analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.vedelem.hu/js/clearbox/language/hu/cb_language.js

Full analysis: https://app.any.run/tasks/014a21d9-9e97-4676-943d-a21ee069fd60
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: November 08, 2018, 09:30:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
Indicators:
MD5:

C909F5A19B15F33F379AF7DC5D69BED5

SHA1:

B4005B26A23B55C60B1F4DFC7BAA5B5479AF8D85

SHA256:

94C25E03A406171292614FBC6B697AADD37D90415E0C6DF57075371B28F6A27B

SSDEEP:

3:N1KJS4MBeOUUbKdSE3rvNQKREL/uu:Cc4MZUxQsi2u

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes scripts

      • iexplore.exe (PID: 3380)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3380)
      • chrome.exe (PID: 3524)

    • Creates files in the user directory

      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 3380)

    • Changes internet zones settings

      • iexplore.exe (PID: 3380)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3380)
      • iexplore.exe (PID: 3888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
13
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wscript.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3380"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3888"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3380 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2572"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\cb_language[1].js" C:\Windows\System32\WScript.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
3524"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
68.0.3440.106
1340"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x702800b0,0x702800c0,0x702800ccC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
68.0.3440.106
3680"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3772 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
68.0.3440.106
3004"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=EFCCED319F48F9CAAB98E13280277DD1 --mojo-platform-channel-handle=996 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Version:
68.0.3440.106
3668"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --service-pipe-token=DA7CBF501825333E6F0FBE2FF86E445C --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=DA7CBF501825333E6F0FBE2FF86E445C --renderer-client-id=5 --mojo-platform-channel-handle=1896 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Version:
68.0.3440.106
2284"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --service-pipe-token=530C2677A0AFBCC2E4C63126070F2331 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=530C2677A0AFBCC2E4C63126070F2331 --renderer-client-id=3 --mojo-platform-channel-handle=2064 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
3024"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,14690554535684963839,2631031720700613190,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=087DC6590E59EF5A38B1D932AD22B054 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=087DC6590E59EF5A38B1D932AD22B054 --renderer-client-id=6 --mojo-platform-channel-handle=3588 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Total events
776
Read events
685
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
46
Text files
84
Unknown types
4

Dropped files

PID
Process
Filename
Type
3380iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF4F73782A16502DBD.TMP
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFC80990DE45FA8C7F.TMP
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{026FCCC7-E339-11E8-9C83-5254004AAD11}.dat
MD5:
SHA256:
3380iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\cb_language[1].jstext
MD5:C0EA5ECD5CE2BB549347C7C6FE59160E
SHA256:C1B64649F62F77271762D333E181ECF551FC22DAB0E7C3D8482452B89EEA214A
3524chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF1882f6.TMPtext
MD5:92BE6B127E72365885AD4C3FB6534EE2
SHA256:54302A2573ACC775720E7DB0AD85873276713302B4F72596A8DCC44B01C70E51
3888iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018110820181109\index.datdat
MD5:C61EC1091971197B9DFD330F85AF6584
SHA256:72CC76A06000DCBB09A7CF6206EB1DF7CB105A4BB32649739FB653144595607B
3380iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{026FCCC8-E339-11E8-9C83-5254004AAD11}.datbinary
MD5:43BB0B482786E37FF99D8C3F5AE01CFA
SHA256:1075629F1A6AAB00D23CB32283B70BEE0247FBC86A5C22D6A08969D9425B080E
3888iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.logtext
MD5:6258A186520456A953FF72EF43119394
SHA256:E824C679D966E25D379862B14FF6075EFBD7CFABDBAFBFD8316A5B11D6D0337C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
35
DNS requests
48
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3888
iexplore.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/js/clearbox/language/hu/cb_language.js
HU
text
952 b
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/js/clearbox/language/hu/cb_language.js
HU
text
952 b
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/js/clearbox/config/default/cb_style.css
HU
text
1.57 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/css/style.css?refresh=1044466
HU
text
2.88 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/css/submenu.css
HU
text
393 b
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/images/hirdetok/hirdeto_1.gif
HU
image
36.6 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/js/clearbox.js
HU
html
810 b
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/js/clearbox/config/default/cb_config.js
HU
text
2.54 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/
HU
html
7.74 Kb
suspicious
3524
chrome.exe
GET
200
212.52.180.120:80
http://www.vedelem.hu/images/hirdetok/hirdeto_18.gif
HU
image
74.6 Kb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
iexplore.exe
212.52.180.120:80
www.vedelem.hu
INTEGRITY Informatics Ltd.
HU
suspicious
3380
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3524
chrome.exe
172.217.168.4:443
www.google.com
Google Inc.
US
whitelisted
3524
chrome.exe
172.217.168.74:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3524
chrome.exe
212.52.180.120:80
www.vedelem.hu
INTEGRITY Informatics Ltd.
HU
suspicious
3524
chrome.exe
172.217.168.78:443
apis.google.com
Google Inc.
US
whitelisted
3524
chrome.exe
172.217.168.42:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
3524
chrome.exe
172.217.168.67:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3524
chrome.exe
81.4.122.193:80
track.positiverefreshment.org
RouteLabel V.O.F.
NL
malicious
3524
chrome.exe
209.197.3.15:80
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
www.vedelem.hu
  • 212.52.180.120
suspicious
clientservices.googleapis.com
  • 172.217.168.67
whitelisted
www.gstatic.com
  • 172.217.168.3
whitelisted
www.google.de
  • 216.58.215.227
whitelisted
safebrowsing.googleapis.com
  • 172.217.168.42
whitelisted
accounts.google.com
  • 172.217.168.77
shared
ssl.gstatic.com
  • 172.217.168.67
whitelisted
apis.google.com
  • 172.217.168.78
whitelisted
www.google.com
  • 172.217.168.4
whitelisted

Threats

PID
Process
Class
Message
3524
chrome.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER FakeUpdates campaign, Chtonic banker/NetSupport RAT delivering, stage 2 of 3
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.vedelem.hu/js/clearbox/language/hu/cb_language.js