Opendir - ANY.RUN

Trang chủ » Http://adilab.com.co » Opendir - ANY.RUN

Có thể bạn quan tâm

General Info

Add for printing
URL: http://resultados.adilab.com.co/
Full analysis: https://app.any.run/tasks/fa45a3d1-7a1c-4a13-a716-57d5c04551a0
Verdict: No threats detected
Analysis date: August 30, 2018, 15:17:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags: opendir
Indicators:
MD5:

FC35540C12A6E7BBCDF31CE222FA74C2

SHA1:

59D6A8947F4E1D7DAED174ED667EFCD6E5AEACA2

SHA256:

B0EB61FEC6F4144EBA30EB857B1A9E58A4227A0A8534BAAFFC495A53B22848B8

SSDEEP:

3:N1KMV87IEMI:CMVjEx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration: 60 secondsHeavy Evasion option: offNetwork geolocation: offAdditional time used: noneMITM proxy: offPrivacy: Public submissionFakenet option: offRoute via Tor: offAutoconfirmation of UAC: onNetwork: on
Software preset
  • Internet Explorer 8.0.7601.17514 undefined
  • Adobe Acrobat Reader DC MUI (15.007.20033)
  • Adobe Flash Player 27 ActiveX (27.0.0.187)
  • Adobe Flash Player 27 NPAPI (27.0.0.187)
  • Adobe Flash Player 27 PPAPI (27.0.0.187)
  • CCleaner (5.35)
  • FileZilla Client 3.31.0 (3.31.0)
  • Google Chrome (61.0.3163.91)
  • Google Update Helper (1.3.33.5)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Home and Business 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (12.0.40660.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (12.0.40660)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (12.0.40660)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (14.11.25325.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.11.25325 (14.11.25325)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.11.25325 (14.11.25325)
  • Mozilla Firefox 55.0.3 (x86 en-US) (55.0.3)
  • Mozilla Maintenance Service (55.0.3)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype™ 7.39 (7.39.102)
  • Steam (2.10.91.91)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)
Hotfixes
  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

Add for printing

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Creates files in the user directory

      • iexplore.exe (PID: 1796)

    • Application launched itself

      • iexplore.exe (PID: 1796)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3400)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3400)

    • Dropped object may contain URL's

      • iexplore.exe (PID: 3400)
      • iexplore.exe (PID: 1796)

    • Changes internet zones settings

      • iexplore.exe (PID: 1796)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Malware configuration

Add for printing No Malware configuration.

Static information

Add for printing No data.

Video and screenshots

Add for printingscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotAll screenshots are available in the full report All screenshots are available in the full report

Processes

Add for printingTotal processes34Monitored processes2Malicious processes0Suspicious processes0

Behavior graph

Click at the process to see the details start iexplore.exe iexplore.exe - +

Specs description

  • Program did not start
  • Low-level access to the HDD
  • Process was added to the startup
  • Debug information is available
  • Probably Tor was used
  • Behavior similar to spam
  • Task has injected processes
  • Executable file was dropped
  • Known threat
  • RAM overrun
  • Network attacks were detected
  • Integrity level elevation
  • Connects to the network
  • CPU overrun
  • Process starts the services
  • System was rebooted
  • Task contains several apps running
  • Application downloaded the executable file
  • Actions similar to stealing personal data
  • Task has apps ended with an error
  • File is detected by antivirus software
  • Inspected object has suspicious PE structure
  • Behavior similar to exploiting the vulnerability
  • Task contains an error or was rebooted
  • The process has the malware config

Process information

PIDCMDPathIndicatorsParent process
1796"C:\Program Files\Internet Explorer\iexplore.exe" http://resultados.adilab.com.co/C:\Program Files\Internet Explorer\iexplore.exeexplorer.exe

Information

User:adminCompany:Microsoft CorporationIntegrity Level:MEDIUMDescription:Internet ExplorerExit code:0Version:8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • Next
3400"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1796 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe

Information

User:adminCompany:Microsoft CorporationIntegrity Level:LOWDescription:Internet ExplorerExit code:0Version:8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 10
  • Next

Registry activity

Add for printingTotal events412Read events345Write events65Delete events2

Modification events

(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:0
(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:0
(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:1
(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:1
(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:0
(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:4600000048000000010000000000000000000000000000000000000000000000B096B68868EBD301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000D8BFD602040000000000000000000000000000000000000000000000F4BFD602040000000000000000000000000000000000000000000000D8372A0000000000FFFFFFFF000000000000000000000000010000002E00000000000000000000000000000002000000C0A801640000000000000000D84ED505AC02000005000000010000000000000000000000010000000000000000000000BF060000000000000000000000000000000000001000000088C0D60204000000000000000000000000000000000000000000000000000000C8E40C00000000000C0000000000000000000000
(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{EBD1FB7D-AC67-11E8-ACE5-5254004AAD11}
Value:0
(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:4
(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:10
(PID) Process:(1796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:E207080004001E000F00120012003202
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
10
  • 10
  • 20
  • 30
  • 40
  • 60

Files activity

Add for printingExecutable files0Suspicious files0Text files18Unknown types4

Dropped files

PIDProcessFilenameType
1796iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHUAAB7W\favicon[1].ico
MD5:SHA256:
1796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:SHA256:
3400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XBSSZHSR\laboratorio[1].txt
MD5:SHA256:
3400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MJG226QK\lab_components[1].csstext
MD5:SHA256:
3400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5A31W00O\bootstrap-popover[1].jstext
MD5:SHA256:
3400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XBSSZHSR\camera[1].jstext
MD5:SHA256:
3400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018083020180831\index.datdat
MD5:SHA256:
3400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5A31W00O\bgtop[1].jpgimage
MD5:SHA256:
3400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:SHA256:
3400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:60272CBA5AD84466B761CCB17BC51037SHA256:ED2A144C57AC894562DA29C3ED8DF7A741F5A07E4C053CD366417C3574EC4CAE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
  • Previous
  • 1
  • 2
  • 3
  • Next
10
  • 10
  • 20
  • 30
  • 40
  • 60

Network activity

Add for printingHTTP(S) requests25TCP/UDP connections14DNS requests2Threats0

HTTP requests

PIDProcessMethodHTTP CodeIPURLCNTypeSizeReputation
3400iexplore.exeGET200190.248.150.75:80http://190.248.150.75/laboratorio/themes/laboratorio/css/lab_components.cssCOtext7.32 Kbunknown
1796iexplore.exeGET200192.254.236.192:80http://resultados.adilab.com.co/favicon.icoUSsuspicious
3400iexplore.exeGET301190.248.150.75:80http://190.248.150.75/laboratorioCOhtml242 bunknown
3400iexplore.exeGET200190.248.150.75:80http://190.248.150.75/laboratorio/themes/laboratorio/js/camera.jsCOtext66.7 Kbunknown
3400iexplore.exeGET200190.248.150.75:80http://190.248.150.75/laboratorio/js/jquery-1.7.1.min.jsCOhtml91.6 Kbunknown
3400iexplore.exeGET200190.248.150.75:80http://190.248.150.75/laboratorio/js/bootstrap-popover.jsCOtext2.81 Kbunknown
3400iexplore.exeGET200190.248.150.75:80http://190.248.150.75/laboratorio/themes/laboratorio/images/slides/slide2.png?1535642318375COimage389 Kbunknown
3400iexplore.exeGET200190.248.150.75:80http://190.248.150.75/laboratorio/themes/laboratorio/images/bgtop.jpgCOimage10.4 Kbunknown
3400iexplore.exeGET200190.248.150.75:80http://190.248.150.75/laboratorio/themes/laboratorio/images/menu-spacer.gifCOimage551 bunknown
3400iexplore.exeGET200190.248.150.75:80http://190.248.150.75/laboratorio/themes/laboratorio/js/jquery.easing.1.3.jsCOtext7.91 Kbunknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
  • Previous
  • 1
  • 2
  • 3
  • Next
10
  • 10
  • 20
  • 30
  • 40
  • 60

Connections

PIDProcessIPDomainASNCNReputation
3400iexplore.exe192.254.236.192:80resultados.adilab.com.coUnified LayerUSsuspicious
1796iexplore.exe204.79.197.229:80www.bing.comMicrosoft CorporationUSwhitelisted
3400iexplore.exe190.248.150.75:80EPM Telecomunicaciones S.A. E.S.P.COunknown
1796iexplore.exe192.254.236.192:80resultados.adilab.com.coUnified LayerUSsuspicious

DNS requests

DomainIPReputation
resultados.adilab.com.co
  • 192.254.236.192
suspicious
www.bing.com
  • 204.79.197.229
whitelisted

Threats

No threats detected

Debug output strings

Add for printingNo debug info

Từ khóa » Http://adilab.com.co