| URL: | pornhub.com |
| Full analysis: | https://app.any.run/tasks/0b95f550-a029-473d-a1ad-27c3147f8e2b |
| Verdict: | Malicious activity |
| Analysis date: | May 11, 2025, 23:54:42 |
| OS: | Ubuntu 22.04.2 |
| MD5: | B27193CE8E78D1C0AA8018F1ADF3692B |
| SHA1: | 5E1F4F7BAF524CADB03DBBFFDE68DC8C1EF253E3 |
| SHA256: | F451A0CE975DBD22A62BD8204A25038BA485AC621A6F2FE2C605D7F3025C7A29 |
| SSDEEP: | 3:4NS2:A3 |
MALICIOUS
No malicious indicators.SUSPICIOUS
Reads /proc/mounts (likely used to find writable filesystems)
- firefox (PID: 40652)
Check the Environment Variables Related to System Identification (os-release)
- snapctl (PID: 40702)
- firefox (PID: 40652)
- snapctl (PID: 40707)
- snapctl (PID: 40739)
- snapctl (PID: 40745)
Reads passwd file
- dumpe2fs (PID: 40681)
- dumpe2fs (PID: 40674)
Executes commands using command-line interpreter
- sudo (PID: 40651)
- firefox (PID: 40652)
INFO
Checks timezone
- dumpe2fs (PID: 40674)
- dumpe2fs (PID: 40681)
Creates file in the temporary folder
- firefox (PID: 40652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
388
Monitored processes
168
Malicious processes
0
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 40650 | /bin/sh -c "DISPLAY=:0 sudo -iu user firefox pornhub\.com " | /usr/bin/dash | — | any-guest-agent |
User: root Integrity Level: UNKNOWN | ||||
| 40651 | sudo -iu user firefox pornhub.com | /usr/bin/sudo | — | dash |
User: root Integrity Level: UNKNOWN | ||||
| 40652 | /snap/firefox/3358/usr/lib/firefox/firefox pornhub.com | /snap/firefox/3358/usr/lib/firefox/firefox | sudo | |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40653 | /usr/bin/locale-check C.UTF-8 | /usr/bin/locale-check | — | firefox |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40664 | /snap/snapd/20290/usr/lib/snapd/snap-seccomp version-info | /snap/snapd/20290/usr/lib/snapd/snap-seccomp | — | firefox |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40673 | /snap/snapd/20290/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox pornhub.com | /snap/snapd/20290/usr/lib/snapd/snap-confine | — | firefox |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40674 | dumpe2fs -h /dev/sda3 | /usr/sbin/dumpe2fs | — | udisksd |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40675 | snap-update-ns --from-snap-confine firefox | /snap/snapd/20290/usr/lib/snapd/snap-update-ns | — | firefox |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40681 | dumpe2fs -h /dev/sda3 | /usr/sbin/dumpe2fs | — | udisksd |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
| 40683 | snap-update-ns --from-snap-confine --user-mounts firefox | /snap/snapd/20290/usr/lib/snapd/snap-update-ns | — | firefox |
User: root Integrity Level: UNKNOWN Exit code: 0 | ||||
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report