URL:

http://www.vedelem.hu/js/clearbox/language/hu/cb_language.js

Full analysis: https://app.any.run/tasks/014a21d9-9e97-4676-943d-a21ee069fd60
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: November 08, 2018, 09:30:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
Indicators:
MD5:

C909F5A19B15F33F379AF7DC5D69BED5

SHA1:

B4005B26A23B55C60B1F4DFC7BAA5B5479AF8D85

SHA256:

94C25E03A406171292614FBC6B697AADD37D90415E0C6DF57075371B28F6A27B

SSDEEP:

3:N1KJS4MBeOUUbKdSE3rvNQKREL/uu:Cc4MZUxQsi2u

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes scripts

      • iexplore.exe (PID: 3380)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 3380)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 3380)

    • Application launched itself

      • iexplore.exe (PID: 3380)
      • chrome.exe (PID: 3524)

    • Creates files in the user directory

      • iexplore.exe (PID: 3380)
      • iexplore.exe (PID: 3888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
13
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wscript.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1340"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x702800b0,0x702800c0,0x702800ccC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2284"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --service-pipe-token=530C2677A0AFBCC2E4C63126070F2331 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=530C2677A0AFBCC2E4C63126070F2331 --renderer-client-id=3 --mojo-platform-channel-handle=2064 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2536"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=9E21FB03FFC2FF6130028AB2835682A4 --mojo-platform-channel-handle=3304 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2572"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\cb_language[1].js" C:\Windows\System32\WScript.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
2832"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=83CA0D45671F96A4858F2BE0FD0C93EA --mojo-platform-channel-handle=3820 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3004"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=EFCCED319F48F9CAAB98E13280277DD1 --mojo-platform-channel-handle=996 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3024"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=087DC6590E59EF5A38B1D932AD22B054 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=087DC6590E59EF5A38B1D932AD22B054 --renderer-client-id=6 --mojo-platform-channel-handle=3588 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3380"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3416"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=BA1D284472A04A891857926305CF318A --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=BA1D284472A04A891857926305CF318A --renderer-client-id=9 --mojo-platform-channel-handle=3796 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3524"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
776
Read events
685
Write events
84
Delete events
7

Modification events

(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{026FCCC7-E339-11E8-9C83-5254004AAD11}
Value:
0
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
3
(PID) Process:(3380) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E2070B000400080009001F000400B901
Executable files
0
Suspicious files
46
Text files
84
Unknown types
4

Dropped files

PID
Process
Filename
Type
3380iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF4F73782A16502DBD.TMP
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFC80990DE45FA8C7F.TMP
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{026FCCC7-E339-11E8-9C83-5254004AAD11}.dat
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\cb_language[1].jstext
MD5:
SHA256:
3888iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.logtext
MD5:
SHA256:
3524chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.oldtext
MD5:
SHA256:
3524chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ef77b915-16b9-4c8d-9865-600ed00e331c.tmp
MD5:
SHA256:
3524chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
35
DNS requests
48
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3888
iexplore.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/js/clearbox/language/hu/cb_language.js
HU
text
952 b
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/css/submenu.css
HU
text
393 b
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/js/clearbox/config/default/cb_config.js
HU
text
2.54 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/
HU
html
7.74 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/images/hirdetok/hirdeto_3.gif
HU
image
24.0 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/css/style.css?refresh=1044466
HU
text
2.88 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/images/hirdetok/hirdeto_1.gif
HU
image
36.6 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/js/clearbox/core/cb_core.js
HU
text
16.2 Kb
suspicious
3524
chrome.exe
GET
200
37.139.11.147:80
http://chs03.cookie-script.com/s/aa34d60d19b9dbea2c4b96c24cc64464.js
NL
text
4.11 Kb
unknown
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/js/clearbox/language/hu/cb_language.js
HU
text
952 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3380
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3888
iexplore.exe
212.52.180.120:80
www.vedelem.hu
INTEGRITY Informatics Ltd.
HU
suspicious
3524
chrome.exe
216.58.215.227:443
www.google.de
Google Inc.
US
whitelisted
3524
chrome.exe
172.217.168.42:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
3524
chrome.exe
172.217.168.67:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3524
chrome.exe
172.217.168.4:443
www.google.com
Google Inc.
US
whitelisted
3524
chrome.exe
172.217.168.74:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3524
chrome.exe
209.197.3.15:80
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
3524
chrome.exe
212.52.180.120:80
www.vedelem.hu
INTEGRITY Informatics Ltd.
HU
suspicious
3524
chrome.exe
37.139.11.147:80
chs03.cookie-script.com
Digital Ocean, Inc.
NL
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
www.vedelem.hu
  • 212.52.180.120
suspicious
clientservices.googleapis.com
  • 172.217.168.67
whitelisted
www.gstatic.com
  • 172.217.168.3
whitelisted
www.google.de
  • 216.58.215.227
whitelisted
safebrowsing.googleapis.com
  • 172.217.168.42
whitelisted
accounts.google.com
  • 172.217.168.77
shared
ssl.gstatic.com
  • 172.217.168.67
whitelisted
apis.google.com
  • 172.217.168.78
whitelisted
www.google.com
  • 172.217.168.4
malicious

Threats

PID
Process
Class
Message
3524
chrome.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER FakeUpdates campaign, Chtonic banker/NetSupport RAT delivering, stage 2 of 3
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.vedelem.hu/js/clearbox/language/hu/cb_language.js