Malware analysis http://4itailer.net/__media__/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm Malicious activity

Add for printing

URL:	http://4itailer.net/__media__/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm
Full analysis:	https://app.any.run/tasks/3035b71d-2ac3-41e2-b940-53a0809b45e5
Verdict:	Malicious activity
Analysis date:	March 01, 2024, 08:50:31
OS:	Ubuntu 22.04.2
MD5:	EB5A9B88465B8D84300BF0C5F0E21D4D
SHA1:	24C7B94E52CBAB0EDA51DC3FCCF59DCA83133EF0
SHA256:	F719BA2610C722FDF5F8D6321782AFC34F37E8BE2B451B5DCD80D53BDA956268
SSDEEP:	3:N1KyImARs9vZKLvSC2ebwOWVXCcnAekVZVRynCHiCNGI:Ch3QxXwciFCm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

312

Monitored processes

90

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
9301	/bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome \"http://4itailer\.net/__media__/js/netsoltrademark\.php?d=dinhphanadvertising\.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm\" "	/bin/sh	—	any-guest-agent
User: root Integrity Level: UNKNOWN
9302	sudo -iu user google-chrome http://4itailer.net/__media__/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm	/usr/bin/sudo	—	sh
User: root Integrity Level: UNKNOWN
9303	/usr/bin/google-chrome http://4itailer.net/__media__/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm	/opt/google/chrome/chrome	—	sudo
User: user Integrity Level: UNKNOWN
9304	/usr/bin/locale-check C.UTF-8	/usr/bin/locale-check	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
9305	readlink -f /usr/bin/google-chrome	/usr/bin/readlink	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
9306	dirname /opt/google/chrome/google-chrome	/usr/bin/dirname	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
9307	mkdir -p /home/user/.local/share/applications	/usr/bin/mkdir	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0
9308	cat	/usr/bin/cat	—	chrome
User: user Integrity Level: UNKNOWN
9309	cat	/usr/bin/cat	—	chrome
User: user Integrity Level: UNKNOWN
9310		/opt/google/chrome/chrome	—	chrome
User: user Integrity Level: UNKNOWN Exit code: 0

Add for printing

Executable files

0

Suspicious files

0

Text files

0

Unknown types

0

Dropped files

PID	Process	Filename		Type
9303	chrome	/9303/fd/63		—
		MD5:—	SHA256:—
9303	chrome	/home/user/.config/google-chrome/BrowserMetrics/BrowserMetrics-65E196DF-2457.pma		—
		MD5:—	SHA256:—
9303	chrome	/.com.google.Chrome.fRHYNw		—
		MD5:—	SHA256:—
9303	chrome	/.com.google.Chrome.JCkhhG		—
		MD5:—	SHA256:—
9303	chrome	/home/user/.config/google-chrome/Default/Site Characteristics Database/LOG		—
		MD5:—	SHA256:—
9303	chrome	/home/user/.config/google-chrome/Default/Local Storage/leveldb/LOG		—
		MD5:—	SHA256:—
9303	chrome	/home/user/.config/google-chrome/Default/commerce_subscription_db/LOG		—
		MD5:—	SHA256:—
9303	chrome	/home/user/.config/google-chrome/Default/discounts_db/LOG		—
		MD5:—	SHA256:—
9303	chrome	/home/user/.config/google-chrome/Default/parcel_tracking_db/LOG		—
		MD5:—	SHA256:—
9303	chrome	/home/user/.config/google-chrome/Default/chrome_cart_db/LOG		—
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

15

TCP/UDP connections

31

DNS requests

41

Threats

0

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	204	185.125.190.48:80	http://connectivity-check.ubuntu.com/	unknown	—	—	unknown
—	—	GET	204	172.217.23.110:80	http://translate.google.com/gen204?nca=te_li&client=te_lib&logld=vTE_20240227	unknown	—	—	unknown
—	—	GET	200	208.91.196.253:80	http://nine.cdn-image.com/__media__/pics/451/netsol-logo.jpg	unknown	image	909 b	unknown
—	—	GET	200	208.91.197.27:80	http://4itailer.net/__media__/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F%3Elam+bang+quang+cao+tphcm	unknown	html	4.02 Kb	unknown
—	—	GET	404	208.91.197.27:80	http://4itailer.net/favicon.ico	unknown	text	10 b	unknown
—	—	GET	204	172.217.23.110:80	http://translate.google.com/gen204?sl=auto&tl=ru&textlen=69&ttt=196&ttl=124&ttf=57&sr=1&nca=te_time&client=te_lib&logld=vTE_20240227	unknown	—	—	unknown
—	—	GET	204	172.217.23.110:80	http://translate.google.com/gen204?sl=auto&tl=en&textlen=69&ttt=129&ttl=124&ttf=57&sr=1&nca=te_time&client=te_lib&logld=vTE_20240227	unknown	—	—	unknown
—	—	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j7jnmf4vvrqt45d3wjkzh7zvem_2024.2.28.0/niikhdgajlphfehepabhhblakbdgeefj_2024.02.28.00_all_adx2g6em3a55tnq4qwtbhclqp3uq.crx3	unknown	binary	5.83 Kb	unknown
—	—	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/lmelglejhemejginpboagddgdfbepgmp/1.08e537cf045b43746488f2574b7b0b80add005f2cf6a4e690906e41b95c11591/1.1c9ef13b7a63abd8f89d0cbad98858b9e8f54fc3951160950403c72b45812d07/6ae8fdcf08abf7b8a462fc3920cb10b2dc3e94dfba24f013af9b19549fd8b744.puff	unknown	binary	2.25 Kb	unknown
—	—	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhno7gzgrjscufs6lncwmnfyp5a_8574/hfnkpimlhhgieaddgfemjhofmfblmnib_8574_all_dlmv7r3ezjl533ex3tiokuxvli.crx3	unknown	binary	26.2 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	224.0.0.251:5353	—	—	—	unknown
—	—	185.125.190.48:80	—	Canonical Group Limited	GB	unknown
—	—	91.189.91.96:80	—	Canonical Group Limited	US	unknown
—	—	239.255.255.250:1900	—	—	—	unknown
—	—	142.250.186.35:443	clientservices.googleapis.com	GOOGLE	US	unknown
—	—	66.102.1.84:443	accounts.google.com	GOOGLE	US	unknown
—	—	208.91.197.27:443	4itailer.net	CONFLUENCE-NETWORK-INC	VG	unknown
—	—	208.91.197.27:80	4itailer.net	CONFLUENCE-NETWORK-INC	VG	unknown
—	—	208.91.196.253:80	nine.cdn-image.com	CONFLUENCE-NETWORK-INC	VG	unknown
—	—	172.217.16.196:443	www.google.com	—	—	unknown

DNS requests

Domain	IP	Reputation
clientservices.googleapis.com	142.250.186.35	whitelisted
accounts.google.com	66.102.1.84	shared
4itailer.net	208.91.197.27	unknown
nine.cdn-image.com	208.91.196.253	unknown
193.100.168.192.in-addr.arpa	—	unknown
www.google.com	172.217.16.196	whitelisted
update.googleapis.com	142.250.185.195 216.58.212.163	whitelisted
optimizationguide-pa.googleapis.com	142.250.185.106 142.250.186.138 142.250.185.74 142.250.74.202 216.58.206.42 142.250.185.234 142.250.185.138 142.250.185.202 172.217.16.202 216.58.212.138 142.250.185.170 172.217.23.106 142.250.186.106 172.217.18.106 172.217.18.10 142.250.186.170	whitelisted
www.networksolutions.com	162.159.133.53 162.159.134.53	whitelisted
dinhphanadvertising.com	45.252.251.117	unknown

Threats

No threats detected

Add for printing

No debug info

General Info

http://4itailer.net/media/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm

EB5A9B88465B8D84300BF0C5F0E21D4D

24C7B94E52CBAB0EDA51DC3FCCF59DCA83133EF0

F719BA2610C722FDF5F8D6321782AFC34F37E8BE2B451B5DCD80D53BDA956268

3:N1KyImARs9vZKLvSC2ebwOWVXCcnAekVZVRynCHiCNGI:Ch3QxXwciFCm

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings