analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

1802676248

Full analysis: https://app.any.run/tasks/83909d25-2884-4ac3-a2aa-778bbcd6b73f
Verdict: Malicious activity
Analysis date: May 29, 2020, 22:21:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

6D70E4D5D35DAF31AFF35B05C8224D23

SHA1:

91C0A4667AD6D37917B99B2DBFE02A2A3E237A34

SHA256:

2F203FB79B9000AC67D04FD81454D6EB2D65DB44797AEA72F96BBE9DA76CEF0A

SSDEEP:

6144:GploksBc4ftl8wx+Ac6i1gQeX2XKgTk2q:7l8wx+Ac6i1gQemPk2q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 328)

    • Application launched itself

      • iexplore.exe (PID: 328)
      • chrome.exe (PID: 2060)

    • Changes internet zones settings

      • iexplore.exe (PID: 328)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1752)

    • Manual execution by user

      • chrome.exe (PID: 2060)

    • Reads the hosts file

      • chrome.exe (PID: 2060)
      • chrome.exe (PID: 2196)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2196)
      • iexplore.exe (PID: 1752)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1752)

    • Changes settings of System certificates

      • iexplore.exe (PID: 1752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

Title: Buy it now - Zoom
HTTPEquivXUACompatible: IE=edge,Chrome=1
ContentType: text/html; charset=utf-8
viewport: width=device-width, initial-scale=1, minimum-scale=1.0
googleSiteVerification: 0fZHb1ni-k_iNiYVnomwmnY9ITBunxqU8VC49mHDNxc
Keywords: zoom, zoom.us, video conferencing, video conference, online meetings, web meeting, video meeting, cloud meeting, cloud video, group video call, group video chat, screen share, application share, mobility, mobile collaboration, desktop share, video collaboration, group messaging
Description: Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Zoom is a publicly traded company headquartered in San Jose, CA.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
14
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
328"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\1802676248.htmC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1752"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:328 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2060"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2772"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6e84a9d0,0x6e84a9e0,0x6e84a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1812"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2072 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2016"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1060,463081409576986988,4021708524410220491,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=11504433414916373410 --mojo-platform-channel-handle=1016 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2196"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1060,463081409576986988,4021708524410220491,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=7091578378527482813 --mojo-platform-channel-handle=1648 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3956"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,463081409576986988,4021708524410220491,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1682214998346579621 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2100"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,463081409576986988,4021708524410220491,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15122488904179161572 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2052"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,463081409576986988,4021708524410220491,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5140972678138599269 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
10 714
Read events
2 289
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
5
Text files
57
Unknown types
0

Dropped files

PID
Process
Filename
Type
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5ED18AE7-80C.pma
MD5:
SHA256:
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp
MD5:
SHA256:
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\db8b9de8-65ad-4582-803a-cdd60240ac82.tmp
MD5:
SHA256:
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:DA692BE42E4EF2668AE7499A7D5DA720
SHA256:EB865CAF59002C092F5FDBE22D01935866BC1277108B29E897052CB2439630ED
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RFa74d1.TMPtext
MD5:F69C20D5B552B8D973FB1CBA5FDD7D87
SHA256:48799968D50E2D74E625A0AB18E93C6792AF20010334C6BB4E935C8D26F7026A
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:33B05E8AC9C178C58ED3321F496588C0
SHA256:2CDF6A09638A0B563EA2672D6926210771902E0A9203FE15D2857FC4EB954CDE
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RFa74e1.TMPtext
MD5:33B05E8AC9C178C58ED3321F496588C0
SHA256:2CDF6A09638A0B563EA2672D6926210771902E0A9203FE15D2857FC4EB954CDE
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFa74e1.TMPtext
MD5:DA692BE42E4EF2668AE7499A7D5DA720
SHA256:EB865CAF59002C092F5FDBE22D01935866BC1277108B29E897052CB2439630ED
2060chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RFa757d.TMPtext
MD5:AC43135B8C9FED46A92448C4E711F45C
SHA256:D840BA7CEBACF86DDBAD75BFB61A53449AA7AE3DE6B8ADC97FE45624626A6F09
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
44
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2196
chrome.exe
GET
204
172.217.16.131:80
http://www.gstatic.com/generate_204
US
whitelisted
2196
chrome.exe
GET
301
52.21.178.134:80
http://click.zoom.us/e/84442/ToPro-utm-campaign-zoomcares20/blgh63/1802676248?h=4_SjdZe6fY-Hmh_e9qxz5lGXKy5PoZgkgA47rvrHs9o
US
html
252 b
whitelisted
328
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2196
chrome.exe
172.217.21.227:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
1752
iexplore.exe
104.111.218.50:443
sealserver.trustwave.com
Akamai International B.V.
NL
unknown
1752
iexplore.exe
13.35.253.153:443
d24cgw3uvb9a9h.cloudfront.net
US
unknown
2196
chrome.exe
172.217.16.173:443
accounts.google.com
Google Inc.
US
whitelisted
1752
iexplore.exe
143.204.201.16:443
static.ada.support
US
shared
1752
iexplore.exe
104.18.71.113:443
static.zdassets.com
Cloudflare Inc
US
shared
2196
chrome.exe
172.217.22.3:443
www.google.com.ua
Google Inc.
US
whitelisted
2196
chrome.exe
172.217.18.3:443
ssl.gstatic.com
Google Inc.
US
whitelisted
104.111.218.50:443
sealserver.trustwave.com
Akamai International B.V.
NL
unknown
328
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
d24cgw3uvb9a9h.cloudfront.net
  • 13.35.253.153
  • 13.35.253.163
  • 13.35.253.14
  • 13.35.253.6
shared
static.zdassets.com
  • 104.18.71.113
  • 104.18.73.113
  • 104.18.72.113
  • 104.18.74.113
  • 104.18.70.113
whitelisted
static.ada.support
  • 143.204.201.16
  • 143.204.201.84
  • 143.204.201.95
  • 143.204.201.115
whitelisted
sealserver.trustwave.com
  • 104.111.218.50
suspicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
clientservices.googleapis.com
  • 172.217.21.227
whitelisted
accounts.google.com
  • 172.217.16.173
shared
www.google.com.ua
  • 172.217.22.3
whitelisted
www.google.com
  • 216.58.207.36
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
1802676248