analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.softonic.com/

Full analysis: https://app.any.run/tasks/df1847ff-df32-4b61-bcb3-fc4f90b37a98
Verdict: Malicious activity
Analysis date: November 08, 2019, 17:03:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

B3378599D16CAF5D80E70A3CA323BABB

SHA1:

F0318DDBB903FED70A62C044D525435BEF8B150C

SHA256:

1A0A3E2ADC4A15F923D906C418DAC67B408854E81D3BDE3A1991783E0A7298B2

SSDEEP:

3:N8DSLgHLGK3:2OLILGK3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 952)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2868)
      • chrome.exe (PID: 1796)

    • Changes internet zones settings

      • iexplore.exe (PID: 2868)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1400)

    • Creates files in the user directory

      • iexplore.exe (PID: 1400)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 952)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1400)

    • Manual execution by user

      • chrome.exe (PID: 1796)

    • Reads the hosts file

      • chrome.exe (PID: 1796)
      • chrome.exe (PID: 3260)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
65
Monitored processes
30
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs flashutil32_26_0_0_131_activex.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2868"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1400"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2868 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1796"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2952"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6feda9d0,0x6feda9e0,0x6feda9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
388"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1600 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
820"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=992,1066570258300369427,13961808965767104265,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=16953037987987607287 --mojo-platform-channel-handle=1004 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3260"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=992,1066570258300369427,13961808965767104265,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=16544170494905752748 --mojo-platform-channel-handle=1628 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
776"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,1066570258300369427,13961808965767104265,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=664298786261865731 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2124"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,1066570258300369427,13961808965767104265,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1812849809388273105 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3372"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,1066570258300369427,13961808965767104265,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1861965698129579905 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
Total events
583
Read events
470
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
16
Text files
268
Unknown types
12

Dropped files

PID
Process
Filename
Type
2868iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2868iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9GRO70L\nl_softonic_com[1].txt
MD5:
SHA256:
1400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:3A7E64F7066B1E339978F5A379E5B0B6
SHA256:D570299C01E0C646CB6E5A6EEBA81F03A0FA4793F21EB49F5E425FB4D61826FE
1400iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:1313CEDAB4B10DE7B111221AD8C851B0
SHA256:3D63BCDF569B880F7F7BCBAD9BD0332A87EE7BF5EA01E69562030C6363C099AF
1400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9GRO70L\polyfill.min[1].jss
MD5:E79CAAA2B2494A39DF8B84D1630692FD
SHA256:10637BE87425784E036635FEB9D136FD43F40E232E62221CB8E7AF9536733790
1400iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@softonic[1].txttext
MD5:7070BA4E9866D0BE0666127494A1878E
SHA256:2FDA34E8B01811B85D9204DED8E985CEB5D4BDF9F418E6C912C6B1FC68C95E7F
1796chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:C4D6CBB269C626168A5D6D0D8CCE6C30
SHA256:B62CDBB758278A0C2E50593357390119441D8DE09428EB29027F3DFD1332E348
1796chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF3a4675.TMPtext
MD5:DC32343F45B01764B6267AD36548102A
SHA256:A250F5AD57D4BD58AAE92810D50278E3BE2DBF869F126A3A3519691BCDFC2075
1400iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9GRO70L\nl_softonic_com[1].htmhtml
MD5:D693FF45ECB0B28DF8D3633D1276307D
SHA256:56649FE37D498D57844AF8563EA6281E1FEBE3EDC0EA12AB90F827FCDCB483D4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
67
DNS requests
32
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3260
chrome.exe
GET
200
74.125.8.167:80
http://r1---sn-5hne6nlk.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mip=212.32.229.66&mm=28&mn=sn-5hne6nlk&ms=nvh&mt=1573232025&mv=u&mvi=0&pl=22&shardbypass=yes
US
crx
293 Kb
whitelisted
3260
chrome.exe
GET
302
172.217.18.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
509 b
whitelisted
3260
chrome.exe
GET
302
172.217.18.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
514 b
whitelisted
3260
chrome.exe
GET
200
209.85.226.73:80
http://r4---sn-5hnekn7k.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=212.32.229.66&mm=28&mn=sn-5hnekn7k&ms=nvh&mt=1573232025&mv=u&mvi=3&pl=22&shardbypass=yes
US
crx
862 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2868
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
216.58.210.2:443
www.googletagservices.com
Google Inc.
US
whitelisted
151.101.2.133:443
sc.sftcdn.net
Fastly
US
malicious
151.101.2.109:443
cdn.polyfill.io
Fastly
US
suspicious
1400
iexplore.exe
35.244.172.133:443
www.softonic.com
US
malicious
1400
iexplore.exe
151.101.2.133:443
sc.sftcdn.net
Fastly
US
malicious
1400
iexplore.exe
216.58.208.34:443
securepubads.g.doubleclick.net
Google Inc.
US
whitelisted
3260
chrome.exe
172.217.22.67:443
www.google.com.ua
Google Inc.
US
whitelisted
3260
chrome.exe
216.58.210.14:443
clients2.google.com
Google Inc.
US
whitelisted
1400
iexplore.exe
151.101.66.133:443
sc.sftcdn.net
Fastly
US
suspicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.softonic.com
  • 35.244.172.133
malicious
nl.softonic.com
  • 35.244.172.133
malicious
sc.sftcdn.net
  • 151.101.2.133
  • 151.101.66.133
  • 151.101.130.133
  • 151.101.194.133
whitelisted
cdn.polyfill.io
  • 151.101.2.109
  • 151.101.66.109
  • 151.101.130.109
  • 151.101.194.109
whitelisted
www.googletagservices.com
  • 216.58.210.2
whitelisted
adservice.google.nl
  • 172.217.16.130
whitelisted
adservice.google.com
  • 172.217.16.130
whitelisted
securepubads.g.doubleclick.net
  • 216.58.208.34
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.softonic.com/