analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://u248251.ct.sendgrid.net/wf/click?upn=qCnAvm5V77PH7i2s80uSlYvcv2Iv7r8uru2ocqtGdOhnhnvkPEG8UPrnwlNWwo8LTxvUz9DlRz8e0Xe44pKCbBK36xk-2FUtovo05SYNn-2BzURP6TgV1bKNyxbymoVhpLmO_lMNERjmtflUziQ1SZtxyYoOhBpunE572tm3BMpf518Zo0oholpo34Pe8bwXEVfFkhDjaR1eeE45-2FjmToe1YmbmbjYa-2FlZE311-2B0C8ZVZ-2BrgdxOsDYtxPhhVBh-2BNu4UBBlaqIaqBG3JeuDPlxxppeEeC-2FCEpMngEIxtx9u0J6ES-2Bgtk1J5-2B8WXh55NLCFDxF04Q-2BmMEUosipTJSSM-2Fd5kNdrYBkbNxXHt53YHEqxSFTY-3D

Full analysis: https://app.any.run/tasks/907a49c6-0fb6-46e6-b4c7-71372edbf05a
Verdict: Malicious activity
Analysis date: October 14, 2019, 15:47:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

16C1A39BACA7074CEB5D7A0D136E42E0

SHA1:

3A9A9C86E0C03EDF3BF6BC08D1CF14F200D50112

SHA256:

D3290B9A072DAF6F8FDF5818072C0CB939C75BD26EF8D042BBB9B44F4DC90031

SSDEEP:

12:2ADS1mtaiorzzIq4BC84N4QXVcbb1tFSfG:2m+Ov4z8BmVcPZ/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2548)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 3908)
      • chrome.exe (PID: 2548)

    • Application launched itself

      • chrome.exe (PID: 2548)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
29
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2548"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u248251.ct.sendgrid.net/wf/click?upn=qCnAvm5V77PH7i2s80uSlYvcv2Iv7r8uru2ocqtGdOhnhnvkPEG8UPrnwlNWwo8LTxvUz9DlRz8e0Xe44pKCbBK36xk-2FUtovo05SYNn-2BzURP6TgV1bKNyxbymoVhpLmO_lMNERjmtflUziQ1SZtxyYoOhBpunE572tm3BMpf518Zo0oholpo34Pe8bwXEVfFkhDjaR1eeE45-2FjmToe1YmbmbjYa-2FlZE311-2B0C8ZVZ-2BrgdxOsDYtxPhhVBh-2BNu4UBBlaqIaqBG3JeuDPlxxppeEeC-2FCEpMngEIxtx9u0J6ES-2Bgtk1J5-2B8WXh55NLCFDxF04Q-2BmMEUosipTJSSM-2Fd5kNdrYBkbNxXHt53YHEqxSFTY-3D"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2148"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6d90a9d0,0x6d90a9e0,0x6d90a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
392"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2528 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3888"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=976,13414990043362372438,13216414154305691942,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=1850328733013791868 --mojo-platform-channel-handle=1004 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3908"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,13414990043362372438,13216414154305691942,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=10834858996197924596 --mojo-platform-channel-handle=1552 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3096"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,13414990043362372438,13216414154305691942,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13001051774309975812 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2388"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,13414990043362372438,13216414154305691942,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=664981320859985302 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2188"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,13414990043362372438,13216414154305691942,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1354921937960909984 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
892"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,13414990043362372438,13216414154305691942,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12607518332603657953 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2556"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,13414990043362372438,13216414154305691942,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11882972812765806857 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
Total events
625
Read events
524
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
42
Text files
245
Unknown types
12

Dropped files

PID
Process
Filename
Type
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
MD5:
SHA256:
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
MD5:
SHA256:
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
MD5:
SHA256:
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF39bd20.TMP
MD5:
SHA256:
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF39bd40.TMP
MD5:
SHA256:
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\1a34a455-220c-4bf1-8fb7-6856f591a135.tmp
MD5:
SHA256:
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
MD5:
SHA256:
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
MD5:
SHA256:
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2548chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
71
DNS requests
47
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3908
chrome.exe
GET
200
74.125.100.137:80
http://r3---sn-5hnedn7e.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mip=37.48.118.41&mm=28&mn=sn-5hnedn7e&ms=nvh&mt=1571067771&mv=u&mvi=2&pl=23&shardbypass=yes
US
crx
293 Kb
whitelisted
3908
chrome.exe
GET
302
216.58.208.46:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
513 b
whitelisted
3908
chrome.exe
GET
302
216.58.208.46:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
508 b
whitelisted
3908
chrome.exe
GET
301
159.122.219.52:80
http://sendgrid.com/invalidlink
US
html
178 b
whitelisted
3908
chrome.exe
GET
200
172.217.132.7:80
http://r2---sn-5hne6nsd.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=37.48.118.41&mm=28&mn=sn-5hne6nsd&ms=nvh&mt=1571067771&mv=u&mvi=1&pl=23&shardbypass=yes
US
crx
862 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3908
chrome.exe
172.217.23.170:443
ajax.googleapis.com
Google Inc.
US
whitelisted
3908
chrome.exe
159.122.219.52:80
sendgrid.com
SoftLayer Technologies Inc.
US
unknown
3908
chrome.exe
23.210.249.30:443
cdn.optimizely.com
Akamai International B.V.
NL
whitelisted
3908
chrome.exe
159.122.219.52:443
sendgrid.com
SoftLayer Technologies Inc.
US
unknown
3908
chrome.exe
172.217.16.132:443
www.google.com
Google Inc.
US
whitelisted
3908
chrome.exe
172.217.18.163:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3908
chrome.exe
167.89.115.54:443
u248251.ct.sendgrid.net
SendGrid, Inc.
US
suspicious
3908
chrome.exe
216.58.207.45:443
accounts.google.com
Google Inc.
US
whitelisted
3908
chrome.exe
35.170.167.242:443
logx.optimizely.com
Amazon.com, Inc.
US
unknown
3908
chrome.exe
104.17.74.206:443
ahoy.sendgrid.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
u248251.ct.sendgrid.net
  • 167.89.115.54
  • 167.89.123.16
malicious
clientservices.googleapis.com
  • 172.217.18.163
whitelisted
accounts.google.com
  • 216.58.207.45
shared
www.google.com
  • 172.217.16.132
whitelisted
sendgrid.com
  • 159.122.219.52
  • 159.122.219.40
whitelisted
ajax.googleapis.com
  • 172.217.23.170
  • 172.217.21.202
  • 172.217.22.10
  • 172.217.18.170
  • 216.58.206.10
  • 172.217.23.106
  • 216.58.207.42
  • 216.58.207.74
  • 172.217.16.170
  • 216.58.208.42
  • 172.217.16.138
  • 172.217.22.74
  • 172.217.22.106
  • 216.58.210.10
  • 172.217.16.202
whitelisted
cdn.optimizely.com
  • 23.210.249.30
whitelisted
ahoy.sendgrid.com
  • 104.17.74.206
  • 104.17.72.206
  • 104.17.70.206
  • 104.17.73.206
  • 104.17.71.206
suspicious
logx.optimizely.com
  • 35.170.167.242
  • 34.235.99.62
  • 35.170.225.210
  • 52.200.144.250
  • 34.236.9.207
  • 35.169.20.199
  • 52.1.169.165
  • 35.169.87.121
whitelisted
cdn.segment.com
  • 13.33.100.63
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://u248251.ct.sendgrid.net/wf/click?upn=qCnAvm5V77PH7i2s80uSlYvcv2Iv7r8uru2ocqtGdOhnhnvkPEG8UPrnwlNWwo8LTxvUz9DlRz8e0Xe44pKCbBK36xk-2FUtovo05SYNn-2BzURP6TgV1bKNyxbymoVhpLmO_lMNERjmtflUziQ1SZtxyYoOhBpunE572tm3BMpf518Zo0oholpo34Pe8bwXEVfFkhDjaR1eeE45-2FjmToe1YmbmbjYa-2FlZE311-2B0C8ZVZ-2BrgdxOsDYtxPhhVBh-2BNu4UBBlaqIaqBG3JeuDPlxxppeEeC-2FCEpMngEIxtx9u0J6ES-2Bgtk1J5-2B8WXh55NLCFDxF04Q-2BmMEUosipTJSSM-2Fd5kNdrYBkbNxXHt53YHEqxSFTY-3D