analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://u7648241.ct.sendgrid.net/wf/click?upn=v1QaHNLJl3TPZtsp3DZYw9ddW3dLnxH3YrK2BmknPWzmLaFkjF9ygdfpSsWOufjPopsRcU0bqp4XD7G1gZtuYQ-3D-3D_Umzh8971vhGbDHjh3kZT5fPLh2l7Vf023dq7xRDh40kWZ-2F7-2F73X0VXyuO-2BzgcQWZc41TBHjjYHgQd7wSjiKMbgO4wF7BiyepUXawGxbSYSI25LMrQbyicsdnWiiQ-2BFx-2FLmcSid-2BCF5VS6qVuk9cztgGef795t-2BfXqoVROenzwSgtmXV6qz24eHi7MFp71jePuk4ci3rbG6EQz2z02JbAxQ-3D-3D

Full analysis: https://app.any.run/tasks/9cd43fd8-c327-49d0-9896-9a5ca78302be
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Analysis date: January 22, 2019, 17:03:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
Indicators:
MD5:

531372BAD8DBFC7201D703C5B7C9CBF3

SHA1:

0DB4308DAC3AF2DE5F7AFEE9EF64A26EB5CD25F4

SHA256:

1604BD8E02157F1B28B06D79EF93D874203016FDFDE5DCA5D80570FA45B8BF88

SSDEEP:

6:25TSDSvrUkfDTT8MQDTlOwibR1xcrCcp2VgfVnhHPIGmXUBTUzPKVj8xHVSUzXgD:25eDSwkfDXZQDThKR1iZNZHBYzPKJ4Ho

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Dropped object may contain Bitcoin addresses

      • chrome.exe (PID: 2860)
    • Application launched itself

      • chrome.exe (PID: 2860)
    • Creates files in the user directory

      • chrome.exe (PID: 2860)
    • Reads Internet Cache Settings

      • chrome.exe (PID: 2860)
    • Reads settings of System Certificates

      • chrome.exe (PID: 2860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
10
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2860"C:\Program Files\Google\Chrome\Application\chrome.exe" https://u7648241.ct.sendgrid.net/wf/click?upn=v1QaHNLJl3TPZtsp3DZYw9ddW3dLnxH3YrK2BmknPWzmLaFkjF9ygdfpSsWOufjPopsRcU0bqp4XD7G1gZtuYQ-3D-3D_Umzh8971vhGbDHjh3kZT5fPLh2l7Vf023dq7xRDh40kWZ-2F7-2F73X0VXyuO-2BzgcQWZc41TBHjjYHgQd7wSjiKMbgO4wF7BiyepUXawGxbSYSI25LMrQbyicsdnWiiQ-2BFx-2FLmcSid-2BCF5VS6qVuk9cztgGef795t-2BfXqoVROenzwSgtmXV6qz24eHi7MFp71jePuk4ci3rbG6EQz2z02JbAxQ-3D-3DC:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
68.0.3440.106
3608"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f6000b0,0x6f6000c0,0x6f6000ccC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
68.0.3440.106
2844"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2864 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
68.0.3440.106
3984"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=976,9987952195804178757,15423214775214894844,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=D3D797FED02E1B8EA035C7D742481B03 --mojo-platform-channel-handle=996 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Version:
68.0.3440.106
2440"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,9987952195804178757,15423214775214894844,131072 --enable-features=PasswordImport --service-pipe-token=DC9C3EDD48FAE28DBEF7029386D5F84E --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=DC9C3EDD48FAE28DBEF7029386D5F84E --renderer-client-id=4 --mojo-platform-channel-handle=1888 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Version:
68.0.3440.106
3348"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,9987952195804178757,15423214775214894844,131072 --enable-features=PasswordImport --service-pipe-token=20778272A85FBDCBA19F728EF5F99BB3 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=20778272A85FBDCBA19F728EF5F99BB3 --renderer-client-id=3 --mojo-platform-channel-handle=1536 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
2372"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=976,9987952195804178757,15423214775214894844,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=E8958692A7CE28A99E8EE5623AC26469 --mojo-platform-channel-handle=3780 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
3648"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,9987952195804178757,15423214775214894844,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=CA10A70B5591AE5603160A53D337C3EA --mojo-platform-channel-handle=764 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
2768"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,9987952195804178757,15423214775214894844,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2D8A6DF130C3CE217004D30F892C00AC --mojo-platform-channel-handle=512 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
3876"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,9987952195804178757,15423214775214894844,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=FA5FEEB21CF2F0FBA6C4FD729E7D5AB8 --mojo-platform-channel-handle=2444 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Total events
553
Read events
481
Write events
68
Delete events
4

Modification events

(PID) Process:(2860) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2860) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2860) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2860) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:Key:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2860-13192650250603875
Value:
259
(PID) Process:(2860) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2860) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3516-13180984670829101
Value:
0
(PID) Process:(2860) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(2860) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:2860-13192650250603875
Value:
259
(PID) Process:(2860) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
0
Suspicious files
10
Text files
64
Unknown types
0

Dropped files

PID
Process
Filename
Type
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
MD5:
SHA256:
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\eb67f858-4fe4-45c5-99ad-6a67fa8d89b3.tmp
MD5:
SHA256:
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
MD5:
SHA256:
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
MD5:
SHA256:
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\93856444-7bc7-46d5-9e09-4b21ffbee028.tmp
MD5:
SHA256:
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF198a35.TMPtext
MD5:92BE6B127E72365885AD4C3FB6534EE2
SHA256:54302A2573ACC775720E7DB0AD85873276713302B4F72596A8DCC44B01C70E51
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:92BE6B127E72365885AD4C3FB6534EE2
SHA256:54302A2573ACC775720E7DB0AD85873276713302B4F72596A8DCC44B01C70E51
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF198e8a.TMPbinary
MD5:95D4FA892F1C29598E05F127EF383F28
SHA256:27C4164F5906294C0FD3C13B15A21EA4E21F6988F499299B4E1958ECCC1D89F2
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.oldtext
MD5:1AA66EFDB743FB0A8DCC1CD79B0B6542
SHA256:28D56532CCED7375A2A1C7731E57C1A1C2EC1AC9827F3E5BEEE7F8069A5F87DD
2860chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF198a64.TMPtext
MD5:1AA66EFDB743FB0A8DCC1CD79B0B6542
SHA256:28D56532CCED7375A2A1C7731E57C1A1C2EC1AC9827F3E5BEEE7F8069A5F87DD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
10
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2860
chrome.exe
GET
301
185.165.29.27:80
http://distinctiveblog.ir/Amazon/En/Orders-details/01_19
IR
html
265 b
malicious
2860
chrome.exe
GET
200
185.165.29.27:80
http://distinctiveblog.ir/Amazon/En/Orders-details/01_19/
IR
xml
59.5 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2860
chrome.exe
185.165.29.27:80
distinctiveblog.ir
Sc Ad Net Market Media Srl
IR
malicious
2860
chrome.exe
172.217.16.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2860
chrome.exe
172.217.17.46:443
clients2.google.com
Google Inc.
US
whitelisted
2860
chrome.exe
172.217.16.142:443
clients1.google.com
Google Inc.
US
whitelisted
2860
chrome.exe
172.217.22.99:443
www.gstatic.com
Google Inc.
US
whitelisted
2860
chrome.exe
167.89.115.54:443
u7648241.ct.sendgrid.net
SendGrid, Inc.
US
suspicious
2860
chrome.exe
172.217.16.173:443
accounts.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.16.195
whitelisted
u7648241.ct.sendgrid.net
  • 167.89.115.54
  • 167.89.118.35
suspicious
www.gstatic.com
  • 172.217.22.99
whitelisted
accounts.google.com
  • 172.217.16.173
shared
distinctiveblog.ir
  • 185.165.29.27
malicious
ssl.gstatic.com
  • 172.217.22.99
whitelisted
clients2.google.com
  • 172.217.17.46
whitelisted
clients1.google.com
  • 172.217.16.142
whitelisted

Threats

PID
Process
Class
Message
2860
chrome.exe
A Network Trojan was detected
ET TROJAN Possible malicious Office doc hidden in XML file
No debug info