URL:

https://www.canva.com/design/DAEEmDujMBQ/NVF1uwJ4RqPkWdFZN5SLtw/view?utm_content=DAEEmDujMBQ&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink

Full analysis: https://app.any.run/tasks/f4c85a78-9927-4fe0-bd8c-f81269140a72
Verdict: Malicious activity
Analysis date: August 12, 2020, 17:49:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Tags:
phishing
canva.com
Indicators:
MD5:

8B0E79EB11E1372F03CAF865D1EAC115

SHA1:

3D34C11176DA70CC78D31E26F82AE1FC89527733

SHA256:

68C2B7F7BC2F28097927882AC98AD1B94BD8F6D6D8D92D42C0469450220FBD04

SSDEEP:

3:N8DSLHTiAWDXPVZqV/rNTThGAL+JGP4ItEomAGN/MRI6jRIYzbKQWa0V:2OLN0PqVrNhXDP4INmtN/MRIHMWZV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the program directory

      • firefox.exe (PID: 2748)

  • INFO

    • Reads CPU info

      • firefox.exe (PID: 2748)

    • Application launched itself

      • firefox.exe (PID: 2748)

    • Reads Internet Cache Settings

      • firefox.exe (PID: 2748)

    • Reads the machine GUID from the registry

      • firefox.exe (PID: 2748)
      • firefox.exe (PID: 3172)

    • Creates files in the user directory

      • firefox.exe (PID: 2748)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
2100"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.13.353560565\1323316978" -childID 2 -isForBrowser -prefsHandle 2524 -prefMapHandle 2732 -prefsLen 5805 -prefMapSize 188894 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 2748 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2644"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.3.464921722\225204445" -childID 1 -isForBrowser -prefsHandle 1692 -prefMapHandle 832 -prefsLen 1 -prefMapSize 188894 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 1696 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2748"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.canva.com/design/DAEEmDujMBQ/NVF1uwJ4RqPkWdFZN5SLtw/view?utm_content=DAEEmDujMBQ&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink"C:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3004"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.0.597842457\392043982" -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 1168 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3172"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.20.1097813677\934442828" -childID 3 -isForBrowser -prefsHandle 3588 -prefMapHandle 3592 -prefsLen 6640 -prefMapSize 188894 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 3604 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3812"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2748.27.2033809068\409224831" -childID 4 -isForBrowser -prefsHandle 1956 -prefMapHandle 2868 -prefsLen 6911 -prefMapSize 188894 -parentBuildID 20190619235627 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2748 "\\.\pipe\gecko-crash-server-pipe.2748" 3016 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
67.0.4
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
Total events
1 521
Read events
1 518
Write events
3
Delete events
0

Modification events

(PID) Process:(2748) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
0000000000000000
(PID) Process:(2748) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2748) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000007F000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
0
Suspicious files
109
Text files
50
Unknown types
140

Dropped files

PID
Process
Filename
Type
2748firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\nltxvmn2.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
2748firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\prefs-1.js
MD5:
SHA256:
2748firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
2748firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
MD5:
SHA256:
2748firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\nltxvmn2.default\safebrowsing-updating\test-malware-simple-1.sbstore
MD5:
SHA256:
2748firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\nltxvmn2.default\safebrowsing-updating\test-phish-simple-1.sbstore
MD5:
SHA256:
2748firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\nltxvmn2.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
MD5:
SHA256:
2748firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\nltxvmn2.default\safebrowsing-updating\test-harmful-simple-1.sbstore
MD5:
SHA256:
2748firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\nltxvmn2.default\safebrowsing-updating\test-track-simple-1.sbstore
MD5:
SHA256:
2748firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\nltxvmn2.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
212
TCP/UDP connections
83
DNS requests
159
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2748
firefox.exe
GET
302
13.227.156.49:443
https://snippets.cdn.mozilla.net/6/Firefox/67.0.4/20190619235627/WINNT_x86_64-msvc/en-US/release/Windows_NT%206.1/default/default/
US
whitelisted
2748
firefox.exe
GET
200
13.227.156.49:443
https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/release/en-us/default.json
US
text
133 Kb
whitelisted
2748
firefox.exe
GET
200
104.18.216.67:443
https://static.canva.com/static/lib/sentry/5.15.4.min.js
US
text
55.4 Kb
whitelisted
2748
firefox.exe
GET
200
54.148.7.60:443
https://search.services.mozilla.com/1/firefox/67.0.4/release/en-US/DE/default/default
US
text
152 b
whitelisted
2748
firefox.exe
POST
200
52.209.204.108:443
https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
IE
text
49 b
whitelisted
2748
firefox.exe
GET
200
104.18.216.67:443
https://static.canva.com/web/6463457ccfa52baa7ae6cb706fca893d.runtime.js
US
text
4.91 Kb
whitelisted
2748
firefox.exe
GET
200
104.18.216.67:443
https://static.canva.com/web/cf8ded847becfc7c943e.css
US
text
8.37 Kb
whitelisted
2748
firefox.exe
GET
200
104.18.216.67:443
https://static.canva.com/web/b351f51e29a2b7840abc.js
US
text
16.1 Kb
whitelisted
2748
firefox.exe
POST
200
2.16.177.64:443
https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=67.0&pver=2.2
unknown
text
245 b
whitelisted
2748
firefox.exe
GET
200
104.18.216.67:443
https://static.canva.com/web/c6daa9a70c5cfa56b572.js
US
s
203 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2748
firefox.exe
52.209.204.108:443
location.services.mozilla.com
Amazon.com, Inc.
IE
unknown
2748
firefox.exe
34.211.156.97:443
push.services.mozilla.com
Amazon.com, Inc.
US
unknown
2748
firefox.exe
104.18.216.67:443
www.canva.com
Cloudflare Inc
US
unknown
2748
firefox.exe
13.227.156.49:443
snippets.cdn.mozilla.net
US
unknown
2748
firefox.exe
54.148.7.60:443
search.services.mozilla.com
Amazon.com, Inc.
US
unknown
2748
firefox.exe
216.58.212.138:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2748
firefox.exe
2.16.177.64:443
shavar.services.mozilla.com
Akamai International B.V.
suspicious
2748
firefox.exe
104.18.215.67:443
www.canva.com
Cloudflare Inc
US
unknown
2748
firefox.exe
172.217.21.195:443
fonts.gstatic.com
Google Inc.
US
whitelisted
2748
firefox.exe
204.79.197.200:443
bat.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 2.16.177.88
  • 2.16.177.18
whitelisted
a1089.dscd.akamai.net
  • 2.16.177.18
  • 2.16.177.88
whitelisted
location.services.mozilla.com
  • 52.209.204.108
  • 34.247.232.119
  • 34.253.97.22
whitelisted
locprod1-elb-eu-west-1.prod.mozaws.net
  • 34.253.97.22
  • 34.247.232.119
  • 52.209.204.108
whitelisted
www.canva.com
  • 104.18.216.67
  • 104.18.215.67
whitelisted
push.services.mozilla.com
  • 34.211.156.97
whitelisted
autopush.prod.mozaws.net
  • 34.211.156.97
whitelisted
snippets.cdn.mozilla.net
  • 13.227.156.49
  • 13.227.156.67
  • 13.227.156.12
  • 13.227.156.62
whitelisted
tiles.services.mozilla.com
whitelisted
d228z91au11ukj.cloudfront.net
  • 13.227.156.62
  • 13.227.156.12
  • 13.227.156.67
  • 13.227.156.49
whitelisted

Threats

PID
Process
Class
Message
332
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
332
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
332
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.canva.com/design/DAEEmDujMBQ/NVF1uwJ4RqPkWdFZN5SLtw/view?utm_content=DAEEmDujMBQ&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink