Malware analysis kisskh.co Malicious activity | ANY.RUN

Add for printing

URL:	kisskh.co
Full analysis:	https://app.any.run/tasks/824583fe-aa9e-40b6-b50d-7cc17a613038
Verdict:	Malicious activity
Analysis date:	March 25, 2026, 17:41:19
OS:	Android 14
Tags:	phishing
MD5:	D841BE4F23D554D1EA75F865A3DC4919
SHA1:	6DDC262F5F833D7D00E4A0A614D72FEDFA86D115
SHA256:	FA2C5E4C0470248DAE3E8213B14D3922DE4F3166E359F809792D8A3909C62077
SSDEEP:	3:6GK:tK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: off
Network:: on

Software preset

android (14)
android.cuttlefish.overlay (14)
android.cuttlefish.phone.overlay (14)
android.ext.services (2019-09)
android.ext.shared (1)
com.android.adservices.api (14)
com.android.apps.tag (1.1)
com.android.backupconfirm (14)
com.android.bips (14)
com.android.bluetoothmidiservice (14)
com.android.bookmarkprovider (14)
com.android.calendar (14)
com.android.calllogbackup (14)
com.android.camera2 (2.0.002)
com.android.cameraextensions (14)
com.android.captiveportallogin (14)
com.android.carrierconfig (1.0.0)
com.android.carrierdefaultapp (14)
com.android.cellbroadcastreceiver (R-initial)
com.android.cellbroadcastreceiver.module (R-initial)
com.android.cellbroadcastservice (R-initial)
com.android.certinstaller (14)
com.android.companiondevicemanager (14)
com.android.compos.payload (14)
com.android.connectivity.resources (S-initial)
com.android.connectivity.resources.cuttlefish.overlay (14)
com.android.contacts (1.7.34)
com.android.credentialmanager (14)
com.android.cts.ctsshim (14-10093150)
com.android.cts.priv.ctsshim (14-10093150)
com.android.deskclock (14)
com.android.devicelockcontroller (14)
com.android.dialer (23.0)
com.android.documentsui (14)
com.android.dreams.basic (14)
com.android.dreams.phototable (14)
com.android.dynsystem (14)
com.android.egg (1.0)
com.android.emergency (14)
com.android.ext.adservices.api (14)
com.android.externalstorage (14)
com.android.federatedcompute.services (T-initial)
com.android.gallery3d (1.1.40030)
com.android.google.gce.gceservice (14)
com.android.health.connect.backuprestore (14)
com.android.healthconnect.controller (14)
com.android.hotspot2.osulogin (14)
com.android.htmlviewer (14)
com.android.imsserviceentitlement (14)
com.android.inputdevices (14)
com.android.inputmethod.latin (14)
com.android.intentresolver (2021-11)
com.android.internal.display.cutout.emulation.corner (1.0)
com.android.internal.display.cutout.emulation.double (1.0)
com.android.internal.display.cutout.emulation.hole (1.0)
com.android.internal.display.cutout.emulation.tall (1.0)
com.android.internal.display.cutout.emulation.waterfall (1.0)
com.android.internal.systemui.navbar.gestural (1.0)
com.android.internal.systemui.navbar.gestural_extra_wide_back (1.0)
com.android.internal.systemui.navbar.gestural_narrow_back (1.0)
com.android.internal.systemui.navbar.gestural_wide_back (1.0)
com.android.internal.systemui.navbar.threebutton (1.0)
com.android.internal.systemui.navbar.transparent (1.0)
com.android.keychain (14)
com.android.launcher3 (14)
com.android.localtransport (14)
com.android.location.fused (14)
com.android.managedprovisioning (14)
com.android.messaging (1.0.001)
com.android.microdroid.empty_payload (14)
com.android.mms.service (14)
com.android.modulemetadata (14)
com.android.mtp (14)
com.android.music (14)
com.android.musicfx (1.4)
com.android.nearby.halfsheet (14)
com.android.networkstack (14)
com.android.networkstack.tethering (14)
com.android.networkstack.tethering.cuttlefishoverlay (1.0)
com.android.nfc (14)
com.android.ondevicepersonalization.services (T-initial)
com.android.ons (14)
com.android.packageinstaller (14)
com.android.pacprocessor (14)
com.android.permissioncontroller (33 system image)
com.android.phone (14)
com.android.printservice.recommendation (1.3.0)
com.android.printspooler (14)
com.android.providers.blockednumber (14)
com.android.providers.calendar (14)
com.android.providers.contacts (14)
com.android.providers.downloads (14)
com.android.providers.downloads.ui (14)
com.android.providers.media (14)
com.android.providers.media.module (14)
com.android.providers.partnerbookmarks (14)
com.android.providers.settings (14)
com.android.providers.settings.cuttlefish.overlay (14)
com.android.providers.telephony (14)
com.android.providers.userdictionary (14)
com.android.provision (14)
com.android.proxyhandler (14)
com.android.quicksearchbox (14)
com.android.rkpdapp (14)
com.android.role.notes.enabled (1.0)
com.android.safetycenter.resources (33 system image)
com.android.sdksandbox (T-initial)
com.android.se (14)
com.android.server.telecom (14)
com.android.settings (14)
com.android.settings.intelligence (14)
com.android.sharedstoragebackup (14)
com.android.shell (14)
com.android.simappdialog (14)
com.android.soundpicker (14)
com.android.statementservice (1.0)
com.android.stk (14)
com.android.storagemanager (14)
com.android.systemui (14)
com.android.systemui.accessibility.accessibilitymenu (14)
com.android.telephony.qns (14)
com.android.theme.font.notoserifsource (1.0)
com.android.traceur (1.0)
com.android.uwb.resources (T-initial)
com.android.virtualmachine.res (14)
com.android.vpndialogs (14)
com.android.wallpaper.livepicker (14)
com.android.wallpaperbackup (14)
com.android.wallpapercropper (14)
com.android.wallpaperpicker (1.0)
com.android.webview (137.0.7122.0)
com.android.wifi.dialog (14)
com.android.wifi.resources (R-initial)
com.android.wifi.resources.cf (1.0)
com.google.android.telephony.satellite (14)
org.chromium.chrome (137.0.7122.0)

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

162

Monitored processes

37

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
2788	org.chromium.chrome	/system/bin/app_process64		app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2841	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2861	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
2880	org.chromium.chrome:privileged_process0	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2902	com.android.adservices.api	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
2965	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
2988	com.android.providers.partnerbookmarks	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
3078	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
3097	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
3116	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

290

Text files

59

Unknown types

0

Dropped files

PID	Process	Filename		Type
3078	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.Y7M1Kn/list.pb		binary
		MD5:—	SHA256:—
3078	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.Y7M1Kn/manifest.json		text
		MD5:—	SHA256:—
3078	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.Y7M1Kn/LICENSE		text
		MD5:—	SHA256:—
3078	app_process64	/data/data/org.chromium.chrome/app_chrome/component_crx_cache/cab4d1f0a6a2a1afecae808a520f6690dd2b9d58bf54762877f2dc9715d55461		binary
		MD5:—	SHA256:—
3078	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.Y7M1Kn/_metadata/verified_contents.json		text
		MD5:—	SHA256:—
3097	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.unct0c/privacy-sandbox-attestations.dat		binary
		MD5:—	SHA256:—
3097	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.unct0c/manifest.json		text
		MD5:—	SHA256:—
3097	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.unct0c/_metadata/verified_contents.json		text
		MD5:—	SHA256:—
3097	app_process64	/data/data/org.chromium.chrome/app_chrome/component_crx_cache/38c89b12bb20a8f2751c9c7cd2e31c173a47af08c115e1ecccc2f5151a2cf2c6		binary
		MD5:—	SHA256:—
3116	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.UPv0dP/decoded_xz		binary
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

160

TCP/UDP connections

67

DNS requests

89

Threats

27

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2788	app_process64	OPTIONS	200	35.190.80.1:443	https://a.nel.cloudflare.com/report/v4?s=mLdmOxKPasVLViTgujLSpfebkQoHEtgJQz2s4prl9SgyGrjjCRxkTxG6l9%2Bmc%2FRhFcZxa0fNGQDtPLEQoCD17JAIG5ltOOg%3D	unknown	—	—	unknown
822	app_process64	GET	204	142.251.152.119:443	https://www.google.com/generate_204	unknown	—	—	whitelisted
2788	app_process64	OPTIONS	200	142.250.186.42:443	https://firebase.googleapis.com/v1alpha/projects/-/apps/1:769095292978:web:09148f50fdfdcc43bcc42b/webConfig	unknown	—	—	whitelisted
2788	app_process64	OPTIONS	200	172.217.16.170:443	https://firebaseinstallations.googleapis.com/v1/projects/kisskh-ddce8/installations	unknown	—	—	whitelisted
—	—	GET	204	142.251.155.119:80	http://www.google.com/gen_204	unknown	—	—	whitelisted
2788	app_process64	POST	200	142.251.127.84:443	https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&laf=b64bin&json=standard	unknown	—	—	whitelisted
2788	app_process64	GET	200	142.251.127.94:443	https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBHMdazQ.woff2	unknown	binary	33.8 Kb	whitelisted
2788	app_process64	GET	200	142.250.186.46:80	http://clients2.google.com/time/1/current?cup2key=9:WSmNzJU3vZZ1IG6lFwlyFPAewFaHnqEsAuq252w2_Pc&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855	unknown	—	—	whitelisted
2788	app_process64	GET	200	142.251.127.94:443	https://fonts.gstatic.com/s/materialicons/v143/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2	unknown	—	125 Kb	whitelisted
2788	app_process64	GET	200	104.16.79.73:443	https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516	unknown	—	30.4 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	142.251.155.119:80	www.google.com	GOOGLE	US	whitelisted
—	—	172.217.20.131:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
—	—	142.251.150.119:443	www.google.com	GOOGLE	US	whitelisted
443	mdnsd	224.0.0.251:5353	—	—	—	whitelisted
2788	app_process64	142.250.186.46:80	clients2.google.com	GOOGLE	US	whitelisted
2788	app_process64	142.251.151.119:443	www.google.com	GOOGLE	US	whitelisted
2788	app_process64	142.251.127.84:443	accounts.google.com	GOOGLE	US	whitelisted
2788	app_process64	172.67.153.104:443	kisskh.co	CLOUDFLARENET	US	whitelisted
2788	app_process64	142.251.127.94:443	fonts.gstatic.com	GOOGLE	US	whitelisted
2788	app_process64	104.16.79.73:443	static.cloudflareinsights.com	CLOUDFLARENET	US	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.251.208.174	whitelisted
www.google.com	142.251.157.119 142.251.152.119 142.251.150.119 142.251.153.119 142.251.154.119 142.251.155.119 142.251.156.119 142.251.151.119	whitelisted
clients2.google.com	142.250.186.46	whitelisted
kisskh.co	104.21.82.46 172.67.153.104	whitelisted
accounts.google.com	142.251.127.84	whitelisted
fonts.gstatic.com	142.251.127.94	whitelisted
static.cloudflareinsights.com	104.16.79.73 104.16.80.73	whitelisted
a.nel.cloudflare.com	35.190.80.1	whitelisted
load.kisskh.co	172.67.153.104 104.21.82.46	whitelisted
media.themoviedb.org	185.111.111.154 185.111.111.157	whitelisted

Threats

PID	Process	Class	Message
2788	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2788	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2788	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev)
2788	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev)
2788	app_process64	Misc activity	ET INFO DNS Query to Cloudflare Page Developer Domain (pages .dev)
822	app_process64	Misc activity	ET INFO Android Device Connectivity Check
2788	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2788	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] FireBase Web App CDN
2788	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2788	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] FireBase Web App CDN

Add for printing

No debug info

General Info

kisskh.co

D841BE4F23D554D1EA75F865A3DC4919

6DDC262F5F833D7D00E4A0A614D72FEDFA86D115

FA2C5E4C0470248DAE3E8213B14D3922DE4F3166E359F809792D8A3909C62077

3:6GK:tK

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings