

      • iexplore.exe (PID: 2124)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2576)
      • iexplore.exe (PID: 3132)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2124)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2124)

    • Application launched itself

      • iexplore.exe (PID: 2124)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2576)
      • iexplore.exe (PID: 3132)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Malware configuration

Add for printing No Malware configuration.

Static information

Add for printing No data.

Video and screenshots

Add for printingscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotAll screenshots are available in the full report All screenshots are available in the full report

Processes

Add for printingTotal processes37Monitored processes4Malicious processes0Suspicious processes0

Behavior graph

Click at the process to see the details start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs iexplore.exe - +

Specs description

  • Program did not start
  • Low-level access to the HDD
  • Process was added to the startup
  • Debug information is available
  • Probably Tor was used
  • Behavior similar to spam
  • Task has injected processes
  • Executable file was dropped
  • Known threat
  • RAM overrun
  • Network attacks were detected
  • Integrity level elevation
  • Connects to the network
  • CPU overrun
  • Process starts the services
  • System was rebooted
  • Task contains several apps running
  • Application downloaded the executable file
  • Actions similar to stealing personal data
  • Task has apps ended with an error
  • File is detected by antivirus software
  • Inspected object has suspicious PE structure
  • Behavior similar to exploiting the vulnerability
  • Task contains an error or was rebooted
  • The process has the malware config

Process information

PIDCMDPathIndicatorsParent process
2124"C:\Program Files\Internet Explorer\iexplore.exe" https://atlasti.com/product/v8-windows/C:\Program Files\Internet Explorer\iexplore.exeexplorer.exe

Information

User:adminCompany:Microsoft CorporationIntegrity Level:MEDIUMDescription:Internet ExplorerExit code:0Version:8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • Next
2484C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe

Information

User:adminCompany:Adobe Systems IncorporatedIntegrity Level:MEDIUMDescription:Adobe® Flash® Player Installer/Uninstaller 26.0 r0Exit code:0Version:26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
2576"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2124 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe

Information

User:adminCompany:Microsoft CorporationIntegrity Level:LOWDescription:Internet ExplorerExit code:0Version:8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 12
  • Next
3132"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2124 CREDAT:203009C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe

Information

User:adminCompany:Microsoft CorporationIntegrity Level:LOWDescription:Internet ExplorerExit code:0Version:8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • Next

Registry activity

Add for printingTotal events723Read events595Write events124Delete events4

Modification events

(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:0
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:0
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:1
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:1
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:0
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{7CE49C35-9842-11E9-A370-5254004A04AF}
Value:0
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:4
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:1
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:E307060003001A0012002C003700DE01
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 10
  • Next
10
  • 10
  • 20
  • 30
  • 40
  • 60

Files activity

Add for printingExecutable files0Suspicious files0Text files76Unknown types15

Dropped files

PIDProcessFilenameType
2124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:SHA256:
2124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:SHA256:
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5X478D6\v8-windows[1].txt
MD5:SHA256:
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:SHA256:
2576iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atlasti[1].txttext
MD5:SHA256:
2576iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:SHA256:
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5X478D6\v8-windows[1].htmhtml
MD5:SHA256:
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBHPSZJ4\custom[1].csstext
MD5:SHA256:
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5X478D6\app.ff2997fc[1].csstext
MD5:SHA256:
2576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CBHPSZJ4\custom[2].csstext
MD5:SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 10
  • Next
10
  • 10
  • 20
  • 30
  • 40
  • 60

Network activity

Add for printingHTTP(S) requests20TCP/UDP connections72DNS requests12Threats0

HTTP requests

PIDProcessMethodHTTP CodeIPURLCNTypeSizeReputation
2576iexplore.exeGET301104.27.163.57:80http://atlasti.com/assets/klavika-regular.eot/?USwhitelisted
2576iexplore.exeGET301104.27.163.57:80http://atlasti.com/assets/klavika-lightitalic.eot/?USwhitelisted
2576iexplore.exeGET301104.27.163.57:80http://atlasti.com/assets/klavika-light.eot/?USwhitelisted
2576iexplore.exeGET301104.27.163.57:80http://atlasti.com/assets/klavika-regularitalic.eot/?USwhitelisted
2576iexplore.exeGET301104.27.163.57:80http://atlasti.com/assets/klavika-regular.eot/?USwhitelisted
2576iexplore.exeGET301104.27.163.57:80http://atlasti.com/assets/klavika-regular.eot/?USwhitelisted
2124iexplore.exeGET301104.27.162.57:80http://atlasti.com/favicon.ico/USwhitelisted
2576iexplore.exeGET301104.27.163.57:80http://atlasti.com/assets/klavika-medium.eot/?USwhitelisted
2576iexplore.exeGET301104.27.163.57:80http://atlasti.com/assets/klavika-lightitalic.eot/?USwhitelisted
2576iexplore.exeGET301104.27.163.57:80http://atlasti.com/assets/klavika-mediumitalic.eot/?USwhitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
  • Previous
  • 1
  • 2
  • Next
10
  • 10
  • 20
  • 30
  • 40
  • 60

Connections

PIDProcessIPDomainASNCNReputation
2576iexplore.exe104.27.162.57:443atlasti.comCloudflare IncUSshared
2124iexplore.exe204.79.197.200:80www.bing.comMicrosoft CorporationUSwhitelisted
2576iexplore.exe104.19.197.151:443cdnjs.cloudflare.comCloudflare IncUSshared
2576iexplore.exe216.58.205.238:443www.google-analytics.comGoogle Inc.USwhitelisted
2576iexplore.exe172.217.16.142:443www.youtube.comGoogle Inc.USwhitelisted
2576iexplore.exe104.16.125.175:443unpkg.comCloudflare IncUSshared
2576iexplore.exe216.58.208.46:443s.ytimg.comGoogle Inc.USwhitelisted
2576iexplore.exe104.27.163.57:80atlasti.comCloudflare IncUSshared
104.27.163.57:80atlasti.comCloudflare IncUSshared
2576iexplore.exe104.27.163.57:443atlasti.comCloudflare IncUSshared
  • Previous
  • 1
  • 2
  • Next
10
  • 10
  • 20
  • 30
  • 40
  • 60

DNS requests

DomainIPReputation
atlasti.com
  • 104.27.162.57
  • 104.27.163.57
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared
cdnjs.cloudflare.com
  • 104.19.197.151
  • 104.19.195.151
  • 104.19.198.151
  • 104.19.199.151
  • 104.19.196.151
whitelisted
www.google-analytics.com
  • 216.58.205.238
whitelisted
unpkg.com
  • 104.16.125.175
  • 104.16.123.175
  • 104.16.124.175
  • 104.16.122.175
  • 104.16.126.175
whitelisted
www.youtube.com
  • 172.217.16.142
  • 172.217.22.46
  • 172.217.22.110
  • 216.58.210.14
  • 172.217.18.110
  • 172.217.23.174
  • 216.58.205.238
  • 172.217.21.238
  • 172.217.18.14
  • 172.217.18.174
  • 216.58.206.14
  • 216.58.207.78
  • 172.217.16.174
whitelisted
s.ytimg.com
  • 216.58.208.46
whitelisted
stats.g.doubleclick.net
  • 64.233.166.156
  • 64.233.166.154
  • 64.233.166.157
  • 64.233.166.155
whitelisted
fonts.gstatic.com
  • 172.217.22.99
whitelisted
  • Previous
  • 1
  • 2
  • Next
10
  • 10
  • 20
  • 30
  • 40
  • 60

Threats

No threats detected

Debug output strings

Add for printingNo debug info

Từ khóa » Http://atlasti.com/product/v8-windows/