analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://blisk.io/

Full analysis: https://app.any.run/tasks/132a4503-9a9f-4b06-81f8-3671667ef391
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 14, 2019, 21:31:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
adware
loader
Indicators:
MD5:

09113EACB627B73679DA10964E3743E0

SHA1:

F96DCEDD6B79FC2E1CF8D4B698BE9EBD2B0F2EE9

SHA256:

81E8A2988E9FDEC0B82821D195C7C83369E8883941B9BEB3C0B90175601F7B7A

SSDEEP:

3:N8UMRn:2Pn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Blisk_installer.exe (PID: 2552)

    • Application was dropped or rewritten from another process

      • Blisk_installer.exe (PID: 2552)
      • setup.exe (PID: 1032)
      • setup.exe (PID: 3492)
      • blisk.exe (PID: 3836)
      • blisk.exe (PID: 3568)
      • blisk.exe (PID: 2760)
      • blisk.exe (PID: 2392)
      • blisk.exe (PID: 3840)
      • blisk.exe (PID: 3880)
      • blisk.exe (PID: 2240)
      • blisk.exe (PID: 2516)
      • blisk.exe (PID: 3004)
      • blisk.exe (PID: 2384)
      • blisk.exe (PID: 3080)
      • blisk.exe (PID: 1308)

    • Downloads executable files from the Internet

      • Blisk_installer.exe (PID: 2552)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Blisk_installer.exe (PID: 2552)
      • blisk_inst.exe (PID: 2920)
      • chrome.exe (PID: 2528)
      • setup.exe (PID: 1032)

    • Application launched itself

      • setup.exe (PID: 1032)
      • blisk.exe (PID: 3836)

    • Modifies the open verb of a shell class

      • setup.exe (PID: 1032)

    • Creates a software uninstall entry

      • setup.exe (PID: 1032)

    • Creates files in the user directory

      • setup.exe (PID: 1032)

  • INFO

    • Reads settings of System Certificates

      • chrome.exe (PID: 2400)
      • blisk.exe (PID: 3836)

    • Application launched itself

      • chrome.exe (PID: 2528)

    • Creates files in the user directory

      • chrome.exe (PID: 2528)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
62
Monitored processes
31
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs blisk_installer.exe blisk_inst.exe setup.exe setup.exe no specs blisk.exe blisk.exe no specs blisk.exe no specs blisk.exe no specs blisk.exe no specs blisk.exe no specs blisk.exe no specs blisk.exe no specs blisk.exe no specs blisk.exe no specs blisk.exe no specs blisk.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2528"C:\Program Files\Google\Chrome\Application\chrome.exe" https://blisk.io/C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
73.0.3683.75
1480"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6fa60f18,0x6fa60f28,0x6fa60f34C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
3160"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2532 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
1344"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=8016973629193070172 --mojo-platform-channel-handle=968 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2400"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=13333574489058329730 --mojo-platform-channel-handle=1528 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2744"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --service-pipe-token=3771268817573407117 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3771268817573407117 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
3056"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --service-pipe-token=18302979589496425780 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18302979589496425780 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
3604"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --service-pipe-token=12133985021958363888 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12133985021958363888 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
3404"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=5103030952564755078 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5103030952564755078 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
3140"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,16757165573614761929,13464838209277135556,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=4873130136100800391 --mojo-platform-channel-handle=3460 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
Total events
1 730
Read events
1 541
Write events
0
Delete events
0

Modification events

No data
Executable files
8
Suspicious files
70
Text files
167
Unknown types
31

Dropped files

PID
Process
Filename
Type
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
MD5:
SHA256:
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
MD5:
SHA256:
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
MD5:
SHA256:
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
MD5:
SHA256:
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a736f6b4-4a34-4361-bbdc-ab43e203ff8b.tmp
MD5:
SHA256:
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
MD5:
SHA256:
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
MD5:
SHA256:
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
MD5:
SHA256:
2528chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
67
DNS requests
37
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2552
Blisk_installer.exe
GET
302
40.118.29.72:80
http://blisk.io/download/?os=win
NL
html
211 b
suspicious
2552
Blisk_installer.exe
GET
200
40.68.232.48:80
http://bliskcloudstorage.blob.core.windows.net/win-installers/BliskInstaller_11.0.157.186.exe
NL
executable
60.5 Mb
malicious
2400
chrome.exe
GET
200
173.194.182.138:80
http://r5---sn-hpa7znsz.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=82.102.26.195&mm=28&mn=sn-hpa7znsz&ms=nvh&mt=1555276672&mv=u&pl=25&shardbypass=yes
US
crx
842 Kb
whitelisted
2400
chrome.exe
GET
302
172.217.21.238:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
504 b
whitelisted
2528
chrome.exe
GET
200
13.107.4.50:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
55.6 Kb
whitelisted
2528
chrome.exe
GET
200
13.107.4.50:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt
US
der
969 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2400
chrome.exe
172.217.22.3:443
fonts.gstatic.com
Google Inc.
US
whitelisted
2400
chrome.exe
216.58.207.45:443
accounts.google.com
Google Inc.
US
whitelisted
2400
chrome.exe
172.217.18.10:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2400
chrome.exe
94.31.29.64:443
index.tnwcdn.com
netDNA
GB
malicious
2400
chrome.exe
40.118.29.72:443
blisk.io
Microsoft Corporation
NL
suspicious
2400
chrome.exe
216.58.207.78:443
www.google-analytics.com
Google Inc.
US
whitelisted
2400
chrome.exe
104.31.71.90:443
craigbuckler.com
Cloudflare Inc
US
shared
2400
chrome.exe
152.199.19.161:443
bliskstatic.azureedge.net
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2400
chrome.exe
216.58.207.67:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2400
chrome.exe
69.16.175.10:443
s1.softpedia-static.com
Highwinds Network Group, Inc.
US
malicious

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 216.58.207.67
whitelisted
blisk.io
  • 40.118.29.72
suspicious
accounts.google.com
  • 216.58.207.45
shared
fonts.googleapis.com
  • 172.217.18.10
whitelisted
bliskstatic.azureedge.net
  • 152.199.19.161
malicious
i.amz.mshcdn.com
  • 2.16.186.131
  • 2.16.186.187
suspicious
index.tnwcdn.com
  • 94.31.29.64
malicious
craigbuckler.com
  • 104.31.71.90
  • 104.31.70.90
unknown
s1.softpedia-static.com
  • 69.16.175.10
  • 69.16.175.42
whitelisted
fonts.gstatic.com
  • 172.217.22.3
whitelisted

Threats

PID
Process
Class
Message
2400
chrome.exe
Generic Protocol Command Decode
SURICATA STREAM excessive retransmissions
2552
Blisk_installer.exe
Misc activity
ADWARE [PTsecurity] PUA:Win32/Conduit
2552
Blisk_installer.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
5 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://blisk.io/