analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://js.joyreactor.cc

Full analysis: https://app.any.run/tasks/8a296711-9ce6-449e-a4f1-f0543f6358c6
Verdict: Malicious activity
Analysis date: October 05, 2020, 12:00:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

598699E4B55EC9A0F290E91FF5109984

SHA1:

8331D3A3659ED68A46DD29EE748A32FFC0FAB451

SHA256:

DEE243B994C6747544AD5B9ED1B2E358986662946C239526C31348ED3F07EE10

SSDEEP:

3:N1KUle:CUle

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • software_reporter_tool.exe (PID: 1032)

  • SUSPICIOUS

    • Application launched itself

      • software_reporter_tool.exe (PID: 3804)

    • Executable content was dropped or overwritten

      • software_reporter_tool.exe (PID: 1032)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 1200)
      • software_reporter_tool.exe (PID: 1032)
      • chrome.exe (PID: 3464)

    • Loads the Task Scheduler COM API

      • software_reporter_tool.exe (PID: 3804)

    • Application launched itself

      • chrome.exe (PID: 1200)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
18
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs software_reporter_tool.exe no specs software_reporter_tool.exe no specs software_reporter_tool.exe software_reporter_tool.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1200"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://js.joyreactor.cc"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3468"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f1da9d0,0x6f1da9e0,0x6f1da9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2444"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=764 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3984"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,5045935708508578717,15450714640020682832,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7287366697239551542 --mojo-platform-channel-handle=1020 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
3464"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,5045935708508578717,15450714640020682832,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=12394078889986189628 --mojo-platform-channel-handle=1600 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2556"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,5045935708508578717,15450714640020682832,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14699518234589859948 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2620"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,5045935708508578717,15450714640020682832,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10082231880747288260 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2096"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,5045935708508578717,15450714640020682832,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17317330254781152807 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2752"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,5045935708508578717,15450714640020682832,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16471510037453070208 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
2460"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,5045935708508578717,15450714640020682832,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=11275940186109524593 --mojo-platform-channel-handle=3684 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
1 032
Read events
963
Write events
64
Delete events
5

Modification events

(PID) Process:(1200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(1200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(1200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:Key:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:1200-13246372853219875
Value:
259
(PID) Process:(1200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(1200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3228-13245745346152343
Value:
0
(PID) Process:(1200) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
7
Suspicious files
57
Text files
163
Unknown types
0

Dropped files

PID
Process
Filename
Type
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F7B0AF5-4B0.pma
MD5:
SHA256:
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
MD5:
SHA256:
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF3b760b.TMP
MD5:
SHA256:
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ced5104f-dd81-4d80-9b4d-9778b948156a.tmp
MD5:
SHA256:
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000046.dbtmp
MD5:
SHA256:
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:D55489ED6031D8B188E37B0B59F5CED3
SHA256:365B01D1B3333E366EEA50106551AAC8721156CB2572C173E2F501D8255093F4
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:D33038DC70A58F2AC0EA1823980691AE
SHA256:6EE5DB5588EB879D13CE5A0DB3CA1744079C1BE3F73959A3B900684C56061D97
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF3b75fc.TMPtext
MD5:D55489ED6031D8B188E37B0B59F5CED3
SHA256:365B01D1B3333E366EEA50106551AAC8721156CB2572C173E2F501D8255093F4
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.oldtext
MD5:3401B14F6B2624E5E44EB20FB8735443
SHA256:E32F20AE6528B8952EE2FF112DACEE4E9005868B7DAF85D3533B6F0135403875
1200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldtext
MD5:745FF98D6EB320D6A946D4C43E8D3317
SHA256:558AE8B06570B9C63A72F515E6CD288BCA67368A23E349B625D8B1B7E42E9918
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
307
TCP/UDP connections
153
DNS requests
75
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3464
chrome.exe
GET
200
159.69.47.124:80
http://img0.joyreactor.cc/pics/post/%D0%BB%D0%B8%D1%81%D1%82%D1%8C%D1%8F-%D1%83%D0%B7%D0%BE%D1%80-%D0%BC%D0%BD%D0%BE%D0%B3%D0%BE-%D1%81%D0%B2%D0%BE%D0%B1%D0%BE%D0%B4%D0%BD%D0%BE%D0%B3%D0%BE-%D0%B2%D1%80%D0%B5%D0%BC%D0%B5%D0%BD%D0%B8-6219424.jpeg
US
image
350 Kb
malicious
3464
chrome.exe
GET
200
159.69.47.124:80
http://img0.joyreactor.cc/pics/avatar/user/364900
US
image
14.3 Kb
malicious
3464
chrome.exe
GET
200
51.68.155.228:80
http://joyreactor.cc/m2/localized.ru.js?v=13
GB
text
957 b
whitelisted
3464
chrome.exe
GET
200
51.254.73.169:80
http://img10.joyreactor.cc/pics/post/%D0%B0%D1%80%D1%82-%D0%B1%D0%B0%D1%80%D1%8B%D1%88%D0%BD%D1%8F-art-Hanho-Lee-6217720.jpeg
IT
image
288 Kb
suspicious
3464
chrome.exe
GET
200
159.69.47.124:80
http://img0.joyreactor.cc/js/modules/videoGif.js
US
compressed
5.61 Kb
malicious
3464
chrome.exe
GET
200
159.69.36.218:80
http://fonts.w.tools/css?family=Open+Sans:400,700&subset=latin,cyrillic-ext&version=2
US
compressed
609 b
malicious
3464
chrome.exe
GET
200
51.68.155.228:80
http://joyreactor.cc/m2/colors.css?_=2020-10-05+15%3A00
GB
text
12.3 Kb
whitelisted
3464
chrome.exe
GET
200
159.69.47.124:80
http://img0.joyreactor.cc/pics/avatar/user/529676
US
image
1.60 Kb
malicious
3464
chrome.exe
GET
403
159.69.47.124:80
http://img0.joyreactor.cc/js/jquery.min.js?v=1
US
html
49 b
malicious
3464
chrome.exe
GET
200
159.69.36.218:80
http://fonts.w.tools/css?family=Open+Sans:400,700&subset=latin,cyrillic-ext
US
compressed
609 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3464
chrome.exe
172.217.21.237:443
accounts.google.com
Google Inc.
US
whitelisted
3464
chrome.exe
87.250.250.90:443
an.yandex.ru
YANDEX LLC
RU
whitelisted
3464
chrome.exe
159.69.47.124:80
img0.joyreactor.cc
US
unknown
3464
chrome.exe
51.68.155.228:80
js.joyreactor.cc
GB
unknown
3464
chrome.exe
159.69.36.218:80
fonts.w.tools
US
unknown
3464
chrome.exe
216.58.212.131:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3464
chrome.exe
178.154.131.217:443
yastatic.net
YANDEX LLC
RU
whitelisted
3464
chrome.exe
213.180.204.158:443
storage.mds.yandex.net
YANDEX LLC
RU
whitelisted
3464
chrome.exe
51.254.73.169:80
img10.joyreactor.cc
OVH SAS
IT
unknown
3464
chrome.exe
87.250.247.183:443
avatars.mds.yandex.net
YANDEX LLC
RU
whitelisted

DNS requests

Domain
IP
Reputation
js.joyreactor.cc
  • 51.68.155.228
unknown
clientservices.googleapis.com
  • 216.58.212.131
whitelisted
accounts.google.com
  • 172.217.21.237
shared
joyreactor.cc
  • 51.68.155.228
whitelisted
fonts.w.tools
  • 159.69.36.218
  • 88.99.87.21
  • 138.201.117.10
unknown
img0.joyreactor.cc
  • 159.69.47.124
  • 159.69.47.129
  • 88.99.87.22
unknown
an.yandex.ru
  • 87.250.250.90
  • 77.88.21.90
  • 213.180.193.90
  • 93.158.134.90
  • 213.180.204.90
whitelisted
yastatic.net
  • 178.154.131.217
  • 178.154.131.216
  • 178.154.131.215
whitelisted
storage.mds.yandex.net
  • 213.180.204.158
whitelisted
avatars.mds.yandex.net
  • 87.250.247.183
  • 87.250.247.182
  • 87.250.247.181
  • 87.250.247.184
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://js.joyreactor.cc