analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://api.virtru.com/accounts/email-activation?linkId=0b744fca-3ca0-4107-a942-112cb1718b18-25407ac7-11ce-4913-8ce3-1bba2e283c3c&loginRedirectUrl=https://secure.virtru.com/secure-reader&[email protected]&[email protected]&emailSubject=CMS%20Login%20Issues

Full analysis: https://app.any.run/tasks/57f65759-7c86-42b5-b0ca-ff9cba38f78a
Verdict: Malicious activity
Analysis date: April 26, 2021, 15:56:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

27FCEB84FD5D318BE8A7128F05DC939F

SHA1:

B5D4C404F9C6C8836658FFF009AEF9F59BE677A8

SHA256:

4F465787704261B067A0C1092E027539A3DC6AFD67E18741EC6412717AB1C2A1

SSDEEP:

6:2XyW8KvzSFBoRISMnpkbCMDgxuUQ92QwcwGQ+5cTErJsGBFB:2XJFSFeRI3pk7YuUQmoQ+5cTErJBv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 1196)
      • chrome.exe (PID: 492)

    • Application launched itself

      • chrome.exe (PID: 1196)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
10
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1196"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://api.virtru.com/accounts/email-activation?linkId=0b744fca-3ca0-4107-a942-112cb1718b18-25407ac7-11ce-4913-8ce3-1bba2e283c3c&loginRedirectUrl=https://secure.virtru.com/secure-reader&[email protected]&[email protected]&emailSubject=CMS%20Login%20Issues"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
348"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6c1ea9d0,0x6c1ea9e0,0x6c1ea9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2012"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1200 --on-initialized-event-handle=316 --parent-handle=320 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3224"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6688755760206539957 --mojo-platform-channel-handle=1044 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
492"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=4075490398215631500 --mojo-platform-channel-handle=1456 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1468"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12916789782141712510 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3376"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3904319684323037306 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
1076"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14272189855326314596 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
772"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=14431825018422978751 --mojo-platform-channel-handle=3260 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
1388"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,7689798815084687990,4645817504999119502,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=6241601053392272006 --mojo-platform-channel-handle=2372 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
612
Read events
549
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
21
Text files
75
Unknown types
3

Dropped files

PID
Process
Filename
Type
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6086E2B1-4AC.pma
MD5:
SHA256:
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
MD5:
SHA256:
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RFe678f.TMPtext
MD5:D4322EEBAC92D1B8F7A6F5E39F6264B7
SHA256:A3EEDF21B850DCC7CE5AE04395ECDD2D29DA4EA549C8A185DD9E8B552A87B8C2
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RFe680c.TMPtext
MD5:1C97B70A4BAD7C026F79467C7D496AFA
SHA256:C5A02E4984DE3F30DADFC0A89A93F45418C06653C3962EAA94C93909E51D272D
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:C2DDBA63E4A2BD2E39A8B6C2C6384AAE
SHA256:6D5C1C78341C6F84911055D970ADDB0EC3499F8BF7FADE062122A22209CE67D9
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe683b.TMPtext
MD5:74D4DB05A4D3E7263E8AE314DEDD8DF1
SHA256:67BF9950E818713E054268D40BED61A22D324385CE98E89DDF406A405B870802
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RFe679f.TMPtext
MD5:FB5B20517A0D1F7DAD485989565BEE5E
SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:FB5B20517A0D1F7DAD485989565BEE5E
SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101
1196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldtext
MD5:67F45CAA18C889645F50CD6216C81E65
SHA256:33ED82CDDDFFD55A5059C147C6CD20F66C6712314F890A39576D3C10914D0029
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
28
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
492
chrome.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS83pEmglYTXfyF78OS%2BRiTRWadkgQULGn%2FgMmHkK404bTnTJOFmUDpp7ICEAfXyLft0BpAiKD7FtWl4yU%3D
US
der
471 b
whitelisted
492
chrome.exe
GET
200
151.139.128.14:80
http://crl.comodoca.com/AAACertificateServices.crl
US
der
506 b
whitelisted
492
chrome.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEChOOcFLOG2InHKZ5YzQWlc%3D
US
der
727 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
492
chrome.exe
142.250.185.237:443
accounts.google.com
Google Inc.
US
suspicious
492
chrome.exe
65.9.66.105:443
api.virtru.com
AT&T Services, Inc.
US
suspicious
492
chrome.exe
3.143.84.231:443
secure.virtru.com
US
unknown
492
chrome.exe
151.139.128.14:80
crl.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
492
chrome.exe
3.140.18.175:443
secure.virtru.com
US
unknown
492
chrome.exe
172.217.18.99:443
ssl.gstatic.com
Google Inc.
US
whitelisted
492
chrome.exe
99.86.2.49:443
cdn.virtru.com
AT&T Services, Inc.
US
unknown
492
chrome.exe
44.237.23.82:443
api.amplitude.com
University of California, San Diego
US
unknown
492
chrome.exe
13.32.23.194:443
cdn.amplitude.com
Amazon.com, Inc.
US
unknown
492
chrome.exe
142.250.186.110:443
clients1.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
api.virtru.com
  • 65.9.66.13
  • 65.9.66.105
  • 65.9.66.83
  • 65.9.66.88
shared
accounts.google.com
  • 142.250.185.237
shared
ssl.gstatic.com
  • 172.217.18.99
whitelisted
secure.virtru.com
  • 3.140.18.175
  • 3.143.84.231
  • 3.131.178.82
malicious
crl.comodoca.com
  • 151.139.128.14
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
cdn.virtru.com
  • 99.86.2.49
  • 99.86.2.98
  • 99.86.2.80
  • 99.86.2.32
whitelisted
cdn.amplitude.com
  • 13.32.23.194
  • 13.32.23.136
  • 13.32.23.160
  • 13.32.23.71
whitelisted
api.amplitude.com
  • 44.237.23.82
  • 52.37.140.69
  • 34.216.119.199
  • 35.167.210.48
  • 54.70.137.22
  • 44.238.7.162
  • 52.40.97.110
  • 54.189.242.60
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://api.virtru.com/accounts/email-activation?linkId=0b744fca-3ca0-4107-a942-112cb1718b18-25407ac7-11ce-4913-8ce3-1bba2e283c3c&loginRedirectUrl=https://secure.virtru.com/secure-reader&[email protected]&[email protected]&emailSubject=CMS%20Login%20Issues