URL:

https://onedrive.live.com/download?cid=B6B0DC1F0D7C34C4&resid=B6B0DC1F0D7C34C4!116&authkey=AP47FoJJC14g_3Q

Full analysis: https://app.any.run/tasks/579ae61a-8431-4b79-acc6-a18b512d0985
Verdict: Malicious activity
Analysis date: March 14, 2019, 11:30:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

066372FAD5ACB347307FFC9CD8940CD2

SHA1:

EC5D9FD290CEDB29CD86B42D0194B20CDF2BE18F

SHA256:

08593081966FFBED841516A450A2022767CE472D377A691675954F74A3934A3A

SSDEEP:

3:N8Ck3CTwKblKBhm6mHynVhm6mHtDEkOAp8a0FJ:2CkST/ZKXm6DLm6yDEkvp8Z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • INV 20190314 DOC.exe (PID: 3216)
      • INV 20190314 DOC.exe (PID: 1208)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3968)

    • Starts CMD.EXE for commands execution

      • netsh.exe (PID: 3212)

  • INFO

    • Reads settings of System Certificates

      • chrome.exe (PID: 3012)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 3012)

    • Application launched itself

      • chrome.exe (PID: 3012)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
15
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe chrome.exe no specs inv 20190314 doc.exe no specs chrome.exe no specs chrome.exe no specs netsh.exe no specs cmd.exe no specs inv 20190314 doc.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
252"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=864,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=11BFF5CE3237868FC9DA1CE0606B0AEB --mojo-platform-channel-handle=956 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1208"C:\Users\admin\Desktop\INV 20190314 DOC.exe" C:\Users\admin\Desktop\INV 20190314 DOC.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\inv 20190314 doc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
1384"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=864,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=E8793A64B9090B2219A3625D43AB0E32 --mojo-platform-channel-handle=2404 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1964"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=864,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=7D8FDE0DB6A98FC28158957296CCDD80 --mojo-platform-channel-handle=2368 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2848"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=864,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --service-pipe-token=98A86E6E5CC476BBB1D07F820D7A7F04 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=98A86E6E5CC476BBB1D07F820D7A7F04 --renderer-client-id=4 --mojo-platform-channel-handle=1852 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3000"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3016 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
3012"C:\Program Files\Google\Chrome\Application\chrome.exe" https://onedrive.live.com/download?cid=B6B0DC1F0D7C34C4&resid=B6B0DC1F0D7C34C4!116&authkey=AP47FoJJC14g_3QC:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3212"C:\Windows\System32\netsh.exe"C:\Windows\System32\netsh.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
3216"C:\Users\admin\AppData\Local\Temp\Rar$EXa3968.4717\INV 20190314 DOC.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3968.4717\INV 20190314 DOC.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3968.4717\inv 20190314 doc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3232"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=864,3031516371800422712,2667241742975915268,131072 --enable-features=PasswordImport --service-pipe-token=D98078C2AB2F37394DB98912B6D15B63 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=D98078C2AB2F37394DB98912B6D15B63 --renderer-client-id=3 --mojo-platform-channel-handle=1528 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
1 315
Read events
1 219
Write events
92
Delete events
4

Modification events

(PID) Process:(3012) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3012) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3012) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3000) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:3012-13197036625025000
Value:
259
(PID) Process:(3012) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3012) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3012) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3516-13180984670829101
Value:
0
(PID) Process:(3012) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(3012) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3012-13197036625025000
Value:
259
(PID) Process:(3012) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
1
Suspicious files
16
Text files
66
Unknown types
0

Dropped files

PID
Process
Filename
Type
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7b24d70b-91af-4da9-b195-dea8a7c6f700.tmp
MD5:
SHA256:
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
MD5:
SHA256:
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
MD5:
SHA256:
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
MD5:
SHA256:
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ae566d00-6197-406d-88f6-52545c55f263.tmp
MD5:
SHA256:
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.oldtext
MD5:
SHA256:
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\28ce6b0c-758e-4f61-83d4-475fca5e8c5b.tmp
MD5:
SHA256:
3012chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF20e3cc.TMPtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
11
DNS requests
10
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3012
chrome.exe
172.217.22.99:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3012
chrome.exe
216.58.205.237:443
accounts.google.com
Google Inc.
US
whitelisted
3012
chrome.exe
172.217.23.163:443
www.gstatic.com
Google Inc.
US
whitelisted
3012
chrome.exe
13.107.42.12:443
eijzza.sn.files.1drv.com
Microsoft Corporation
US
suspicious
3012
chrome.exe
172.217.22.78:443
sb-ssl.google.com
Google Inc.
US
whitelisted
3012
chrome.exe
172.217.20.67:443
ssl.gstatic.com
Google Inc.
US
whitelisted
3012
chrome.exe
216.58.208.46:443
clients1.google.com
Google Inc.
US
whitelisted
3012
chrome.exe
172.217.22.46:443
clients2.google.com
Google Inc.
US
whitelisted
3012
chrome.exe
13.107.42.13:443
onedrive.live.com
Microsoft Corporation
US
malicious

DNS requests

Domain
IP
Reputation
onedrive.live.com
  • 13.107.42.13
shared
clientservices.googleapis.com
  • 172.217.22.99
whitelisted
www.gstatic.com
  • 172.217.23.163
whitelisted
accounts.google.com
  • 216.58.205.237
shared
eijzza.sn.files.1drv.com
  • 13.107.42.12
whitelisted
sb-ssl.google.com
  • 172.217.22.78
whitelisted
ssl.gstatic.com
  • 172.217.20.67
whitelisted
clients1.google.com
  • 216.58.208.46
whitelisted
clients2.google.com
  • 172.217.22.46
whitelisted
www.www751789.com
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://onedrive.live.com/download?cid=B6B0DC1F0D7C34C4&resid=B6B0DC1F0D7C34C4!116&authkey=AP47FoJJC14g_3Q