analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.indigo.pro

Full analysis: https://app.any.run/tasks/d1847534-ce20-438d-abd5-7cbaf2c54ba2
Verdict: Malicious activity
Analysis date: September 10, 2019, 21:21:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

ECCA412B09E2DCD0E74CE74E95AC6244

SHA1:

C2E7F3654D1719986F1CDBC836598ED703BA239D

SHA256:

3E0373B3C556D7BA3B51054FBAC395571D9E15A70DD2D59BEDD9587202F62BAA

SSDEEP:

3:N1KJS4aMFVXK:Cc4aMva

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Writes to a desktop.ini file (may be used to cloak folders)

      • firefox.exe (PID: 2348)
    • Application launched itself

      • firefox.exe (PID: 3420)
      • firefox.exe (PID: 2316)
    • Reads CPU info

      • firefox.exe (PID: 2316)
    • Creates files in the user directory

      • firefox.exe (PID: 2316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
3420"C:\Program Files\Mozilla Firefox\firefox.exe" "http://www.indigo.pro"C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
68.0.1
2316"C:\Program Files\Mozilla Firefox\firefox.exe" http://www.indigo.proC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
68.0.1
3476"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.0.1209772159\1450506228" -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 1168 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
68.0.1
2348"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.3.1631032610\700455295" -childID 1 -isForBrowser -prefsHandle 1696 -prefMapHandle 1684 -prefsLen 1 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 1716 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
68.0.1
3048"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.13.1110991345\671911562" -childID 2 -isForBrowser -prefsHandle 2860 -prefMapHandle 2864 -prefsLen 5996 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 2876 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
68.0.1
2948"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.20.192832347\581099511" -childID 3 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 7234 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 3772 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
68.0.1
Total events
503
Read events
498
Write events
5
Delete events
0

Modification events

(PID) Process:(3420) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
110E3D3601000000
(PID) Process:(2316) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
D9933F3601000000
(PID) Process:(2316) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
1
(PID) Process:(2316) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2316) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
Executable files
0
Suspicious files
64
Text files
49
Unknown types
47

Dropped files

PID
Process
Filename
Type
2316firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
2316firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
MD5:
SHA256:
2316firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
MD5:
SHA256:
2316firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
2316firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
MD5:
SHA256:
2316firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
MD5:
SHA256:
2316firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
MD5:
SHA256:
2316firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
MD5:
SHA256:
2316firefox.exeC:\Users\admin\AppData\Local\Temp\mz_etilqs_mHv7l58bzXWBbwp
MD5:
SHA256:
2316firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.binbinary
MD5:5027177F513CDAE07DB2330E1DED5934
SHA256:0C53F16051E738287A4612F68E296238087627E594CFD6DDFA1FECC2E998328B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
26
DNS requests
119
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/bitrix/templates/n-indigo/img/logo.png
RU
image
9.95 Kb
unknown
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/bitrix/templates/n-indigo/img/main-top-img.webp
RU
image
53.5 Kb
unknown
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/bitrix/templates/n-indigo/img/advantages-item-1.png
RU
image
2.55 Kb
unknown
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/
RU
html
7.10 Kb
unknown
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/bitrix/templates/n-indigo/fonts/Arial-BoldMT.woff2
RU
woff2
130 Kb
unknown
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/bitrix/templates/n-indigo/img/advantages-item-2.png
RU
image
1.48 Kb
unknown
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/bitrix/templates/n-indigo/img/advantages-item-3.png
RU
image
2.16 Kb
unknown
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/bitrix/cache/js/s1/n-indigo/template_e181a0b1eb82bdd606f9bf236b982b5b/template_e181a0b1eb82bdd606f9bf236b982b5b.js?155921741045858
RU
text
11.5 Kb
unknown
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/bitrix/cache/css/s1/n-indigo/kernel_main/kernel_main.css?155921741044417
RU
text
6.53 Kb
unknown
2316
firefox.exe
GET
200
37.140.192.68:80
http://www.indigo.pro/bitrix/templates/n-indigo/fonts/ArialMT.woff2
RU
woff2
280 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2316
firefox.exe
2.16.186.50:80
detectportal.firefox.com
Akamai International B.V.
whitelisted
2316
firefox.exe
37.140.192.68:80
www.indigo.pro
Domain names registrar REG.RU, Ltd
RU
unknown
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2316
firefox.exe
52.89.51.22:443
tiles.services.mozilla.com
Amazon.com, Inc.
US
unknown
2316
firefox.exe
52.26.8.178:443
search.services.mozilla.com
Amazon.com, Inc.
US
unknown
52.222.166.122:443
snippets.cdn.mozilla.net
Amazon.com, Inc.
US
unknown
2316
firefox.exe
34.214.223.139:443
push.services.mozilla.com
Amazon.com, Inc.
US
malicious
2316
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2316
firefox.exe
52.222.174.227:443
content-signature-2.cdn.mozilla.net
Amazon.com, Inc.
US
unknown
2316
firefox.exe
87.250.251.119:443
mc.yandex.ru
YANDEX LLC
RU
whitelisted

DNS requests

Domain
IP
Reputation
www.indigo.pro
  • 37.140.192.68
unknown
detectportal.firefox.com
  • 2.16.186.50
  • 2.16.186.112
whitelisted
a1089.dscd.akamai.net
  • 2.16.186.112
  • 2.16.186.50
whitelisted
search.services.mozilla.com
  • 52.26.8.178
  • 52.36.193.139
  • 34.210.145.79
whitelisted
search.r53-2.services.mozilla.com
  • 34.210.145.79
  • 52.36.193.139
  • 52.26.8.178
whitelisted
push.services.mozilla.com
  • 34.214.223.139
whitelisted
autopush.prod.mozaws.net
  • 34.214.223.139
whitelisted
tiles.services.mozilla.com
  • 52.89.51.22
  • 52.35.186.10
  • 52.43.93.252
  • 54.186.225.209
  • 54.149.29.182
  • 54.68.132.173
  • 54.149.28.165
  • 54.69.118.22
whitelisted
tiles.r53-2.services.mozilla.com
  • 54.69.118.22
  • 54.149.28.165
  • 54.68.132.173
  • 54.149.29.182
  • 54.186.225.209
  • 52.43.93.252
  • 52.35.186.10
  • 52.89.51.22
whitelisted
snippets.cdn.mozilla.net
  • 52.222.166.122
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
No debug info