File name:

download(1).zlib

Full analysis: https://app.any.run/tasks/82b2fc1d-2ceb-483b-92a8-fcdddd8b4bce
Verdict: Malicious activity
Analysis date: June 18, 2024, 06:12:58
OS: Ubuntu 22.04.2
MIME: application/zlib
File info: zlib compressed data
MD5:

56BCF91E65980D9CA8DA1636D4085ACF

SHA1:

CEA7DB7E92F770FC54DF720FFC634A7B7E504702

SHA256:

A476C312122196BA81BC1E4D53E002B4C421A22F67B894DD894BEC53211B9FFD

SSDEEP:

1536:HI0/NAPxwiGfM/T8HtCiXwt6S07ZBo4PNpvHD:HIsAPx/Z/VgwX0I6fD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes commands using command-line interpreter

      • gnome-terminal-server (PID: 12943)
      • update-notifier (PID: 13080)
      • apt (PID: 13043)

    • Reads /proc/mounts (likely used to find writable filesystems)

      • check-new-release-gtk (PID: 13082)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
325
Monitored processes
111
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
sh no specs sh no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs gnome-terminal no specs gnome-terminal.real no specs gnome-terminal-server no specs bash no specs lesspipe no specs basename no specs dash no specs dircolors no specs dirname no specs bash no specs bash no specs ls no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs ls no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs bash no specs gzip no specs bash no specs command-not-found no specs snap no specs gzip no specs sudo no specs sudo no specs apt no specs dpkg no specs dpkg no specs sh no specs snap no specs bash no specs tar no specs tar no specs bash no specs bash no specs bash no specs tar no specs bash no specs bash no specs bash no specs tar no specs bash no specs bash no specs bash no specs tar no specs bash no specs bash no specs bash no specs bash no specs bash no specs update-notifier no specs sh no specs check-new-release-gtk mv no specs dpkg no specs dpkg no specs lsb_release no specs lsb_release no specs tracker-extract-3 no specs lsb_release no specs lsb_release no specs tar no specs dbus-daemon no specs nautilus no specs tracker-extract-3 no specs gjs-console no specs file-roller no specs 7z no specs

Process information

PID
CMD
Path
Indicators
Parent process
12925sh -c "file --mime-type /home/user/Desktop/download(1)\.zlib"/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12926/bin/sh -c "DISPLAY=:0 sudo -iu user nautilus /home/user/Desktop/download(1)\.zlib "/bin/shany-guest-agent
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12927systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12928systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12929systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12930systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12931systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
1195
12932systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
213
12935/usr/bin/python3 /usr/bin/gnome-terminal/usr/bin/gnome-terminalgnome-shell
User:
user
Integrity Level:
UNKNOWN
Exit code:
1195
12938/usr/bin/gnome-terminal.real/usr/bin/gnome-terminal.realgnome-terminal
User:
user
Integrity Level:
UNKNOWN
Exit code:
1195
Executable files
0
Suspicious files
2
Text files
14
Unknown types
0

Dropped files

PID
Process
Filename
Type
13111nautilus/home/user/.local/share/nautilus/tags/meta.dbbinary
MD5:
SHA256:
13043apt/tmp/#6029335 (deleted)text
MD5:
SHA256:
13043apt/tmp/#6029359 (deleted)text
MD5:
SHA256:
13043apt/tmp/#6029364 (deleted)text
MD5:
SHA256:
13043apt/tmp/#6029378 (deleted)text
MD5:
SHA256:
13082check-new-release-gtk/tmp/#6029334 (deleted)text
MD5:
SHA256:
13082check-new-release-gtk/tmp/#6029335 (deleted)text
MD5:
SHA256:
13082check-new-release-gtk/tmp/#6029359 (deleted)text
MD5:
SHA256:
13082check-new-release-gtk/tmp/#6029364 (deleted)text
MD5:
SHA256:
13082check-new-release-gtk/tmp/#6029378 (deleted)text
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
9
DNS requests
14
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
195.181.175.16:443
odrs.gnome.org
Datacamp Limited
DE
unknown
470
avahi-daemon
224.0.0.251:5353
unknown
485
snapd
185.125.188.58:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
malicious
13082
check-new-release-gtk
91.189.91.48:443
changelogs.ubuntu.com
Canonical Group Limited
US
unknown

DNS requests

Domain
IP
Reputation
odrs.gnome.org
  • 195.181.175.16
  • 156.146.33.137
  • 156.146.33.14
  • 195.181.170.18
  • 156.146.33.141
  • 212.102.56.181
  • 212.102.56.179
  • 195.181.175.41
  • 2a02:6ea0:c700::17
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::22
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::10
  • 2a02:6ea0:c700::18
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::11
unknown
api.snapcraft.io
  • 185.125.188.58
  • 185.125.188.59
  • 185.125.188.54
  • 185.125.188.55
unknown
170.100.168.192.in-addr.arpa
unknown
connectivity-check.ubuntu.com
  • 2620:2d:4002:1::196
  • 2620:2d:4000:1::23
  • 2620:2d:4000:1::2b
  • 2620:2d:4000:1::96
  • 2620:2d:4000:1::22
  • 2620:2d:4000:1::2a
  • 2001:67c:1562::23
  • 2620:2d:4002:1::197
  • 2001:67c:1562::24
  • 2620:2d:4000:1::98
  • 2620:2d:4002:1::198
  • 2620:2d:4000:1::97
unknown
changelogs.ubuntu.com
  • 91.189.91.48
  • 185.125.190.18
  • 185.125.190.17
  • 91.189.91.49
  • 2620:2d:4000:1::2b
  • 2620:2d:4000:1::2a
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
download(1).zlib