analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://download.mcafee.com/molbin/iss-loc/SupportTools/MCPR/MCPR.exe

Full analysis: https://app.any.run/tasks/1d125e7b-f091-4e7d-a5fb-d7315c4915af
Verdict: Malicious activity
Analysis date: April 30, 2021, 18:17:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

545DD632E261853E45A85ABCEBCDE157

SHA1:

5EC2348C64E058853869B464E262E7A24A38ADE4

SHA256:

544B300BE41DEAD4D0908E956D332B1BB43689DDB9E0C965B610A1DAC8F1D596

SSDEEP:

3:N8SEl3AyKIT0KKGlVVkvWb9LN:2SK5KIT9VSv69J

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • MCPR.exe (PID: 1760)
      • MCPR.exe (PID: 3504)
      • McClnUI.exe (PID: 2452)

    • Changes settings of System certificates

      • McClnUI.exe (PID: 2452)
      • MCPR.exe (PID: 1760)

  • SUSPICIOUS

    • Drops a file with too old compile date

      • MCPR.exe (PID: 1760)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 868)
      • MCPR.exe (PID: 1760)

    • Drops a file that was compiled in debug mode

      • MCPR.exe (PID: 1760)

    • Adds / modifies Windows certificates

      • MCPR.exe (PID: 1760)
      • McClnUI.exe (PID: 2452)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 868)
      • chrome.exe (PID: 2348)

    • Application launched itself

      • chrome.exe (PID: 868)

    • Dropped object may contain Bitcoin addresses

      • MCPR.exe (PID: 1760)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
13
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs mcpr.exe no specs chrome.exe no specs mcpr.exe mcclnui.exe chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
868"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://download.mcafee.com/molbin/iss-loc/SupportTools/MCPR/MCPR.exe"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3348"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f93a9d0,0x6f93a9e0,0x6f93a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2880"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=960 --on-initialized-event-handle=316 --parent-handle=320 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2664"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,12920732451611970172,15144806938555574943,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15445607864000209815 --mojo-platform-channel-handle=1024 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2348"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,12920732451611970172,15144806938555574943,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=4957249966413071044 --mojo-platform-channel-handle=1496 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3820"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,12920732451611970172,15144806938555574943,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1760572938238370141 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
1892"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,12920732451611970172,15144806938555574943,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2396332308930051633 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
4068"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,12920732451611970172,15144806938555574943,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=362255402921109228 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3504"C:\Users\admin\Downloads\MCPR.exe" C:\Users\admin\Downloads\MCPR.exechrome.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
MEDIUM
Description:
McAfee ESD Package
Exit code:
3221226540
Version:
10.3
3996"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,12920732451611970172,15144806938555574943,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=13546210358967858549 --mojo-platform-channel-handle=3652 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
1 323
Read events
1 235
Write events
0
Delete events
0

Modification events

No data
Executable files
34
Suspicious files
105
Text files
468
Unknown types
0

Dropped files

PID
Process
Filename
Type
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-608C49D0-364.pma
MD5:
SHA256:
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
MD5:
SHA256:
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
MD5:
SHA256:
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF14fb46.TMP
MD5:
SHA256:
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\71565e90-5fc7-462a-a9d6-c02a4ee0d8ff.tmp
MD5:
SHA256:
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
MD5:
SHA256:
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
MD5:
SHA256:
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:D4322EEBAC92D1B8F7A6F5E39F6264B7
SHA256:A3EEDF21B850DCC7CE5AE04395ECDD2D29DA4EA549C8A185DD9E8B552A87B8C2
868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.oldtext
MD5:1C97B70A4BAD7C026F79467C7D496AFA
SHA256:C5A02E4984DE3F30DADFC0A89A93F45418C06653C3962EAA94C93909E51D272D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
13
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2452
McClnUI.exe
GET
304
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
2452
McClnUI.exe
GET
304
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
2452
McClnUI.exe
GET
304
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
2452
McClnUI.exe
GET
304
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
2452
McClnUI.exe
GET
304
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
2452
McClnUI.exe
GET
304
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
2452
McClnUI.exe
GET
304
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
2452
McClnUI.exe
GET
200
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
2452
McClnUI.exe
GET
304
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
2452
McClnUI.exe
GET
304
8.248.145.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.2 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2348
chrome.exe
142.250.74.195:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2452
McClnUI.exe
8.248.145.254:80
www.download.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
2348
chrome.exe
104.79.88.7:443
download.mcafee.com
Time Warner Cable Internet LLC
US
malicious
2452
McClnUI.exe
104.40.53.219:443
prd-mcafee-mosaic-pub.azurewebsites.net
Microsoft Corporation
US
suspicious
2452
McClnUI.exe
104.79.88.184:443
sadownload.mcafee.com
Time Warner Cable Internet LLC
US
unknown
2348
chrome.exe
172.217.16.141:443
accounts.google.com
Google Inc.
US
suspicious
104.208.16.0:443
cu1pehnswss01.servicebus.windows.net
Microsoft Corporation
US
unknown

DNS requests

Domain
IP
Reputation
download.mcafee.com
  • 104.79.88.7
malicious
accounts.google.com
  • 172.217.16.141
shared
ssl.gstatic.com
  • 142.250.74.195
whitelisted
sadownload.mcafee.com
  • 104.79.88.184
whitelisted
www.download.windowsupdate.com
  • 8.248.145.254
  • 67.26.83.254
  • 8.248.149.254
  • 8.253.95.249
  • 8.248.131.254
whitelisted
prd-mcafee-mosaic-pub.azurewebsites.net
  • 104.40.53.219
suspicious
cu1pehnswss01.servicebus.windows.net
  • 104.208.16.0
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://download.mcafee.com/molbin/iss-loc/SupportTools/MCPR/MCPR.exe