Malware analysis https://my.jo1n.com/broker/operator-es/app/partner-onboarding/main.142004e2ab618415.js Malicious activity

Add for printing

URL:	https://my.jo1n.com/broker/operator-es/app/partner-onboarding/main.142004e2ab618415.js
Full analysis:	https://app.any.run/tasks/bf483e59-8a5b-41ee-86bd-c063dd247d6e
Verdict:	Malicious activity
Analysis date:	May 29, 2024, 14:19:37
OS:	Ubuntu 22.04.2
MD5:	A7CCD5A950D360BB3A8FF2AD0D4C527D
SHA1:	0EE085ED27D4DD907328DF04964B44F14F5551FF
SHA256:	6E5517EB4180F559FD4857FE1548EFFE5104E8ECD2F118B2BDC6AA2A233471C0
SSDEEP:	3:N8nz2KHbOXROWKPzfRCKLIvBy7Wn:2KK8KzRzciW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

293

Monitored processes

80

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
6163	/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome https://my\.jo1n\.com/broker/operator-es/app/partner-onboarding/main\.142004e2ab618415\.js "	/bin/sh	—	any-guest-agent
User: root Integrity Level: UNKNOWN
6164	sudo -iu user google-chrome https://my.jo1n.com/broker/operator-es/app/partner-onboarding/main.142004e2ab618415.js	/usr/bin/sudo	—	sh
User: root Integrity Level: UNKNOWN
6165	/usr/bin/google-chrome https://my.jo1n.com/broker/operator-es/app/partner-onboarding/main.142004e2ab618415.js	/opt/google/chrome/chrome		sudo
User: user Integrity Level: UNKNOWN
6166	/usr/bin/locale-check C.UTF-8	/usr/bin/locale-check	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
6167	readlink -f /usr/bin/google-chrome	/usr/bin/readlink	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
6168	dirname /opt/google/chrome/google-chrome	/usr/bin/dirname	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
6169	mkdir -p /home/user/.local/share/applications	/usr/bin/mkdir	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
6170	cat	/usr/bin/cat	—	chrome
User: user Integrity Level: UNKNOWN
6171	cat	/usr/bin/cat	—	chrome
User: user Integrity Level: UNKNOWN
6172		/opt/google/chrome/chrome	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0

Add for printing

Executable files

0

Suspicious files

0

Text files

0

Unknown types

0

Dropped files

PID	Process	Filename		Type
6165	chrome	/proc/6165/fd/63		—
		MD5:—	SHA256:—
6165	chrome	/dev/shm/.com.google.Chrome.AT6xDQ		—
		MD5:—	SHA256:—
6165	chrome	/dev/shm/.com.google.Chrome.uHrK5E		—
		MD5:—	SHA256:—
6165	chrome	/dev/shm/.com.google.Chrome.9fRhwn		—
		MD5:—	SHA256:—
6165	chrome	/dev/shm/.com.google.Chrome.5BIhQ1		—
		MD5:—	SHA256:—
6165	chrome	/dev/shm/.com.google.Chrome.Yk95hm		—
		MD5:—	SHA256:—
6165	chrome	/dev/shm/.com.google.Chrome.tjfq3d		—
		MD5:—	SHA256:—
6165	chrome	/dev/shm/.com.google.Chrome.rSEBxR		—
		MD5:—	SHA256:—
6165	chrome	/dev/shm/.com.google.Chrome.88MJxu		—
		MD5:—	SHA256:—
6165	chrome	/home/user/.config/google-chrome/Default/Sync Data/LevelDB/LOG		—
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

11

TCP/UDP connections

45

DNS requests

47

Threats

1

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ezxnlqlf7v6isilrby4ocq76ym_2024.5.28.1/jflhchccmppkfebkiaminageehmchikm_2024.05.28.01_all_mdtzr7mvxvbrh32szu3ag2evkq.crx3	unknown	—	—	unknown
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adwf5kywp7h6uj6cmkt7uqsll2eq_20240404.625479014.14/obedbbhbpmojnkanicioggnmelmoomoc_20240404.625479014.14_all_ENGB500000_incvymraubxlb6ke6cnqmodupm.crx3	unknown	—	—	unknown
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgqkiw4dqfoo3heap234k2p62ia_448/lmelglejhemejginpboagddgdfbepgmp_448_all_ZZ_adl6mojop45uzoqhgaoc7nhgxjpa.crx3	unknown	—	—	unknown
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwh77guuioqthx5xxftvqeftjza_3030/jflookgnkcckhobaglndicnbbgbonegd_3030_all_gxlhecuj7wt4iru2mmpk5afmoq.crx3	unknown	—	—	unknown
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acvkcs6d5jaunhvasec6gbwd4l7q_2024.5.27.0/niikhdgajlphfehepabhhblakbdgeefj_2024.05.27.00_all_adg55gxavu2cginvzv6dklbr3ita.crx3	unknown	—	—	unknown
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/kiabhabjdbkjdpjbpigfodbdjmbglcoo/1.153e9301be7e862a33e2cab936a0a97e2f8bdf2dae1be516d6fe8a5f184ce028/1.4a6508925b2ffec931c1e3931ddeb15ca41d820a8264cd5a962b526e9932bcdf/1bbd0eca21eb9c81cf6ffb73afcdf08d70ee6d920b87e2e731f03dc4ac0a6cf8.puff	unknown	—	—	unknown
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/ggkkehgbnfjpeggfpleeakpidbkibbmn/1.905f83845e25579fd4c6ae4bdc81a2740a216023f856918045ced4508329c941/1.c45cd56a0a8da0883c8f9757b31891d6c628f38cb80724015ffdf33b419a73f3/0e81ca17ff2d8fc4645b4dd59216b1ad6413403ef03bae5dc24f1bbb977f7a5a.puff	unknown	—	—	unknown
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/alkdn6pzqk6acl4m6lnxjbndoq_970/efniojlnjndmcbiieegkicadnoecjjef_970_all_aczcuqcl2ufmpkanh27edlkvkyba.crx3	unknown	—	—	unknown
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mpjkm3secigkxvnyl25k2jsrhm_8797/hfnkpimlhhgieaddgfemjhofmfblmnib_8797_all_hmfr3k4trwv5cxiwuexjmrkfba.crx3	unknown	—	—	unknown
6209	chrome	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/khaoiebndkojlmppeemjhbpbandiljpe/1.1471c6c104c7e11f08fd446f83dcdb396b1fef335f4e3c744007c2272064f538/1.ffc78b3f99d65a2208200388e821bd089e9a486c624a671e045e4bcc378380b8/611d82cdcb0f432f1b6fc30fdf78a14b963b2959b93564efaa1cc91eb5df6813.puff	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
470	avahi-daemon	224.0.0.251:5353	—	—	—	unknown
—	—	185.125.188.55:443	api.snapcraft.io	Canonical Group Limited	GB	unknown
—	—	185.125.188.54:443	api.snapcraft.io	Canonical Group Limited	GB	unknown
—	—	185.125.188.58:443	api.snapcraft.io	Canonical Group Limited	GB	unknown
6165	chrome	239.255.255.250:1900	—	—	—	unknown
6209	chrome	173.194.79.84:443	accounts.google.com	GOOGLE	US	unknown
6209	chrome	216.58.206.35:443	clientservices.googleapis.com	GOOGLE	US	whitelisted
6209	chrome	18.171.89.223:443	my.jo1n.com	AMAZON-02	GB	unknown
6209	chrome	142.250.185.163:443	fonts.gstatic.com	GOOGLE	US	whitelisted
6209	chrome	142.250.185.227:443	update.googleapis.com	GOOGLE	US	whitelisted

DNS requests

Domain	IP	Reputation
api.snapcraft.io	185.125.188.55 185.125.188.58 185.125.188.59 185.125.188.54	unknown
accounts.google.com	173.194.79.84	shared
clientservices.googleapis.com	216.58.206.35	whitelisted
my.jo1n.com	18.171.89.223 18.175.90.12 3.11.87.83	unknown
fonts.gstatic.com	142.250.185.163 172.217.18.99	whitelisted
84.100.168.192.in-addr.arpa	—	unknown
update.googleapis.com	142.250.185.227	unknown
www.google.com	142.250.186.36	whitelisted
connectivity-check.ubuntu.com	2620:2d:4000:1::2a 2001:67c:1562::23 2620:2d:4000:1::98 2001:67c:1562::24 2620:2d:4000:1::22 2620:2d:4002:1::197 2620:2d:4000:1::2b 2620:2d:4000:1::23 2620:2d:4000:1::97 2620:2d:4000:1::96 2620:2d:4002:1::196 2620:2d:4002:1::198	unknown
optimizationguide-pa.googleapis.com	216.58.206.74 142.250.184.234 142.250.186.42 142.250.181.234 142.250.185.138 142.250.74.202 142.250.185.202 216.58.212.170 142.250.185.106 142.250.184.202 172.217.18.10 216.58.206.42 142.250.185.74 142.250.185.170 142.250.185.234 142.250.186.74	whitelisted

Threats

PID	Process	Class	Message
—	—	Not Suspicious Traffic	INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)

Add for printing

No debug info

General Info

https://my.jo1n.com/broker/operator-es/app/partner-onboarding/main.142004e2ab618415.js

A7CCD5A950D360BB3A8FF2AD0D4C527D

0EE085ED27D4DD907328DF04964B44F14F5551FF

6E5517EB4180F559FD4857FE1548EFFE5104E8ECD2F118B2BDC6AA2A233471C0

3:N8nz2KHbOXROWKPzfRCKLIvBy7Wn:2KK8KzRzciW

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings