analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://anonfiles.com/1c1f35F4o2/CCGEN_v1.0_zip

Full analysis: https://app.any.run/tasks/0e18b7ca-188a-4f01-bbf9-60e6a4b2342e
Verdict: Malicious activity
Analysis date: July 12, 2020, 18:30:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

5CDBECA4ED9ED34D10CD7C6E9413BE64

SHA1:

C9BCD04E1DD174D6638D8751F4ADAE60DA16F18B

SHA256:

43B25BBD2804AFC4899ED76BC5125F695EF222907FBC9EF3A17120CEBD7CAE6A

SSDEEP:

3:N8M2+UKttmDuZcn:2M2GzKuZc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3440)
      • CCGEN v1.0.exe (PID: 2736)
    • Application was dropped or rewritten from another process

      • CCGEN v1.0.exe (PID: 2736)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2536)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 620)
  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 620)
      • chrome.exe (PID: 3908)
    • Manual execution by user

      • CCGEN v1.0.exe (PID: 2736)
      • WinRAR.exe (PID: 2536)
      • NOTEPAD.EXE (PID: 3728)
    • Reads Internet Cache Settings

      • chrome.exe (PID: 620)
    • Application launched itself

      • chrome.exe (PID: 620)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
73
Monitored processes
33
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe searchprotocolhost.exe no specs ccgen v1.0.exe chrome.exe no specs chrome.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
620"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://anonfiles.com/1c1f35F4o2/CCGEN_v1.0_zip"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
75.0.3770.100
2732"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ebba9d0,0x6ebba9e0,0x6ebba9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2068"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1340 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3684"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,12197231432359611937,17913075036297668884,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=10932974447208735684 --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3908"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,12197231432359611937,17913075036297668884,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=5277317777099865427 --mojo-platform-channel-handle=1496 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3688"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,12197231432359611937,17913075036297668884,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=916336863842051347 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3888"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,12197231432359611937,17913075036297668884,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=342720688807228466 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2660"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,12197231432359611937,17913075036297668884,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=724855993085755207 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3900"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,12197231432359611937,17913075036297668884,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5450935674974858024 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3044"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,12197231432359611937,17913075036297668884,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=15124991899011327998 --mojo-platform-channel-handle=3780 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
1 948
Read events
1 774
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
59
Text files
283
Unknown types
15

Dropped files

PID
Process
Filename
Type
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F0B56C5-26C.pma
MD5:
SHA256:
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a06aea1b-f79b-4dba-82ec-1bb0a176ddda.tmp
MD5:
SHA256:
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp
MD5:
SHA256:
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF10758f.TMPtext
MD5:FC9FFE77348619CC285333DFF5E1D5D1
SHA256:7CB9B3575330B3D776A21EB7A7407E34F013A0975B7418DA11B5C85DEC91D1F3
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF107512.TMPtext
MD5:33B05E8AC9C178C58ED3321F496588C0
SHA256:2CDF6A09638A0B563EA2672D6926210771902E0A9203FE15D2857FC4EB954CDE
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF107503.TMPtext
MD5:DA692BE42E4EF2668AE7499A7D5DA720
SHA256:EB865CAF59002C092F5FDBE22D01935866BC1277108B29E897052CB2439630ED
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:DA692BE42E4EF2668AE7499A7D5DA720
SHA256:EB865CAF59002C092F5FDBE22D01935866BC1277108B29E897052CB2439630ED
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF107512.TMPtext
MD5:F69C20D5B552B8D973FB1CBA5FDD7D87
SHA256:48799968D50E2D74E625A0AB18E93C6792AF20010334C6BB4E935C8D26F7026A
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:33B05E8AC9C178C58ED3321F496588C0
SHA256:2CDF6A09638A0B563EA2672D6926210771902E0A9203FE15D2857FC4EB954CDE
620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:F69C20D5B552B8D973FB1CBA5FDD7D87
SHA256:48799968D50E2D74E625A0AB18E93C6792AF20010334C6BB4E935C8D26F7026A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
35
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3908
chrome.exe
GET
302
216.58.212.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvY2Y1QUFXUjZlVjI5UldyLVpDTFJFcEx6QQ/7719.805.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
523 b
whitelisted
3908
chrome.exe
GET
200
74.125.8.140:80
http://r6---sn-5hnednlk.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvY2Y1QUFXUjZlVjI5UldyLVpDTFJFcEx6QQ/7719.805.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=Nf&mip=45.86.201.12&mm=28&mn=sn-5hnednlk&ms=nvh&mt=1594578306&mv=u&mvi=6&pl=27&shardbypass=yes
US
crx
823 Kb
whitelisted
3908
chrome.exe
GET
302
216.58.212.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
518 b
whitelisted
3908
chrome.exe
GET
200
74.125.100.73:80
http://r4---sn-5hne6nsz.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=QJ&mip=45.86.201.12&mm=28&mn=sn-5hne6nsz&ms=nvh&mt=1594578306&mv=u&mvi=4&pl=27&shardbypass=yes
US
crx
293 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3908
chrome.exe
104.24.117.23:443
anonfiles.com
Cloudflare Inc
US
malicious
3908
chrome.exe
151.101.2.217:443
vjs.zencdn.net
Fastly
US
suspicious
3908
chrome.exe
52.222.166.90:443
consideher.club
Amazon.com, Inc.
US
unknown
3908
chrome.exe
13.35.253.58:443
djv99sxoqpv11.cloudfront.net
US
malicious
3908
chrome.exe
52.86.219.129:443
baconaces.pro
Amazon.com, Inc.
US
malicious
3908
chrome.exe
143.204.201.44:443
providentsopport.site
US
malicious
3908
chrome.exe
54.173.32.183:443
joinplayerplatforms.best
Amazon.com, Inc.
US
unknown
3908
chrome.exe
35.227.196.138:443
www.performanceonclick.com
US
suspicious
3908
chrome.exe
172.217.22.36:443
www.google.com
Google Inc.
US
whitelisted
3908
chrome.exe
52.222.166.28:443
crowaving.club
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
anonfiles.com
  • 104.24.117.23
  • 104.24.116.23
  • 172.67.218.209
shared
clientservices.googleapis.com
  • 216.58.212.131
whitelisted
accounts.google.com
  • 216.58.208.45
shared
vjs.zencdn.net
  • 151.101.2.217
  • 151.101.66.217
  • 151.101.130.217
  • 151.101.194.217
whitelisted
djv99sxoqpv11.cloudfront.net
  • 13.35.253.58
  • 13.35.253.164
  • 13.35.253.123
  • 13.35.253.162
shared
baconaces.pro
  • 52.86.219.129
  • 34.196.151.230
  • 52.206.71.220
  • 54.237.125.12
  • 54.144.3.29
shared
www.google.com
  • 172.217.22.36
whitelisted
crowaving.club
  • 52.222.166.28
  • 52.222.166.3
  • 52.222.166.150
  • 52.222.166.37
malicious
consideher.club
  • 52.222.166.90
  • 52.222.166.130
  • 52.222.166.106
  • 52.222.166.186
malicious
providentsopport.site
  • 143.204.201.44
  • 143.204.201.127
  • 143.204.201.35
  • 143.204.201.101
whitelisted

Threats

No threats detected
No debug info