analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

index.html

Full analysis: https://app.any.run/tasks/8aa541e9-7a0f-4570-9d43-53d22bb81726
Verdict: Malicious activity
Threats:

Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email.

Malware Trends Tracker     >>>
Analysis date: October 20, 2020, 06:50:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
miner
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

D3BAFC03BF6529D04E7F9AC0DD3AED49

SHA1:

83DF1527B8EF69CC0EE9D1A4F4F9CEFA2FBCC68D

SHA256:

E27E5FD4EBD54568F636C69891546DCC59A3F4136FDFCCACA3009533389B682B

SSDEEP:

1536:kdgOiAEFgfRMIEIIUIwISXj9xWn0K6DmQWNwO8ZGqJtlBDwhard:AHHZVrd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • MINER was detected

      • chrome.exe (PID: 2248)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Manual execution by user

      • chrome.exe (PID: 2396)

    • Changes internet zones settings

      • iexplore.exe (PID: 964)

    • Application launched itself

      • iexplore.exe (PID: 964)
      • chrome.exe (PID: 2396)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 964)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2460)

    • Reads the hosts file

      • chrome.exe (PID: 2248)
      • chrome.exe (PID: 2396)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2248)

    • Changes settings of System certificates

      • chrome.exe (PID: 2248)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

themeColor: #11BB88
appleItunesApp: app-id=483524731
msapplicationWide310x150logo: //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-310x150.png
msapplicationSquare310x310logo: //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-310x310.png
msapplicationSquare150x150logo: //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-150x150.png
msapplicationSquare70x70logo: //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-70x70.png
msapplicationTileImage: //s.rbk.ru/v10_rbcnews_static/common/common-10.4.19/images/mstile-144x144.png
msapplicationTileColor: #ffffff
twitterCard: summary
ReplyTo: [email protected]
Keywords: новости, доллар, политика, курс, акции, облигации, нефть, рубль, евро, финансы, экономика, банк, кредит, вексель, информация, фондовый, инвестиционный, рынок, недвижимость, валюта, эмитент, комментарии, аналитика, продаж/продажа, цена, компания, товары, исследование, прогноз, индекс, рейтинг, биржа, семинар, фондовый, ПИФ, доходность, IPO, паевой
twitterImage: РБК – новости в реальном времени
twitterDescription: Главные новости политики, экономики и бизнеса, комментарии аналитиков, финансовые данные с российских и мировых биржевых систем на сайте rbc.ru.
twitterTitle: РБК – новости в реальном времени
twitterCreator: @ru_rbc
twitterSite: @ru_rbc
Copyright: «РосБизнесКонсалтинг»
Description: Последние новости России и мира на РБК. «РосБизнесКонсалтинг» — ведущая российская компания, работающая в сферах масс-медиа и информационных технологий. Самые свежие новости, главные темы дня в политике, экономике, бизнесе и жизни.
Title: Новости дня в России и мире — РБК
csrfParam: csrf_token
csrfToken: 97bc592b27a9ada2d9a4bb418ed0ebed
formatDetection: address=no
HandheldFriendly:
viewport: width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0
CacheControl: no-cache
HTTPEquivXUACompatible: IE=edge,chrome=1
ContentType: text/html; charset=utf-8
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
56
Monitored processes
20
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs #MINER chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
964"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2460"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:964 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2396"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3272"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f75a9d0,0x6f75a9e0,0x6f75a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2172"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1940 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2968"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=18411893422290071314 --mojo-platform-channel-handle=1016 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2248"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=7954858671046769657 --mojo-platform-channel-handle=1632 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1168"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11884394910118704899 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2796"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11107867235772591062 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
1788"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=952,16547744353758978579,976638741725569956,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4583677687680254058 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
1 041
Read events
889
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
46
Text files
109
Unknown types
5

Dropped files

PID
Process
Filename
Type
964iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
964iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFC71DA450A6113E34.TMP
MD5:
SHA256:
964iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF34D7377D98013E16.TMP
MD5:
SHA256:
964iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF1DFDA1C6303E4478.TMP
MD5:
SHA256:
964iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFA2100FA3A0B26965.TMP
MD5:
SHA256:
964iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{98A62629-12A0-11EB-B41E-12A9866C77DE}.dat
MD5:
SHA256:
964iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFCB6AEBB62B9B27EA.TMP
MD5:
SHA256:
2396chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F8E88E1-95C.pma
MD5:
SHA256:
2396chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\819f70a2-328a-4ae2-bac4-44957f8a4884.tmp
MD5:
SHA256:
2396chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
50
TCP/UDP connections
49
DNS requests
33
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2248
chrome.exe
GET
301
92.53.118.140:80
http://stk-pegas.ru/js/lightbox.min.js/JIM
RU
html
251 b
malicious
2248
chrome.exe
GET
200
92.53.118.140:80
http://stk-pegas.ru/img/x.png
RU
image
1.66 Kb
malicious
2248
chrome.exe
GET
200
92.53.118.140:80
http://stk-pegas.ru/
RU
html
5.41 Kb
malicious
2248
chrome.exe
GET
404
92.53.118.140:80
http://stk-pegas.ru/js/lightbox.min.js/JIM/
RU
html
559 b
malicious
2248
chrome.exe
GET
200
92.53.118.140:80
http://stk-pegas.ru/css/swiper.css?132
RU
text
3.21 Kb
malicious
964
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2248
chrome.exe
GET
200
92.53.118.140:80
http://stk-pegas.ru/js/jquery-3.1.1.min.js
RU
text
29.3 Kb
malicious
2248
chrome.exe
GET
200
92.53.118.140:80
http://stk-pegas.ru/img/phone.png
RU
image
1.16 Kb
malicious
2248
chrome.exe
GET
200
92.53.118.140:80
http://stk-pegas.ru/favicon.ico
RU
image
96 b
malicious
2248
chrome.exe
GET
200
92.53.118.140:80
http://stk-pegas.ru/css/lightbox.css
RU
text
1.00 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
964
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2248
chrome.exe
172.217.21.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
4
System
185.72.229.2:445
s.rbk.ru
Rosbusinessconsulting Cjsc
RU
unknown
2248
chrome.exe
172.217.21.237:443
accounts.google.com
Google Inc.
US
whitelisted
2248
chrome.exe
172.217.21.196:443
www.google.com
Google Inc.
US
whitelisted
185.72.229.2:137
s.rbk.ru
Rosbusinessconsulting Cjsc
RU
unknown
4
System
80.68.253.2:445
s.rbk.ru
Rosbusinessconsulting Cjsc
RU
unknown
2248
chrome.exe
142.250.74.202:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2248
chrome.exe
172.217.22.46:443
clients2.google.com
Google Inc.
US
whitelisted
2248
chrome.exe
172.217.16.195:443
fonts.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
s.rbk.ru
  • 80.68.253.2
  • 185.72.229.2
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
clientservices.googleapis.com
  • 172.217.21.195
whitelisted
accounts.google.com
  • 172.217.21.237
shared
www.google.com
  • 172.217.21.196
whitelisted
fonts.googleapis.com
  • 142.250.74.202
whitelisted
www.gstatic.com
  • 216.58.212.131
whitelisted
fonts.gstatic.com
  • 172.217.16.195
whitelisted
apis.google.com
  • 216.58.212.142
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html