analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://linkojager.org/212b3d4039ab5319ec.js

Full analysis: https://app.any.run/tasks/fbeca28e-19be-43ba-ab29-5840be44efd8
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Analysis date: March 30, 2020, 22:12:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
Indicators:
MD5:

0070EB099F8C5FC08A57F02270136D8C

SHA1:

1F0B4E022284CC64B94CEAB8542D689670CA3B4C

SHA256:

CF212B8D08B54D3A2D4FA3AFA32386A8DE2EAE0AC0249C98017D001A9B9CCFA1

SSDEEP:

3:N8MLuL+XCKEGBzWcIen:2M6L+5EGBzWcXn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3932)
  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1740)
      • iexplore.exe (PID: 3364)
    • Changes internet zones settings

      • iexplore.exe (PID: 1740)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3364)
    • Manual execution by user

      • chrome.exe (PID: 3932)
    • Reads the hosts file

      • chrome.exe (PID: 3932)
      • chrome.exe (PID: 536)
    • Application launched itself

      • chrome.exe (PID: 3932)
    • Creates files in the user directory

      • iexplore.exe (PID: 1740)
    • Reads settings of System Certificates

      • chrome.exe (PID: 536)
      • iexplore.exe (PID: 1740)
    • Changes settings of System certificates

      • iexplore.exe (PID: 1740)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
33
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1740"C:\Program Files\Internet Explorer\iexplore.exe" https://linkojager.org/212b3d4039ab5319ec.jsC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3364"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1740 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3932"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2860"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ebaa9d0,0x6ebaa9e0,0x6ebaa9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3288"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1928 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3500"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,6985871248590847949,18103513423961261946,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=13440877448169470499 --mojo-platform-channel-handle=992 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
536"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,6985871248590847949,18103513423961261946,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=11326648252351862447 --mojo-platform-channel-handle=1600 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3844"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,6985871248590847949,18103513423961261946,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2893673480767333380 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2616"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,6985871248590847949,18103513423961261946,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12093344337370999544 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3492"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,6985871248590847949,18103513423961261946,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8351833089003937370 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
8 751
Read events
1 909
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
49
Text files
231
Unknown types
11

Dropped files

PID
Process
Filename
Type
3364iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab79BC.tmp
MD5:
SHA256:
3364iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar79BD.tmp
MD5:
SHA256:
1740iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3932chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5E826EFC-F5C.pma
MD5:
SHA256:
3364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E86DA130A7782137E5AC27E57A258031binary
MD5:67A910E1A2681F7048A62C58C89CB5E2
SHA256:8829915071E470DD1D2CE89782538F892EFA2296FAFEDE1442E1D6B41544548C
3364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08binary
MD5:6013B94C54593ABAFBC410EF7B4AAFEA
SHA256:83097BFC829D6B016AB4F6DA06AC7A7D510D07A3965CB43E7EC1A879EA2065F3
3364iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:9C79052CD4702AB47E3269B42E873AC7
SHA256:27174FF21A72F50A2731A7454133B29C2397AA53ABD8848C6FED36A36F0E25EE
3364iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08der
MD5:BA4F3F81467A3DC2332CC7BF45A0EAEF
SHA256:B4F18425C72D033A765C4780C426223318B19AFA3699EC7880302E7FD24B4230
3364iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\httpErrorPagesScripts[1]text
MD5:3F57B781CB3EF114DD0B665151571B7B
SHA256:46E019FA34465F4ED096A9665D1827B54553931AD82E98BE01EDB1DDBC94D3AD
3364iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\errorPageStrings[1]text
MD5:E3E4A98353F119B80B323302F26B78FA
SHA256:9466D620DC57835A2475F8F71E304F54AEE7160E134BA160BAAE0F19E5E71E66
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
44
DNS requests
33
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
536
chrome.exe
GET
200
173.194.184.11:80
http://r5---sn-p5qs7nel.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=QJ&mip=85.203.20.11&mm=28&mn=sn-p5qs7nel&ms=nvh&mt=1585606333&mv=m&mvi=4&pl=24&shardbypass=yes
US
crx
293 Kb
whitelisted
1740
iexplore.exe
GET
200
72.21.91.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
536
chrome.exe
GET
302
172.217.23.142:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
518 b
whitelisted
536
chrome.exe
GET
302
172.217.23.142:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
523 b
whitelisted
3364
iexplore.exe
GET
304
2.21.242.245:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgQT4nP0HEfv6tJkDrFTrHxDkQ%3D%3D
NL
der
527 b
whitelisted
3364
iexplore.exe
GET
200
2.21.242.197:80
http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
NL
der
1.37 Kb
whitelisted
3364
iexplore.exe
GET
200
2.21.242.245:80
http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgQT4nP0HEfv6tJkDrFTrHxDkQ%3D%3D
NL
der
527 b
whitelisted
1740
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
536
chrome.exe
GET
200
173.194.184.105:80
http://r3---sn-p5qs7nek.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=bs&mip=85.203.20.11&mm=28&mn=sn-p5qs7nek&ms=nvh&mt=1585606333&mv=m&mvi=2&pl=24&shardbypass=yes
US
crx
862 Kb
whitelisted
1052
svchost.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
US
der
781 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
536
chrome.exe
172.217.21.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
536
chrome.exe
216.58.208.35:443
www.gstatic.com
Google Inc.
US
whitelisted
536
chrome.exe
172.217.18.164:443
www.google.com
Google Inc.
US
whitelisted
536
chrome.exe
216.58.210.3:443
www.google.com.ua
Google Inc.
US
whitelisted
536
chrome.exe
216.58.210.10:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3364
iexplore.exe
2.21.242.197:80
isrg.trustid.ocsp.identrust.com
Akamai International B.V.
NL
whitelisted
1740
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1740
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
536
chrome.exe
172.217.16.173:443
accounts.google.com
Google Inc.
US
whitelisted
3364
iexplore.exe
172.241.69.4:443
linkojager.org
NL
malicious

DNS requests

Domain
IP
Reputation
linkojager.org
  • 172.217.23.163
  • 23.111.228.4
  • 172.241.69.20
  • 172.241.69.28
  • 64.58.121.60
  • 23.111.228.220
  • 64.58.126.236
  • 172.241.69.4
whitelisted
isrg.trustid.ocsp.identrust.com
  • 2.21.242.197
  • 2.21.242.187
whitelisted
ocsp.int-x3.letsencrypt.org
  • 2.21.242.245
  • 2.21.242.204
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
clientservices.googleapis.com
  • 172.217.21.195
whitelisted
accounts.google.com
  • 172.217.16.173
shared

Threats

PID
Process
Class
Message
3364
iexplore.exe
A Network Trojan was detected
ET TROJAN Observed Malicious SSL Cert (MonetizUs/LNKR)
3364
iexplore.exe
A Network Trojan was detected
ET TROJAN Observed Malicious SSL Cert (MonetizUs/LNKR)
536
chrome.exe
A Network Trojan was detected
ET TROJAN Observed Malicious SSL Cert (MonetizUs/LNKR)
536
chrome.exe
A Network Trojan was detected
ET TROJAN Observed Malicious SSL Cert (MonetizUs/LNKR)
No debug info