analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| URL: | https://www2.openstax.org/e/218812/g-2022-b2s-drip-1-utm-term-CTA/wl92kr/1497717912?h=HSuHRYCRyt-F-ecjBAapuZ9KXhDmHMKf2aQXF90wOuQ |
| Full analysis: | https://app.any.run/tasks/c358cfef-abe1-4c00-8deb-424061663760 |
| Verdict: | Malicious activity |
| Analysis date: | January 14, 2022, 21:18:26 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 3CC715859CC25008AFE984EC50DAE7E6 |
| SHA1: | C1771BB89D898161EB409C4CB222B1C6C9099A75 |
| SHA256: | 8DB4D9708DCC5469FF5B5CCFF1616FA27F98CC3466A96788140A4536FFD3C928 |
| SSDEEP: | 3:N8DSXuiJDYEqItXI8IQRL8k4dSc1NTQt385Re9YN6UdouLE0uZh:2OXuiFq6bMk4QINT4BGNouBoh |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
Checks supported languages
- chrome.exe (PID: 1212)
- chrome.exe (PID: 448)
- chrome.exe (PID: 1232)
- chrome.exe (PID: 1052)
- chrome.exe (PID: 2792)
- chrome.exe (PID: 456)
- chrome.exe (PID: 860)
- chrome.exe (PID: 2412)
- chrome.exe (PID: 2352)
Reads the computer name
- chrome.exe (PID: 1232)
- chrome.exe (PID: 1052)
- chrome.exe (PID: 2792)
Application launched itself
- chrome.exe (PID: 1232)
Reads the hosts file
- chrome.exe (PID: 1232)
- chrome.exe (PID: 1052)
Reads settings of System Certificates
- chrome.exe (PID: 1052)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
44
Monitored processes
9
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1232 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://www2.openstax.org/e/218812/g-2022-b2s-drip-1-utm-term-CTA/wl92kr/1497717912?h=HSuHRYCRyt-F-ecjBAapuZ9KXhDmHMKf2aQXF90wOuQ" | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | Explorer.EXE | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 Modules
| |||||||||||||||
| 1212 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x84,0x88,0x8c,0x80,0x90,0x7fef5653ef8,0x7fef5653f08,0x7fef5653f18 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 Modules
| |||||||||||||||
| 448 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=408 --on-initialized-event-handle=320 --parent-handle=324 /prefetch:6 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 Modules
| |||||||||||||||
| 2792 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12604696801702740033 --mojo-platform-channel-handle=1116 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 Modules
| |||||||||||||||
| 1052 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --lang=en-US --service-sandbox-type=network --service-request-channel-token=5129757341701301222 --mojo-platform-channel-handle=1568 /prefetch:8 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 75.0.3770.100 Modules
| |||||||||||||||
| 2352 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1828915497782822994 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 Modules
| |||||||||||||||
| 860 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8428730744646909845 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 75.0.3770.100 Modules
| |||||||||||||||
| 456 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12395740541500719409 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 Modules
| |||||||||||||||
| 2412 | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,1262032317923515546,9175618153933257295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=1335067446905022017 --mojo-platform-channel-handle=3384 /prefetch:2 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 Modules
| |||||||||||||||
Total events
4 485
Read events
4 434
Write events
48
Delete events
3
Modification events
| (PID) Process: | (1232) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
| Operation: | write | Name: | failed_count |
Value: 0 | |||
| (PID) Process: | (1232) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
| Operation: | write | Name: | state |
Value: 2 | |||
| (PID) Process: | (1232) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: | |||
| (PID) Process: | (1232) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: 01000000 | |||
| (PID) Process: | (1232) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
| Operation: | write | Name: | state |
Value: 1 | |||
| (PID) Process: | (1232) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96} |
| Operation: | write | Name: | dr |
Value: 1 | |||
| (PID) Process: | (448) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes |
| Operation: | write | Name: | 1232-13286668709687921 |
Value: 259 | |||
| (PID) Process: | (1232) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome |
| Operation: | write | Name: | UsageStatsInSample |
Value: 1 | |||
| (PID) Process: | (1232) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes |
| Operation: | delete value | Name: | 2324-13239293534024414 |
Value: 0 | |||
| (PID) Process: | (1232) chrome.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96} |
| Operation: | write | Name: | usagestats |
Value: 0 | |||
Executable files
0
Suspicious files
83
Text files
39
Unknown types
5
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E1E8A5-4D0.pma | — | |
MD5:— | SHA256:— | |||
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT | — | |
MD5:— | SHA256:— | |||
| 1232 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
64
DNS requests
41
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
1052 | chrome.exe | GET | 200 | 72.247.185.59:80 | http://apps.identrust.com/roots/dstrootcax3.p7c | NL | cat | 893 b | shared |
1052 | chrome.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?43e959b925083603 | US | compressed | 59.9 Kb | whitelisted |
1052 | chrome.exe | GET | 200 | 104.18.21.226:80 | http://secure.globalsign.com/cacert/root-r3.crt | US | der | 867 b | whitelisted |
1052 | chrome.exe | GET | 200 | 143.204.214.125:80 | http://x.ss2.us/x.cer | US | der | 1.27 Kb | whitelisted |
1052 | chrome.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB039D4329A5E8.crt?54f16d6ad0295c7c | US | der | 1.36 Kb | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
1052 | chrome.exe | 142.250.186.77:443 | accounts.google.com | Google Inc. | US | suspicious |
1052 | chrome.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
1052 | chrome.exe | 72.247.185.59:80 | apps.identrust.com | Akamai International B.V. | NL | whitelisted |
1052 | chrome.exe | 172.217.17.110:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
— | — | 13.224.193.54:443 | openstax.org | — | US | malicious |
1052 | chrome.exe | 13.224.193.54:443 | openstax.org | — | US | malicious |
1052 | chrome.exe | 35.174.150.168:443 | www2.openstax.org | Amazon.com, Inc. | US | malicious |
1052 | chrome.exe | 13.225.80.92:443 | js.pulseinsights.com | — | US | unknown |
1052 | chrome.exe | 142.250.187.174:443 | www.googleoptimize.com | Google Inc. | US | whitelisted |
1052 | chrome.exe | 143.204.214.125:80 | x.ss2.us | — | US | suspicious |
DNS requests
Domain | IP | Reputation |
|---|---|---|
accounts.google.com |
| shared |
www2.openstax.org |
| malicious |
apps.identrust.com |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
openstax.org |
| whitelisted |
www.google-analytics.com |
| whitelisted |
www.googleoptimize.com |
| whitelisted |
script.crazyegg.com |
| whitelisted |
pi.pardot.com |
| whitelisted |
js.pulseinsights.com |
| whitelisted |