General Information

  • Date:13.02.2020
  • Duration:0h 1m 28s
  • Sample URL:http://redirector.gvt1.com/edgedl/release2/chrome/VfaPhWLj3QqAqHb0SFsWqg_80.0.3987.106/80.0.3987.106_80.0.3987.100_chrome_updater.exe
  • Cookbook:urldownload.jbs
  • Icon:No Icon
  • Filetype:unknown

Detection

SUSPICIOUS
    • Found 1 malicious signature
    • Contacts 1 domain/IP
    • Launches 4 process
    • Drops 4 file

Signature Overview

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Contacted Public IPs

    IP Country Flag ASN ASN Name Malicious
    84.17.52.81
    United Kingdom
    60068 unknown false
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 process2 2 Behavior Graph ID: 208255 URL: http://redirector.gvt1.com/... Startdate: 13/02/2020 Architecture: WINDOWS Score: 26 5 80.0.3987.106_80.0.3987.100_chrome_updater.exe@cms_redirect=yes&mip=84.17.52.81&mm=28&mn=sn-4g5e6nze&ms=nvh&mt=1581628281&mv=m&mvi=4&pl=24&shardbypass=yes.exe 4 3 2->5         started        9 cmd.exe 2 2->9         started        dnsIp3 18 84.17.52.81 unknown United Kingdom 5->18 20 Found evasive API chain (may stop execution after checking volume information) 5->20 11 wget.exe 2 9->11         started        14 conhost.exe 9->14         started        signatures4 process5 file6 16 80.0.3987.106_80.0...=24&shardbypass=yes, PE32+ 11->16 dropped