analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://bfhj.cryptoo.live/questions/34827334/triggering-angular2-change-detection-manually

Full analysis: https://app.any.run/tasks/b0023508-0dc1-410e-a915-9fe331ec17b3
Verdict: Malicious activity
Analysis date: July 17, 2019, 15:57:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C706CD6138526271556225B96E8F7EEF

SHA1:

42F6CC6CAC51A0DA4042C49CCD8BA786D4A367EE

SHA256:

149DB8948250A18BB727CCBBE687F99DEF9176FACA44A9863F9B829951922BB2

SSDEEP:

3:N8/skfCMKJAWRafRSyJEwY0t2kE8:2/sdOWESPj0t2u

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3440)
    • Changes internet zones settings

      • iexplore.exe (PID: 3440)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3576)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3440)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3440)
    • Application launched itself

      • firefox.exe (PID: 3184)
      • iexplore.exe (PID: 3440)
    • Creates files in the user directory

      • iexplore.exe (PID: 3576)
      • iexplore.exe (PID: 3440)
      • firefox.exe (PID: 3184)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3576)
    • Reads CPU info

      • firefox.exe (PID: 3184)
    • Manual execution by user

      • firefox.exe (PID: 3184)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
7
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
3440"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3576"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3440 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3184"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
67.0.4
888"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.0.1658843760\1041567156" -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 1156 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
67.0.4
3372"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.3.1889379855\1454786420" -childID 1 -isForBrowser -prefsHandle 1616 -prefMapHandle 1648 -prefsLen 1 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 1612 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
67.0.4
2680"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.13.224628953\628604174" -childID 2 -isForBrowser -prefsHandle 2716 -prefMapHandle 2720 -prefsLen 5842 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 2724 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
67.0.4
2280"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3184.20.377107548\266602593" -childID 3 -isForBrowser -prefsHandle 3208 -prefMapHandle 3408 -prefsLen 6720 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3184 "\\.\pipe\gecko-crash-server-pipe.3184" 3520 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
67.0.4
Total events
607
Read events
544
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
48
Text files
27
Unknown types
41

Dropped files

PID
Process
Filename
Type
3440iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\favicon[1].ico
MD5:
SHA256:
3440iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3440iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].htm
MD5:
SHA256:
3440iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
MD5:
SHA256:
3440iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF3D864D23881A2FC1.TMP
MD5:
SHA256:
3440iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFB77E34ACADF410CD.TMP
MD5:
SHA256:
3440iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@cryptoo[1].txttext
MD5:FAF8547B32A853C496F1BC77882F3A29
SHA256:C7B4828C03E0813FBBF1FAD007855372A2BF71A45B08A349D496D332E6862AFF
3576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:89836F408519179EFDDBA96C3602B67C
SHA256:A6567E37F76221F30FADE00BFF01F50F8A3DD96463E15BB2CA8007D16F0915DB
3576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:B27841FDAD3DF17FCB24A0CB7E004BBE
SHA256:54D447146125289071298CD82F874F45AC3037ACA2BD3718D1B222F293641E61
3440iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF8AC2752573848424.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
23
DNS requests
57
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3184
firefox.exe
POST
200
172.217.21.227:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3184
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3184
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
278 b
whitelisted
3184
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
278 b
whitelisted
3184
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3184
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3440
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
3184
firefox.exe
GET
200
2.16.186.112:80
http://detectportal.firefox.com/success.txt
unknown
text
8 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3576
iexplore.exe
104.24.116.210:443
bfhj.cryptoo.live
Cloudflare Inc
US
shared
3184
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3440
iexplore.exe
104.24.116.210:443
bfhj.cryptoo.live
Cloudflare Inc
US
shared
54.192.202.230:443
snippets.cdn.mozilla.net
Amazon.com, Inc.
US
unknown
172.217.21.227:80
ocsp.pki.goog
Google Inc.
US
whitelisted
104.24.117.210:443
bfhj.cryptoo.live
Cloudflare Inc
US
shared
3440
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3576
iexplore.exe
151.101.1.69:443
cdn.sstatic.net
Fastly
US
suspicious
3184
firefox.exe
2.16.186.112:80
detectportal.firefox.com
Akamai International B.V.
whitelisted
3184
firefox.exe
54.192.202.230:443
snippets.cdn.mozilla.net
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
bfhj.cryptoo.live
  • 104.24.116.210
  • 104.24.117.210
unknown
cdn.sstatic.net
  • 151.101.1.69
  • 151.101.65.69
  • 151.101.129.69
  • 151.101.193.69
whitelisted
detectportal.firefox.com
  • 2.16.186.112
  • 2.16.186.50
whitelisted
a1089.dscd.akamai.net
  • 2.16.186.50
  • 2.16.186.112
whitelisted
location.services.mozilla.com
  • 108.128.247.43
  • 52.50.56.62
  • 52.210.139.31
whitelisted
locprod1-elb-eu-west-1.prod.mozaws.net
  • 52.210.139.31
  • 52.50.56.62
  • 108.128.247.43
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
cs9.wac.phicdn.net
  • 93.184.220.29
whitelisted
push.services.mozilla.com
  • 52.26.52.110
whitelisted

Threats

No threats detected
No debug info