analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://techero.net

Full analysis: https://app.any.run/tasks/166ba08d-fdea-44cd-855f-32d31d2c6270
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: December 02, 2019, 20:51:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
Indicators:
MD5:

1F818DF22CC442B40A07B831ECEFFEB4

SHA1:

C62EF9B065C94702A92AD8146F1FD786CF8BB630

SHA256:

0EF899B9F31EF9E8491E8E37D5FDAEC8ADE351A542F4634249A2013A7933F3E3

SSDEEP:

3:N1KKALX5:CKGp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2508)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 2508)
      • chrome.exe (PID: 1856)

    • Changes settings of System certificates

      • chrome.exe (PID: 1856)

    • Application launched itself

      • chrome.exe (PID: 2508)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
34
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2508"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://techero.net"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3248"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ed2a9d0,0x6ed2a9e0,0x6ed2a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2064"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2416 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1016"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=988,2362764329789182552,18086670521994703777,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8920222669907726995 --mojo-platform-channel-handle=1000 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
1856"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=988,2362764329789182552,18086670521994703777,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=6244345328511416160 --mojo-platform-channel-handle=1504 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2096"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,2362764329789182552,18086670521994703777,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3722436061618304446 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3016"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,2362764329789182552,18086670521994703777,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1570698782979277611 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
1940"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,2362764329789182552,18086670521994703777,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10916542236007394098 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
1036"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,2362764329789182552,18086670521994703777,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2947067494972331415 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3172"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=988,2362764329789182552,18086670521994703777,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6121781514771872547 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
606
Read events
519
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
128
Text files
256
Unknown types
14

Dropped files

PID
Process
Filename
Type
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
MD5:
SHA256:
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF39a998.TMP
MD5:
SHA256:
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\77c19c35-e3f6-4c47-8b46-ba4b6ebdb726.tmp
MD5:
SHA256:
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
MD5:
SHA256:
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF39a9c7.TMPtext
MD5:213AE3DA120D7862D60B5763B6C9D466
SHA256:5736534D6EE654C1BF1A8E79E73330AF58F622E8657285330D2C7189A55604F4
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:213AE3DA120D7862D60B5763B6C9D466
SHA256:5736534D6EE654C1BF1A8E79E73330AF58F622E8657285330D2C7189A55604F4
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF39aae0.TMPtext
MD5:454106CCF080F3E3795C229FC73350D4
SHA256:9974DC611BE9E20BDFA7B8D939CB913AD23859DEA5F52EBB8D10CEAD9AB5B4FA
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF39aa06.TMPtext
MD5:A519780ED0A2F4336DB4F5651D79C369
SHA256:DA5B71BD0075B55757BF757BF5F4D4A1DCBCF0762CDA5B31B28680963E068C75
2508chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:DC32343F45B01764B6267AD36548102A
SHA256:A250F5AD57D4BD58AAE92810D50278E3BE2DBF869F126A3A3519691BCDFC2075
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
127
TCP/UDP connections
170
DNS requests
85
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1856
chrome.exe
GET
200
94.130.8.219:80
http://techero.net/wp-content/plugins/easy-digital-downloads/templates/edd.min.css?ver=2.4.2
DE
text
17.9 Kb
whitelisted
1856
chrome.exe
GET
200
172.217.16.170:80
http://fonts.googleapis.com/css?family=Rajdhani:200,300,400,500,600,700&subset=latin,latin-ext
US
text
586 b
whitelisted
1856
chrome.exe
GET
200
94.130.8.219:80
http://techero.net/wp-content/themes/goodlife-wp/assets/css/app.css?ver=4249
DE
text
159 Kb
whitelisted
1856
chrome.exe
GET
200
172.217.16.170:80
http://fonts.googleapis.com/css?family=Montserrat%3A400&ver=4.5.19
US
text
489 b
whitelisted
1856
chrome.exe
GET
200
94.130.8.219:80
http://techero.net/wp-content/plugins/quickiebar/public/style/qb.css?ver=1.7.0
DE
text
13.2 Kb
whitelisted
1856
chrome.exe
GET
200
172.217.16.170:80
http://fonts.googleapis.com/css?family=Roboto+Slab%3A400&ver=4.5.19
US
text
521 b
whitelisted
1856
chrome.exe
GET
200
94.130.8.219:80
http://techero.net/
DE
html
18.9 Kb
whitelisted
1856
chrome.exe
GET
200
94.130.8.219:80
http://techero.net/wp-content/themes/goodlife-wp/style.css
DE
html
1.30 Kb
whitelisted
1856
chrome.exe
GET
200
94.130.8.219:80
http://techero.net//wp-content/plugins/themehelper/assets/slick.css?rand=103&ver=4.5.19
DE
text
2.91 Kb
whitelisted
1856
chrome.exe
GET
200
94.130.8.219:80
http://techero.net/wp-content/themes/goodlife-wp-child/style.css
DE
html
548 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1856
chrome.exe
216.58.207.35:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
1856
chrome.exe
172.217.16.170:80
fonts.googleapis.com
Google Inc.
US
whitelisted
1856
chrome.exe
209.197.3.15:80
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
1856
chrome.exe
94.130.8.219:80
techero.net
Hetzner Online GmbH
DE
unknown
1856
chrome.exe
94.130.8.219:443
techero.net
Hetzner Online GmbH
DE
unknown
1856
chrome.exe
172.217.23.109:443
accounts.google.com
Google Inc.
US
suspicious
1856
chrome.exe
172.217.18.100:443
www.google.com
Google Inc.
US
whitelisted
1856
chrome.exe
216.58.210.3:80
fonts.gstatic.com
Google Inc.
US
whitelisted
1856
chrome.exe
172.217.22.106:443
translate.googleapis.com
Google Inc.
US
whitelisted
138.201.253.2:80
urlvalidation.com
Hetzner Online GmbH
DE
malicious

DNS requests

Domain
IP
Reputation
techero.net
  • 94.130.8.219
whitelisted
clientservices.googleapis.com
  • 216.58.207.35
whitelisted
accounts.google.com
  • 172.217.23.109
shared
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
fonts.googleapis.com
  • 172.217.16.170
whitelisted
0.gravatar.com
  • 192.0.73.2
whitelisted
1.gravatar.com
  • 192.0.73.2
whitelisted
2.gravatar.com
  • 192.0.73.2
whitelisted
fonts.gstatic.com
  • 216.58.210.3
whitelisted
www.google.com
  • 172.217.18.100
whitelisted

Threats

PID
Process
Class
Message
A Network Trojan was detected
ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://techero.net