analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.obviousidea.us/pa/chrome-updates/?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=beta&prodversion=74.0.3729.91&lang=fr&acceptformat=crx2,crx3&x=id%3Dfnefekibahpibgnllfjpckodgobkpije%26v%3D2.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc

Full analysis: https://app.any.run/tasks/7088d772-1919-4274-b0ab-1e85fa1ffa9b
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: April 23, 2019, 14:28:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
sinkhole
trojan
Indicators:
MD5:

3A959430E9E1D151A3B9A0D914E4C002

SHA1:

DAA5840747B3220186DFB5CC68FC2511511C239D

SHA256:

629308B12FF6AF0A32EB7C1ECB64BC514498641CAECA79280249AD964971A8ED

SSDEEP:

6:Cc4G6zXMnyoGOEcbLHRPBVGsWdBI5kVXhvYbhOBHDy:kcnyoGOEYstH9+oxe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2660)
      • iexplore.exe (PID: 2884)

    • Changes internet zones settings

      • iexplore.exe (PID: 2660)

    • Application launched itself

      • iexplore.exe (PID: 2660)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2884)

    • Creates files in the user directory

      • iexplore.exe (PID: 2660)
      • iexplore.exe (PID: 2884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2660"C:\Program Files\Internet Explorer\iexplore.exe" http://www.obviousidea.us/pa/chrome-updates/?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=beta&prodversion=74.0.3729.91&lang=fr&acceptformat=crx2,crx3&x=id%3Dfnefekibahpibgnllfjpckodgobkpije%26v%3D2.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26ucC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2884"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2660 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
380
Read events
306
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
15
Unknown types
5

Dropped files

PID
Process
Filename
Type
2660iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2660iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2884iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txttext
MD5:950E268B29E93326A7709B3B0E91CF89
SHA256:0E019FA642F24183BA483892D8832BE69F90C3ACCBC61F88A94C19165E5BE29F
2884iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:CDA82F37C0A7E2B9F6A9CFC073AF8382
SHA256:125C7BB52AAC5F6AC85CE97791B49B0BD638063854F419E000C57D891814CF00
2884iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@obviousidea[1].txttext
MD5:E6EA74A2A259FAE19C54FEA06735870A
SHA256:3B38AB88920CB2F36329DF3447F255BC6C9455C81A6B38C3254C89FD17C137D9
2660iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019042320190424\index.datdat
MD5:C1536CDBA522356C52C4AAB4498DF629
SHA256:99EC9C1B809A1110494AE583600A0E159EBD1B8BA1AA31847BFEF5690F697E3D
2884iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:2220A23C0AD7BEEBAE1B18168641FB71
SHA256:1D5E225F7EBEF314B633F9E2ADB6AF8DF28E5BC5DA503F6C7F5357A6F7B97381
2884iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@obviousidea[2].txttext
MD5:0757044644A3D44382E7162B27828CDD
SHA256:93E0BBE8DA23291324180C16FA2B31C0A72271CF2868F196A7B3662BC4005394
2884iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019042320190424\index.datdat
MD5:DB579564A30A12DF6A0E3B9EB65751FB
SHA256:9B2590AF0CCD3AE13F597B7A9DA98375711CB639997255DA3FD910521F2E39DF
2660iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txttext
MD5:EB093B1F9DF92E5AA4FA2F9E0B8CBB23
SHA256:B958F532ED7DFAFFC3EB046786B0F6E4E792BF0C2FE710CA5F9332620851B6CA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
5
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2884
iexplore.exe
GET
200
195.22.4.21:80
http://www.obviousidea.us/pa/chrome-updates
PT
binary
20 b
malicious
2884
iexplore.exe
GET
200
195.22.4.21:80
http://www.obviousidea.us/pa/chrome-updates/?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=beta&prodversion=74.0.3729.91&lang=fr&acceptformat=crx2,crx3&x=id%3Dfnefekibahpibgnllfjpckodgobkpije%26v%3D2.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc
PT
binary
20 b
malicious
2660
iexplore.exe
GET
200
195.22.4.21:80
http://www.obviousidea.us/favicon.ico
PT
binary
20 b
malicious
2660
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2884
iexplore.exe
195.22.4.21:80
www.obviousidea.us
Claranet Ltd
PT
suspicious
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2660
iexplore.exe
195.22.4.21:80
www.obviousidea.us
Claranet Ltd
PT
suspicious

DNS requests

Domain
IP
Reputation
www.obviousidea.us
  • 195.22.4.21
malicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

PID
Process
Class
Message
2884
iexplore.exe
Misc activity
ADWARE [PTsecurity] AdLoad (PUA:Win32/Catalina)
2884
iexplore.exe
A Network Trojan was detected
ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
2660
iexplore.exe
A Network Trojan was detected
ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.obviousidea.us/pa/chrome-updates/?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=beta&prodversion=74.0.3729.91&lang=fr&acceptformat=crx2,crx3&x=id%3Dfnefekibahpibgnllfjpckodgobkpije%26v%3D2.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc