URL:

https://screenshare.pics/03LFO7.png

Full analysis: https://app.any.run/tasks/d660f404-9cfc-45f0-b352-08c9dda6cb17
Verdict: Malicious activity
Analysis date: June 10, 2024, 17:39:19
OS: Ubuntu 22.04.2
Indicators:
MD5:

8660DEC04ED4D42F83014D1FE8FCA244

SHA1:

0963DE1A0B81CC1E760348B58177F3BFEE590FD8

SHA256:

EEA937D6DAE1ED4B7A104CE8F6645199DE899A4D457A6DC174CF27E345FDD62C

SSDEEP:

3:N8Lo+aM1PLCn:2lH1PLC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
222
Monitored processes
8
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
systemctl no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs sh no specs sudo no specs

Process information

PID
CMD
Path
Indicators
Parent process
12451systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12452systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12453systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12454systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12455systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12456systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12457/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome https://screenshare\.pics/03LFO7\.png "/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
12458sudo -iu user google-chrome https://screenshare.pics/03LFO7.png/usr/bin/sudosh
User:
root
Integrity Level:
UNKNOWN
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
54
DNS requests
60
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.188.58:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
470
avahi-daemon
224.0.0.251:5353
unknown
485
snapd
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
malicious
485
snapd
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
239.255.255.250:1900
unknown
74.125.133.84:443
accounts.google.com
unknown

DNS requests

Domain
IP
Reputation
api.snapcraft.io
  • 185.125.188.58
  • 185.125.188.54
  • 185.125.188.55
  • 185.125.188.59
unknown
49.100.168.192.in-addr.arpa
unknown
clientservices.googleapis.com
  • 142.250.186.67
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.250.74.202
  • 142.250.186.74
  • 142.250.184.202
  • 142.250.186.106
  • 142.250.185.74
  • 142.250.184.234
  • 172.217.18.10
  • 172.217.23.106
  • 142.250.185.106
  • 142.250.186.138
  • 142.250.186.170
  • 142.250.186.42
  • 172.217.16.202
  • 142.250.181.234
  • 216.58.206.74
  • 216.58.212.138
unknown
screenshare.pics
  • 52.173.151.229
unknown
google-ohttp-relay-safebrowsing.fastly-edge.com
  • 151.101.1.91
  • 151.101.129.91
  • 151.101.65.91
  • 151.101.193.91
unknown
accounts.google.com
  • 74.125.133.84
shared
grabify.world
  • 188.114.97.3
  • 188.114.96.3
unknown
grabify.link
  • 104.26.9.202
  • 172.67.68.246
  • 104.26.8.202
unknown
static.cloudflareinsights.com
  • 104.16.80.73
  • 104.16.79.73
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://screenshare.pics/03LFO7.png