URL: | http://loungebamboise.com/emperor/countdown?.rand=13InboxLight.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn.1774256418&[email protected]&fav.1&fav.1&fid.1&fid.1252899642&fid.4.1252899642&fid=1&fid=4&rand.13InboxLight.aspxn.1774256418 |
Full analysis: | https://app.any.run/tasks/64e20ebe-fa2d-4dd8-9e93-c43b6625f974 |
Verdict: | Malicious activity |
Analysis date: | May 21, 2024, 13:23:23 |
OS: | Ubuntu 22.04.2 |
MD5: | A222F4C5138D1E8022A52BD3632ED242 |
SHA1: | B7E2458B3F48419DE875343AC29DA4E430A899EF |
SHA256: | 173E187B3274B06576A3940EB7C0990023ADAC4ACB3FDC93F545F1D8C6F49008 |
SSDEEP: | 6:CSL2hXJTbd27rWpMWEAd6hUWf/PE6uGSzyAogInUS2TDMhTDMuwSplEn:rcX3UAd6p8vGSzggInUSFw4yn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
6162 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://loungebamboise\.com/emperor/countdown?\.rand=13InboxLight\.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn\.1774256418&email=xyz@lowes\.com&fav\.1&fav\.1&fid\.1&fid\.1252899642&fid\.4\.1252899642&fid=1&fid=4&rand\.13InboxLight\.aspxn\.1774256418 " | /bin/sh | — | any-guest-agent |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
6163 | sudo -iu user google-chrome http://loungebamboise.com/emperor/countdown?.rand=13InboxLight.aspx?n=1774256418 | /usr/bin/sudo | — | sh |
User: user Integrity Level: UNKNOWN | ||||
6164 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://loungebamboise\.com/emperor/countdown?\.rand=13InboxLight\.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn\.1774256418&email=xyz@lowes\.com&fav\.1&fav\.1&fid\.1&fid\.1252899642&fid\.4\.1252899642&fid=1&fid=4&rand\.13InboxLight\.aspxn\.1774256418 " | /usr/bin/dash | — | sh |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
6165 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://loungebamboise\.com/emperor/countdown?\.rand=13InboxLight\.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn\.1774256418&email=xyz@lowes\.com&fav\.1&fav\.1&fid\.1&fid\.1252899642&fid\.4\.1252899642&fid=1&fid=4&rand\.13InboxLight\.aspxn\.1774256418 " | /usr/bin/dash | — | sh |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
6166 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://loungebamboise\.com/emperor/countdown?\.rand=13InboxLight\.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn\.1774256418&email=xyz@lowes\.com&fav\.1&fav\.1&fid\.1&fid\.1252899642&fid\.4\.1252899642&fid=1&fid=4&rand\.13InboxLight\.aspxn\.1774256418 " | /usr/bin/dash | — | sh |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
6167 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://loungebamboise\.com/emperor/countdown?\.rand=13InboxLight\.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn\.1774256418&email=xyz@lowes\.com&fav\.1&fav\.1&fid\.1&fid\.1252899642&fid\.4\.1252899642&fid=1&fid=4&rand\.13InboxLight\.aspxn\.1774256418 " | /usr/bin/dash | — | sh |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
6168 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://loungebamboise\.com/emperor/countdown?\.rand=13InboxLight\.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn\.1774256418&email=xyz@lowes\.com&fav\.1&fav\.1&fid\.1&fid\.1252899642&fid\.4\.1252899642&fid=1&fid=4&rand\.13InboxLight\.aspxn\.1774256418 " | /usr/bin/dash | — | sh |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
6169 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://loungebamboise\.com/emperor/countdown?\.rand=13InboxLight\.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn\.1774256418&email=xyz@lowes\.com&fav\.1&fav\.1&fid\.1&fid\.1252899642&fid\.4\.1252899642&fid=1&fid=4&rand\.13InboxLight\.aspxn\.1774256418 " | /usr/bin/dash | — | sh |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
6170 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://loungebamboise\.com/emperor/countdown?\.rand=13InboxLight\.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn\.1774256418&email=xyz@lowes\.com&fav\.1&fav\.1&fid\.1&fid\.1252899642&fid\.4\.1252899642&fid=1&fid=4&rand\.13InboxLight\.aspxn\.1774256418 " | /usr/bin/dash | — | sh |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
6171 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome http://loungebamboise\.com/emperor/countdown?\.rand=13InboxLight\.aspx?n=1774256418&email=[[-Email-]]?rand=13InboxLightaspxn\.1774256418&email=xyz@lowes\.com&fav\.1&fav\.1&fid\.1&fid\.1252899642&fid\.4\.1252899642&fid=1&fid=4&rand\.13InboxLight\.aspxn\.1774256418 " | /usr/bin/dash | — | sh |
User: user Integrity Level: UNKNOWN Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
6173 | chrome | /proc/6173/fd/63 | — | |
MD5:— | SHA256:— | |||
6173 | chrome | /dev/shm/.com.google.Chrome.BTItdR | — | |
MD5:— | SHA256:— | |||
6173 | chrome | /dev/shm/.com.google.Chrome.BtgFof | — | |
MD5:— | SHA256:— | |||
6173 | chrome | /dev/shm/.com.google.Chrome.JcFVk0 | — | |
MD5:— | SHA256:— | |||
6173 | chrome | /dev/shm/.com.google.Chrome.ov2yHx | — | |
MD5:— | SHA256:— | |||
6173 | chrome | /dev/shm/.com.google.Chrome.1OLM9d | — | |
MD5:— | SHA256:— | |||
6173 | chrome | /dev/shm/.com.google.Chrome.XZFvIQ | — | |
MD5:— | SHA256:— | |||
6173 | chrome | /dev/shm/.com.google.Chrome.qIy3sf | — | |
MD5:— | SHA256:— | |||
6173 | chrome | /home/user/.config/google-chrome/Default/Sync Data/LevelDB/LOG | — | |
MD5:— | SHA256:— | |||
6173 | chrome | /dev/shm/.com.google.Chrome.LTv81h | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
6218 | chrome | GET | — | 62.73.4.47:80 | http://loungebamboise.com/emperor/countdown?.rand=13InboxLight.aspx?n=1774256418 | unknown | — | — | unknown |
6218 | chrome | GET | 200 | 62.73.4.47:80 | http://loungebamboise.com/wp-content/plugins/wp-maintenance/themes/default/css/knacss.css | unknown | — | — | unknown |
6218 | chrome | GET | 503 | 62.73.4.47:80 | http://loungebamboise.com/emperor/countdown?.rand=13InboxLight.aspx?n=1774256418 | unknown | — | — | unknown |
6218 | chrome | GET | 200 | 172.64.149.23:80 | http://crt.comodoca.com/COMODORSAAddTrustCA.crt | unknown | — | — | unknown |
6218 | chrome | GET | 200 | 172.64.149.23:80 | http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt | unknown | — | — | unknown |
6218 | chrome | GET | 200 | 62.73.4.47:80 | http://loungebamboise.com/wp-content/plugins/wp-maintenance/themes/default/css/styles.css | unknown | — | — | unknown |
6218 | chrome | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/naxifdwb6sowtaoaaag2g7zale_447/lmelglejhemejginpboagddgdfbepgmp_447_all_ZZ_acwp6wvglyek6afqzpjutmbxj2oa.crx3 | unknown | — | — | unknown |
6218 | chrome | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/khaoiebndkojlmppeemjhbpbandiljpe/1.1471c6c104c7e11f08fd446f83dcdb396b1fef335f4e3c744007c2272064f538/1.ffc78b3f99d65a2208200388e821bd089e9a486c624a671e045e4bcc378380b8/611d82cdcb0f432f1b6fc30fdf78a14b963b2959b93564efaa1cc91eb5df6813.puff | unknown | — | — | unknown |
6218 | chrome | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acjwuvcots57g4clrriiyhq4prla_2024.5.20.0/niikhdgajlphfehepabhhblakbdgeefj_2024.05.20.00_all_actufqpb57yzlb6ark5j7to5sg5q.crx3 | unknown | — | — | unknown |
6218 | chrome | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adwf5kywp7h6uj6cmkt7uqsll2eq_20240404.625479014.14/obedbbhbpmojnkanicioggnmelmoomoc_20240404.625479014.14_all_ENGB500000_incvymraubxlb6ke6cnqmodupm.crx3 | unknown | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
470 | avahi-daemon | 224.0.0.251:5353 | — | — | — | unknown |
6173 | chrome | 239.255.255.250:1900 | — | — | — | unknown |
6218 | chrome | 172.217.18.3:443 | clientservices.googleapis.com | GOOGLE | US | whitelisted |
6218 | chrome | 108.177.15.84:443 | accounts.google.com | GOOGLE | US | unknown |
6218 | chrome | 62.73.4.47:80 | loungebamboise.com | COGENT-174 | FR | unknown |
6218 | chrome | 62.73.4.47:443 | loungebamboise.com | COGENT-174 | FR | unknown |
6218 | chrome | 172.64.149.23:80 | crt.comodoca.com | CLOUDFLARENET | US | unknown |
6218 | chrome | 142.250.185.196:443 | www.google.com | — | — | whitelisted |
6218 | chrome | 142.250.186.106:443 | fonts.googleapis.com | GOOGLE | US | whitelisted |
6218 | chrome | 172.217.18.99:443 | update.googleapis.com | GOOGLE | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
loungebamboise.com |
| unknown |
crt.comodoca.com |
| whitelisted |
crt.comodoca.com.cdn.cloudflare.net |
| unknown |
12.100.168.192.in-addr.arpa |
| unknown |
www.google.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
update.googleapis.com |
| unknown |
optimizationguide-pa.googleapis.com |
| whitelisted |