analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/9dbc704c-6dd9-4004-a644-a25d1ebd5fd6
Verdict: Malicious activity
Analysis date: July 13, 2020, 05:27:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, Non-ISO extended-ASCII text, with very long lines, with CRLF, LF line terminators
MD5:

66014229F10B30072BAB4D6F078EF2B5

SHA1:

FEFC00C26181BE3C77A67BCA799A51666C1DD8A6

SHA256:

B30F841DD1A116500CF68E8CF2C15041342EE7F83A4C5EAE2CC2DF6B45BF4446

SSDEEP:

384:x97Ru66oOgLAQS6PtCSImDiLauMkWTuHoeKu317hgLPqx:xxfXCSImDiLa7fuWch

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2820)

  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 2392)

    • Application launched itself

      • iexplore.exe (PID: 2136)
      • chrome.exe (PID: 2820)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2136)

    • Changes internet zones settings

      • iexplore.exe (PID: 2136)

    • Manual execution by user

      • chrome.exe (PID: 2820)

    • Reads the hosts file

      • chrome.exe (PID: 2820)
      • chrome.exe (PID: 3316)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3316)
      • iexplore.exe (PID: 2392)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2392)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

Title: Literotica - 100% free sex stories, erotic audio, adult fiction with wifeslut, bdsm, etc!
HTTPEquivXUACompatible: IE=7
ContentType: text/html; charset=iso-8859-1
Description: Literotica free sex stories, erotic fiction and adult audio. Wifeslut, bdsm, xxx, fetish, mature, and free sexual fantasies. Porn storys updated daily! Story submissions accepted.
Keywords: sex stories, erotic fiction, adult, free, sexy, literotica, literotic, chat, storys, wifeslut, erotica, sexual, real audio, xxx, porno, porn, romance, text, fantasies, poetry
Pragma: no-cache
referrer: origin
googleSiteVerification: k2K6jLh8YJkmWurNFzUf2SkFHcRK6Cgcvq2sAfgOEl0
PicsLabel: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l gen true for "http://literotica.com" r (n 2 s 3 v 2 l 3 oa 2 ob 2 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 3) gen true for "http://www.literotica.com" r (n 2 s 3 v 2 l 3 oa 2 ob 2 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 3))
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
88
Monitored processes
53
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2136"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2392"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2136 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2820"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
660"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ee0a9d0,0x6ee0a9e0,0x6ee0a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3376"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2520 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2628"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1004,6516374284440118409,4881533335300310440,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=2877628487452359436 --mojo-platform-channel-handle=1020 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3316"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,6516374284440118409,4881533335300310440,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=8645673776617895147 --mojo-platform-channel-handle=1656 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3264"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,6516374284440118409,4881533335300310440,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4715105826088298547 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3808"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,6516374284440118409,4881533335300310440,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10378898740031685582 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,6516374284440118409,4881533335300310440,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6240520359128537247 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
5 510
Read events
1 468
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
95
Text files
350
Unknown types
9

Dropped files

PID
Process
Filename
Type
2136iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2136iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF0815F79CD465E731.TMP
MD5:
SHA256:
2136iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF37219DB1EF560244.TMP
MD5:
SHA256:
2136iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFE02A207AE42ED611.TMP
MD5:
SHA256:
2136iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{869989C3-C4C9-11EA-B03F-5254004A04AF}.dat
MD5:
SHA256:
2136iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF851FD33FEF6A1AD6.TMP
MD5:
SHA256:
2820chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F0BF0C7-B04.pma
MD5:
SHA256:
2820chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9c194163-1a51-4dcb-81b2-99389bfb3e06.tmp
MD5:
SHA256:
2820chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp
MD5:
SHA256:
2820chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF27f261.TMPtext
MD5:F69C20D5B552B8D973FB1CBA5FDD7D87
SHA256:48799968D50E2D74E625A0AB18E93C6792AF20010334C6BB4E935C8D26F7026A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
43
TCP/UDP connections
129
DNS requests
83
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3316
chrome.exe
GET
301
216.150.65.200:80
http://literotica.com/nfo/piwik.js
US
whitelisted
3316
chrome.exe
GET
200
74.125.4.203:80
http://r5---sn-aigzrner.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvY2Y1QUFXUjZlVjI5UldyLVpDTFJFcEx6QQ/7719.805.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=Nf&mip=185.217.117.48&mm=28&mn=sn-aigzrner&ms=nvh&mt=1594617976&mv=m&mvi=5&pl=24&shardbypass=yes
US
crx
823 Kb
whitelisted
3316
chrome.exe
GET
200
74.125.4.166:80
http://r1---sn-aigzrne7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=QJ&mip=185.217.117.48&mm=28&mn=sn-aigzrne7&ms=nvh&mt=1594617976&mv=m&mvi=1&pl=24&shardbypass=yes
US
crx
293 Kb
whitelisted
3316
chrome.exe
GET
302
99.192.154.195:80
http://bdsmcafe.com/favicon.ico
US
html
227 b
unknown
3316
chrome.exe
GET
200
69.16.175.42:80
http://cdnp.kink.com/kd/41496_DB_300x250.jpg
US
image
76.0 Kb
malicious
3316
chrome.exe
GET
302
172.217.23.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
520 b
whitelisted
3316
chrome.exe
GET
200
205.234.175.105:80
http://images.mrskincash.com/mrskin/halfpage/imx2/03.gif
US
image
2.23 Kb
unknown
3316
chrome.exe
GET
200
50.87.150.205:80
http://smokingstories.net/banner.js
US
text
321 b
unknown
3316
chrome.exe
GET
200
216.150.65.190:80
http://www.literotica.com/
US
html
34.6 Kb
whitelisted
3316
chrome.exe
GET
302
172.217.23.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvY2Y1QUFXUjZlVjI5UldyLVpDTFJFcEx6QQ/7719.805.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
525 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3316
chrome.exe
172.217.16.195:443
www.google.com.ua
Google Inc.
US
whitelisted
2136
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3316
chrome.exe
216.58.207.35:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3316
chrome.exe
216.58.208.42:443
fonts.googleapis.com
Google Inc.
US
whitelisted
4
System
216.150.65.200:445
literotica.com
Access Integrated Technologies, Inc.
US
unknown
216.150.65.200:137
literotica.com
Access Integrated Technologies, Inc.
US
unknown
4
System
216.150.65.190:445
literotica.com
Access Integrated Technologies, Inc.
US
unknown
2392
iexplore.exe
62.113.194.2:443
speedy.literotica.com
23media GmbH
DE
malicious
3316
chrome.exe
216.58.206.13:443
accounts.google.com
Google Inc.
US
whitelisted
3316
chrome.exe
172.217.18.163:443
www.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
speedy.literotica.com
  • 62.113.194.2
malicious
literotica.com
  • 216.150.65.190
  • 216.150.65.200
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
clientservices.googleapis.com
  • 216.58.207.35
whitelisted
accounts.google.com
  • 216.58.206.13
shared
www.google.com.ua
  • 172.217.16.195
whitelisted
fonts.googleapis.com
  • 216.58.208.42
whitelisted
www.gstatic.com
  • 172.217.18.163
whitelisted
fonts.gstatic.com
  • 172.217.21.227
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY DNS Query For XXX Adult Site Top Level Domain
3316
chrome.exe
Generic Protocol Command Decode
SURICATA HTTP unable to match response to request
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html