analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/f3d16262-6bfe-421a-9434-2454f78eeabb
Verdict: Malicious activity
Analysis date: May 30, 2020, 13:16:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

5DE7B609F844234AC826E32943653AB1

SHA1:

894452F805FDC3B56B430B2F393DE0FCBD9A284E

SHA256:

5C6ACDC60D5B948FE9F97FDC00E1AFC869C9B15603636B4514971466D552E489

SSDEEP:

3072:nRuLRV1zZutP4D5Atmrm+OGAcam13nEsnMU:nRuLRV1NutP4D5Atmrm+OSOsMU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • avira_en_sptl1_911484971-1590844617__pavwws-spotlight-release.exe (PID: 3052)
      • avira_en_sptl1_911484971-1590844617__pavwws-spotlight-release.exe (PID: 2652)
    • Changes settings of System certificates

      • Avira.Spotlight.Bootstrapper.exe (PID: 2636)
  • SUSPICIOUS

    • Reads Environment values

      • Avira.Spotlight.Bootstrapper.exe (PID: 2636)
    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3640)
      • chrome.exe (PID: 2184)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2184)
    • Searches for installed software

      • Avira.Spotlight.Bootstrapper.exe (PID: 2636)
    • Adds / modifies Windows certificates

      • Avira.Spotlight.Bootstrapper.exe (PID: 2636)
  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2788)
      • chrome.exe (PID: 2184)
    • Changes internet zones settings

      • iexplore.exe (PID: 2788)
    • Reads the hosts file

      • chrome.exe (PID: 3640)
      • chrome.exe (PID: 2184)
    • Manual execution by user

      • chrome.exe (PID: 2184)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2756)
    • Application launched itself

      • iexplore.exe (PID: 2788)
      • chrome.exe (PID: 2184)
    • Reads settings of System Certificates

      • chrome.exe (PID: 2184)
      • chrome.exe (PID: 3640)
      • Avira.Spotlight.Bootstrapper.exe (PID: 2636)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)

EXIF

HTML

HTTPEquivXUACompatible: IE=edge
viewport: width=device-width, initial-scale=1
language: en
msapplicationTileColor: #da532c
themeColor: #000000
Title: Download Security Software for Windows, Mac, Android & iOS | Avira Antivirus
Description: Discover a range of award-winning security, privacy & performance tools for all devices. • Antivirus • VPN • System Speedup • Mobile & more. Download now
Robots: index, follow
twitterCard: summary
twitterSite: @avira
twitterDescription: Discover a range of award-winning security, privacy & performance tools for all devices. • Antivirus • VPN • System Speedup • Mobile & more. Download now
googleSiteVerification: usy0xmvNUkbiYpNrty6WLxEJWzTOqVCS7eS9b_WTZgU
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
79
Monitored processes
41
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start iexplore.exe iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs avira_en_sptl1_911484971-1590844617__pavwws-spotlight-release.exe no specs avira_en_sptl1_911484971-1590844617__pavwws-spotlight-release.exe avira.spotlight.bootstrapper.exe

Process information

PID
CMD
Path
Indicators
Parent process
2788"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2756"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2788 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2184"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
75.0.3770.100
2964"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6e9ba9d0,0x6e9ba9e0,0x6e9ba9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
1404"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2192 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2772"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4358172052172811948 --mojo-platform-channel-handle=1020 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3640"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=1979676241768878621 --mojo-platform-channel-handle=1560 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3692"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2385484263096793482 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2224"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18268150617037350033 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=508 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3096"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10221082676897464010 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
2 972
Read events
1 159
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
107
Text files
290
Unknown types
23

Dropped files

PID
Process
Filename
Type
2788iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2788iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFE1B030670E7BE8BD.TMP
MD5:
SHA256:
2788iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF8BA9DAD3C4EE72E9.TMP
MD5:
SHA256:
2788iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFA17D62CACF39A703.TMP
MD5:
SHA256:
2788iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C2EC4FFB-A277-11EA-9F59-5254004A04AF}.dat
MD5:
SHA256:
2788iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFBB6E943DA0807022.TMP
MD5:
SHA256:
2184chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5ED25CB6-888.pma
MD5:
SHA256:
2184chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\733a5e20-d46f-4449-aef9-3662bc5c6a1e.tmp
MD5:
SHA256:
2184chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp
MD5:
SHA256:
2788iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{C90D1B4E-A277-11EA-9F59-5254004A04AF}.datbinary
MD5:07A74623AFCBA6B02028BB73705901A8
SHA256:A156C9C70F1014AD51D2CE7663350110F1225450A02FD88AE70435193A0A9846
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
80
DNS requests
77
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
72.21.91.29:80
http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAhpwjriHwb%2BBA3oHNrcctU%3D
US
whitelisted
3640
chrome.exe
GET
200
74.125.173.137:80
http://r4---sn-4g5ednsy.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=QJ&mip=89.187.165.47&mm=28&mn=sn-4g5ednsy&ms=nvh&mt=1590844512&mv=m&mvi=3&pl=24&shardbypass=yes
US
crx
293 Kb
whitelisted
3640
chrome.exe
GET
302
172.217.22.14:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
519 b
whitelisted
3640
chrome.exe
GET
302
172.217.22.14:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
524 b
whitelisted
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D
US
der
471 b
whitelisted
3640
chrome.exe
GET
200
74.125.110.103:80
http://r2---sn-4g5ednsr.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=Qx&mip=89.187.165.47&mm=28&mn=sn-4g5ednsr&ms=nvh&mt=1590844512&mv=m&mvi=1&pl=24&shardbypass=yes
US
crx
816 Kb
whitelisted
2788
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3640
chrome.exe
216.58.206.3:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2788
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3640
chrome.exe
172.217.18.99:443
www.google.com.ua
Google Inc.
US
whitelisted
3640
chrome.exe
172.217.18.10:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3640
chrome.exe
216.58.210.13:443
accounts.google.com
Google Inc.
US
whitelisted
4
System
104.19.147.8:139
script.crazyegg.com
Cloudflare Inc
US
shared
4
System
104.19.148.8:445
script.crazyegg.com
Cloudflare Inc
US
shared
4
System
104.19.147.8:445
script.crazyegg.com
Cloudflare Inc
US
shared
3640
chrome.exe
172.217.22.3:443
www.gstatic.com
Google Inc.
US
whitelisted
3640
chrome.exe
172.217.22.14:80
redirector.gvt1.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
d.la1-c2-dfw.salesforceliveagent.com
  • 136.147.58.135
  • 136.147.56.7
  • 136.147.56.135
whitelisted
s3.amazonaws.com
  • 52.216.143.6
  • 52.217.13.14
shared
www.google-analytics.com
  • 216.58.212.142
whitelisted
www.glancecdn.net
  • 52.45.41.168
  • 54.147.6.169
  • 35.153.153.196
  • 18.208.78.252
whitelisted
consent.cookiebot.com
  • 13.107.246.10
whitelisted
amplifypixel.outbrain.com
  • 70.42.32.127
whitelisted
script.crazyegg.com
  • 104.19.148.8
  • 104.19.147.8
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
clientservices.googleapis.com
  • 216.58.206.3
whitelisted

Threats

No threats detected
No debug info