analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://solgrid365-my.sharepoint.com/:o:/g/personal/s22cbiddlecombe_dorridge_solihull_sch_uk/EvFYm3zW-StNidlDLWkprscBwIqkq1AEyJcWl4SJLs6d-Q?e=hDtHYz

Full analysis: https://app.any.run/tasks/23f8f046-6271-4b82-8d67-95582e499314
Verdict: Malicious activity
Analysis date: December 02, 2019, 16:43:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

B52B51A2B3B22A5F5CBD2142D620F54B

SHA1:

E8E60A59DB9E43ED4E280277DF0EA38BF9615059

SHA256:

67B629293F3ACB7B0B49784C55F481F4939AB6C386CCAACD6E6000348DA16DF4

SSDEEP:

3:N8HWMGu+ArL5+KVFSWmgAKJKsBmWSMK0BN6QlgkeNAJvnkZtJRIpUBUvQ:22G+AfNsKEsB4MK0BkkeNsvLUBUvQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3100)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2724)
      • chrome.exe (PID: 3100)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1896)
      • iexplore.exe (PID: 2724)

    • Changes internet zones settings

      • iexplore.exe (PID: 2724)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1896)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1896)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2724)

    • Reads the hosts file

      • chrome.exe (PID: 3100)
      • chrome.exe (PID: 3428)

    • Manual execution by user

      • chrome.exe (PID: 3100)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2724)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
33
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2724"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1896"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2724 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3100"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2880"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6cf1a9d0,0x6cf1a9e0,0x6cf1a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3776"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3044 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2408"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1000,12547853372365845133,17932105846814545753,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=11793947478479778846 --mojo-platform-channel-handle=1020 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3428"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,12547853372365845133,17932105846814545753,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=6626532463202353065 --mojo-platform-channel-handle=1580 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3952"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,12547853372365845133,17932105846814545753,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10528822339842199167 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3180"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,12547853372365845133,17932105846814545753,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5396008030080672661 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2748"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,12547853372365845133,17932105846814545753,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9122242667310517870 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
1 061
Read events
887
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
44
Text files
285
Unknown types
12

Dropped files

PID
Process
Filename
Type
2724iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2724iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1896iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:92D978309441F2061C0593BF951196B5
SHA256:ED181185240F1C52128E6B0A11CA617FE55FF3EE89F139B75FE231791125E829
1896iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120220191203\index.datdat
MD5:D44F47858CBD78DFCF48BD24AE351EFE
SHA256:9672AB4DFECA2A29DEBFD2673BF0D8D54BB7470A4B65F7CA74A151389529CFF8
1896iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EB4JHH4J\init[1].jstext
MD5:2454E3A9014325D903C7F0E2C211C916
SHA256:BE2DF271F0FA4428E52B8A57561990D267C629D600BEBF29CC4B71BECC6A66A0
1896iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:87D2404707CA47FDC003F068A81236FF
SHA256:3785B2F788FAF72E2678538011E5ADCFC2E3CD033882A2A0318AED4C94FF7EB0
1896iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBHAWBPW\ScriptResource[1].axdtext
MD5:AECA88483779AC14B47F14389139050F
SHA256:38DEAF33D1C84196E4C4F3C76C67587090CF261D423B9BEF9BADF535BC146A2F
1896iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:CB5BFEC736E0855753F67AF344593F34
SHA256:771F7305FEE4258E71E9FCD8C105708075AE4085ECAE94869E616FCEC13E04E8
1896iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EB4JHH4J\blank[1].jstext
MD5:E8B2B3D5E727AA94D97F448FF57A59A0
SHA256:7160EDC885BC2DDBE360DB2D9B8D04374B0F65A7C933C0315EDBBAAC4236A52F
1896iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KR3C3927\solgrid365-my.sharepoint[1].xmltext
MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
55
DNS requests
38
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3428
chrome.exe
GET
200
173.194.183.202:80
http://r5---sn-aigl6nl7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mip=185.192.69.22&mm=28&mn=sn-aigl6nl7&ms=nvh&mt=1575304941&mv=m&mvi=4&pl=24&shardbypass=yes
US
crx
293 Kb
whitelisted
3428
chrome.exe
GET
302
172.217.21.206:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
509 b
whitelisted
3428
chrome.exe
GET
302
172.217.21.206:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
514 b
whitelisted
3428
chrome.exe
GET
200
173.194.5.170:80
http://r4---sn-aigl6n7s.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=185.192.69.22&mm=28&mn=sn-aigl6n7s&ms=nvh&mt=1575304941&mv=m&mvi=3&pl=24&shardbypass=yes
US
crx
862 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2724
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1896
iexplore.exe
13.107.136.9:443
solgrid365-my.sharepoint.com
Microsoft Corporation
US
whitelisted
1896
iexplore.exe
184.28.112.67:443
static.sharepointonline.com
Akamai International B.V.
US
unknown
1896
iexplore.exe
13.107.6.171:443
ukc-onenote.officeapps.live.com
Microsoft Corporation
US
whitelisted
2724
iexplore.exe
72.247.225.58:443
c1-onenote-15.cdn.office.net
Akamai Technologies, Inc.
US
whitelisted
3428
chrome.exe
172.217.22.3:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3428
chrome.exe
216.58.207.77:443
accounts.google.com
Google Inc.
US
whitelisted
3428
chrome.exe
172.217.16.132:443
www.google.com
Google Inc.
US
whitelisted
3428
chrome.exe
216.58.207.35:443
www.google.com.ua
Google Inc.
US
whitelisted
3428
chrome.exe
216.58.207.74:443
fonts.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
solgrid365-my.sharepoint.com
  • 13.107.136.9
suspicious
static.sharepointonline.com
  • 184.28.112.67
whitelisted
ukc-onenote.officeapps.live.com
  • 13.107.6.171
whitelisted
c1-onenote-15.cdn.office.net
  • 72.247.225.58
whitelisted
clientservices.googleapis.com
  • 172.217.22.3
whitelisted
accounts.google.com
  • 216.58.207.77
shared
www.google.com.ua
  • 216.58.207.35
whitelisted
www.google.com
  • 172.217.16.132
whitelisted
fonts.googleapis.com
  • 216.58.207.74
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://solgrid365-my.sharepoint.com/:o:/g/personal/s22cbiddlecombe_dorridge_solihull_sch_uk/EvFYm3zW-StNidlDLWkprscBwIqkq1AEyJcWl4SJLs6d-Q?e=hDtHYz