Malware analysis https://www.vccgenerator.org/ Malicious activity

Add for printing

URL:	https://www.vccgenerator.org/
Full analysis:	https://app.any.run/tasks/354fcf55-7138-4879-9b4a-4bde4203fe4c
Verdict:	Malicious activity
Analysis date:	June 09, 2024, 08:48:41
OS:	Ubuntu 22.04.2
MD5:	77669B7A448D9A5F183F7A19EAD2492A
SHA1:	1086619F8075597EC0E812882A87B273F0489317
SHA256:	0862B13752FAA123C71C45F99E7B74A786F69EB454EE14B693A32C3F0F9D9BC9
SSDEEP:	3:N8DSLK1UDJn:2OLK1oJn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
- Dropped object may contain TOR URL's
  - chrome (PID: 12485)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

323

Monitored processes

109

Malicious processes

1

Suspicious processes

1

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
12438	/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome https://www\.vccgenerator\.org/ "	/bin/sh	—	any-guest-agent
User: root Integrity Level: UNKNOWN
12439	sudo -iu user google-chrome https://www.vccgenerator.org/	/usr/bin/sudo	—	sh
User: root Integrity Level: UNKNOWN
12440	/usr/bin/google-chrome https://www.vccgenerator.org/	/opt/google/chrome/chrome		sudo
User: user Integrity Level: UNKNOWN
12441	/usr/bin/locale-check C.UTF-8	/usr/bin/locale-check	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
12442	readlink -f /usr/bin/google-chrome	/usr/bin/readlink	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
12443	dirname /opt/google/chrome/google-chrome	/usr/bin/dirname	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
12444	mkdir -p /home/user/.local/share/applications	/usr/bin/mkdir	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
12445	cat	/usr/bin/cat	—	chrome
User: user Integrity Level: UNKNOWN
12446	cat	/usr/bin/cat	—	chrome
User: user Integrity Level: UNKNOWN
12447		/opt/google/chrome/chrome	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0

Add for printing

Executable files

5

Suspicious files

639

Text files

17

Unknown types

7

Dropped files

PID	Process	Filename		Type
12440	chrome	/home/user/.config/google-chrome/ShaderCache/data_3		vxd
		MD5:—	SHA256:—
12440	chrome	/home/user/.config/google-chrome/ShaderCache/data_2		binary
		MD5:—	SHA256:—
12440	chrome	/home/user/.config/google-chrome/ShaderCache/data_0		binary
		MD5:—	SHA256:—
12440	chrome	/home/user/.config/google-chrome/Default/GPUCache/data_3		vxd
		MD5:—	SHA256:—
12440	chrome	/home/user/.config/google-chrome/Default/GPUCache/data_2		vxd
		MD5:—	SHA256:—
12440	chrome	/home/user/.config/google-chrome/Default/GPUCache/data_0		vxd
		MD5:—	SHA256:—
12440	chrome	/home/user/.config/google-chrome/Default/DawnCache/data_3		vxd
		MD5:—	SHA256:—
12440	chrome	/home/user/.config/google-chrome/Default/DawnCache/data_2		vxd
		MD5:—	SHA256:—
12440	chrome	/home/user/.config/google-chrome/Default/DawnCache/data_0		vxd
		MD5:—	SHA256:—
12485	chrome	/home/user/.cache/google-chrome/Default/Cache/Cache_Data/257b9ada9582cd59_0		binary
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

25

TCP/UDP connections

214

DNS requests

222

Threats

0

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
12485	chrome	GET	403	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/niikhdgajlphfehepabhhblakbdgeefj/1.1d3507e3ef693d1022c6ddaf2b066e4439c3e3273982d4ae610c3951513e2819/1.1dbb3990e16ba546e7367ef84c38441173fbb5a7b570bb9b183d3b6faaeb622d/bde7417f0bde255f9a31ee96bcceff6efe7bad65232cfc924f2665e96909484b.puff	unknown	—	—	—
12485	chrome	GET	200	142.250.186.174:80	http://dl.google.com/release2/chrome_component/ad2bidus77w3x3prd76g55xatd6q_2024.6.7.0/niikhdgajlphfehepabhhblakbdgeefj_2024.06.07.00_all_adleex4n4dwp5jacav3b4gwnod5q.crx3	unknown	—	—	—
12485	chrome	GET	403	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad2bidus77w3x3prd76g55xatd6q_2024.6.7.0/niikhdgajlphfehepabhhblakbdgeefj_2024.06.07.00_all_adleex4n4dwp5jacav3b4gwnod5q.crx3	unknown	—	—	—
12485	chrome	GET	403	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/pfgvfacofok2uoqcmtmdo2tggy_2024.6.5.1/kiabhabjdbkjdpjbpigfodbdjmbglcoo_2024.06.05.01_all_gjrm5mq25a4qkvnih3unlcdfhq.crx3	unknown	—	—	—
12485	chrome	GET	403	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/kiabhabjdbkjdpjbpigfodbdjmbglcoo/1.9e8b5281e830ef98473ebe00b121ecdad269c9dec6a305cdffc18f8df0f2aa17/1.153e9301be7e862a33e2cab936a0a97e2f8bdf2dae1be516d6fe8a5f184ce028/3865325347bda7f565702e2ccfb3e95df4655ae831a6c8f84fd358a3b01270f7.puff	unknown	—	—	—
12485	chrome	GET	200	142.250.186.174:80	http://dl.google.com/release2/chrome_component/jxqgeyodl2wb4o4hxkzt62egnm_20240429.634529504.14/obedbbhbpmojnkanicioggnmelmoomoc_20240429.634529504.14_all_ENGB500000_drh7pqj4o7a7karn7sdqrnqyte.crx3	unknown	—	—	—
12485	chrome	GET	200	142.250.186.174:80	http://dl.google.com/release2/chrome_component/pfgvfacofok2uoqcmtmdo2tggy_2024.6.5.1/kiabhabjdbkjdpjbpigfodbdjmbglcoo_2024.06.05.01_all_gjrm5mq25a4qkvnih3unlcdfhq.crx3	unknown	—	—	—
12485	chrome	GET	403	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/efniojlnjndmcbiieegkicadnoecjjef/1.c5a4836b63b63c1d68339aa301781096c97ea3f383d04cd6831851de88a4294f/1.ff0e88cc4f10c87e09be229b861a5ce2909b22d830b3634c51e29b150342eee0/9f8fd74d8ec762e298cc55ecd0464ec91a90e868c7f3405c77b62dbb5bcfbb40.puff	unknown	—	—	—
12485	chrome	GET	403	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/lveb6u7cbw7hz7pqulalwrmmwy_980/efniojlnjndmcbiieegkicadnoecjjef_980_all_bikv2q6qdcdfnqijhhb3ydcvqi.crx3	unknown	—	—	—
12485	chrome	GET	403	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/jxqgeyodl2wb4o4hxkzt62egnm_20240429.634529504.14/obedbbhbpmojnkanicioggnmelmoomoc_20240429.634529504.14_all_ENGB500000_drh7pqj4o7a7karn7sdqrnqyte.crx3	unknown	—	—	—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	91.189.91.48:80	—	Canonical Group Limited	US	unknown
12440	chrome	224.0.0.251:5353	—	—	—	unknown
12485	chrome	142.250.27.84:443	accounts.google.com	—	—	unknown
12440	chrome	239.255.255.250:1900	—	—	—	unknown
12485	chrome	142.250.185.131:443	clientservices.googleapis.com	GOOGLE	US	unknown
12485	chrome	172.217.16.202:443	safebrowsingohttpgateway.googleapis.com	GOOGLE	US	unknown
12485	chrome	104.26.11.200:443	www.vccgenerator.org	CLOUDFLARENET	US	unknown
12485	chrome	216.58.206.35:443	update.googleapis.com	—	—	unknown
12485	chrome	142.250.185.196:443	www.google.com	—	—	unknown
12485	chrome	142.250.185.138:443	optimizationguide-pa.googleapis.com	—	—	unknown

DNS requests

Domain	IP	Reputation
clientservices.googleapis.com	142.250.185.131	unknown
accounts.google.com	142.250.27.84	unknown
www.vccgenerator.org	104.26.11.200	unknown
safebrowsingohttpgateway.googleapis.com	172.217.16.202	unknown
28.100.168.192.in-addr.arpa	—	unknown
www.google.com	142.250.185.196	unknown
update.googleapis.com	216.58.206.35	unknown
optimizationguide-pa.googleapis.com	142.250.185.138	unknown
connectivity-check.ubuntu.com	2620:2d:4002:1::196	unknown
www.gstatic.com	142.250.186.163	unknown

Threats

No threats detected

Add for printing

No debug info

General Info

https://www.vccgenerator.org/

77669B7A448D9A5F183F7A19EAD2492A

1086619F8075597EC0E812882A87B273F0489317

0862B13752FAA123C71C45F99E7B74A786F69EB454EE14B693A32C3F0F9D9BC9

3:N8DSLK1UDJn:2OLK1oJn

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Dropped object may contain TOR URL's

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings