analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://ant.trenz.pl

Full analysis: https://app.any.run/tasks/c6ad8e39-f864-4128-903a-4a684e486c85
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Analysis date: April 15, 2019, 14:03:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
sinkhole
Indicators:
MD5:

D3D271873393CD7376905CD625B7DF6D

SHA1:

69CC53BC5EBA51AEDFDB3852C4794C6C5C9BBCE4

SHA256:

3AF02E9EB0B52E9BB90F88D230961A85C09DCA9AD1FBEDAECAB43399877061C3

SSDEEP:

3:N1Kfl4j:Ct4j

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2936)
  • INFO

    • Reads settings of System Certificates

      • chrome.exe (PID: 2356)
    • Application launched itself

      • chrome.exe (PID: 2572)
      • chrome.exe (PID: 2936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
33
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2936"C:\Program Files\Google\Chrome\Application\chrome.exe" http://ant.trenz.plC:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
73.0.3683.75
3544"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ebb0f18,0x6ebb0f28,0x6ebb0f34C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2940 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
3744"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=956,8145731737619825880,15429340508233278846,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=14520903678509141690 --mojo-platform-channel-handle=932 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
1948"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=956,8145731737619825880,15429340508233278846,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=2221104833569819538 --mojo-platform-channel-handle=1472 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2436"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=956,8145731737619825880,15429340508233278846,131072 --enable-features=PasswordImport --service-pipe-token=12088818467191561819 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12088818467191561819 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2848"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=956,8145731737619825880,15429340508233278846,131072 --enable-features=PasswordImport --service-pipe-token=10077549942079905173 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10077549942079905173 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
3992"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=956,8145731737619825880,15429340508233278846,131072 --enable-features=PasswordImport --service-pipe-token=10686420061057107470 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10686420061057107470 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2100"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=956,8145731737619825880,15429340508233278846,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8329209183638662937 --mojo-platform-channel-handle=3060 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2480"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=956,8145731737619825880,15429340508233278846,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=9949469944087294458 --mojo-platform-channel-handle=3140 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
Total events
702
Read events
561
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
74
Text files
188
Unknown types
10

Dropped files

PID
Process
Filename
Type
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
MD5:
SHA256:
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
MD5:
SHA256:
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
MD5:
SHA256:
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
MD5:
SHA256:
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\b85bf134-79da-48aa-b2c9-7af4505f79d7.tmp
MD5:
SHA256:
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
MD5:
SHA256:
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
MD5:
SHA256:
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
MD5:
SHA256:
2936chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
30
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2356
chrome.exe
GET
148.81.111.121:80
http://ant.trenz.pl/
PL
malicious
1948
chrome.exe
GET
200
148.81.111.121:80
http://ant.trenz.pl/
PL
text
24 b
malicious
1948
chrome.exe
GET
200
194.9.24.113:80
http://r6---sn-5uh5o-f5fd.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=212.7.217.54&mm=28&mn=sn-5uh5o-f5fd&ms=nvh&mt=1555336888&mv=m&pl=21&shardbypass=yes
PL
crx
842 Kb
whitelisted
1948
chrome.exe
GET
302
172.217.16.206:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
507 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1948
chrome.exe
216.58.205.227:443
ssl.gstatic.com
Google Inc.
US
whitelisted
1948
chrome.exe
172.217.22.35:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
1948
chrome.exe
216.58.206.14:443
play.google.com
Google Inc.
US
whitelisted
1948
chrome.exe
194.9.24.113:80
r6---sn-5uh5o-f5fd.gvt1.com
ATM S.A.
PL
whitelisted
1948
chrome.exe
172.217.23.142:443
clients2.google.com
Google Inc.
US
whitelisted
1948
chrome.exe
148.81.111.121:80
ant.trenz.pl
Naukowa I Akademicka Siec Komputerowa Instytut Badawczy
PL
malicious
1948
chrome.exe
216.58.205.228:443
www.google.com
Google Inc.
US
whitelisted
1948
chrome.exe
172.217.16.141:443
accounts.google.com
Google Inc.
US
suspicious
1948
chrome.exe
172.217.16.206:80
redirector.gvt1.com
Google Inc.
US
whitelisted
1948
chrome.exe
172.217.18.14:443
apis.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.22.35
whitelisted
ant.trenz.pl
  • 148.81.111.121
malicious
accounts.google.com
  • 172.217.16.141
shared
ssl.gstatic.com
  • 216.58.205.227
whitelisted
clients2.google.com
  • 172.217.23.142
whitelisted
redirector.gvt1.com
  • 172.217.16.206
whitelisted
r6---sn-5uh5o-f5fd.gvt1.com
  • 194.9.24.113
whitelisted
www.gstatic.com
  • 172.217.22.3
whitelisted
www.google.com
  • 216.58.205.228
whitelisted
clients1.google.com
  • 172.217.23.142
whitelisted

Threats

PID
Process
Class
Message
A Network Trojan was detected
ET TROJAN Known Hostile Domain ant.trenz .pl Lookup
1948
chrome.exe
A Network Trojan was detected
ET TROJAN Known Sinkhole Response Header CERT.PL
1948
chrome.exe
A Network Trojan was detected
ET TROJAN Known Sinkhole Response Header CERT.PL
No debug info