URL:

ftsonl.awwtec.co?Xi7aV=v6L1

Full analysis: https://app.any.run/tasks/4e39ebfc-4a96-499b-b3b1-50763752aa6f
Verdict: Malicious activity
Analysis date: January 10, 2025, 20:17:38
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
Indicators:
MD5:

12F343A4D2476529E888DDA329D5D50C

SHA1:

916EA7AB1A29C38904F01D8DFC3404C3C8F3ECA6

SHA256:

021D0058EEAB8CB588DACFFAB464A0F31C53DADB2EC0631E47ABF78DC837910C

SSDEEP:

3:EQFWj0MSfO:EQFbjO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7172)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
158
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
37
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fdbinary
MD5:311F1298863858C8334BD7A8A0E34014
SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fbcompressed
MD5:938D86F1EB9D52FC36E2B827F269199D
SHA256:8EF910EB39AF6B70A78A7921787F03366E1A1F5EC30046B08D7B814A24EB946F
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000105compressed
MD5:5CB54DB2B8CCBFCAD4D109768810A549
SHA256:3A9B86FDD8E02BE572495DCEAD4789B911E5075FB31A101B1FD7DB587CD74E5E
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100compressed
MD5:CA9E4686E278B752E1DEC522D6830B1F
SHA256:B36086821F07E11041FC44B05D2CAFE3FB756633E72B07DA453C28BD4735ED26
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ffcompressed
MD5:D79B35CCF8E6AF6714EB612714349097
SHA256:C8459799169B81FDAB64D028A9EBB058EA2D0AD5FEB33A11F6A45A54A5CCC365
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\4469ceca-5935-4fc1-8ad9-aa293a3c717f.tmpbinary
MD5:D2E34367B291404D9D4296A3E1579DF4
SHA256:E16B6344F0A3F7DE42DE0345FDF177DDC0C51299CD0CB991BD2BFC2440764DBF
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecuritybinary
MD5:D2E34367B291404D9D4296A3E1579DF4
SHA256:E16B6344F0A3F7DE42DE0345FDF177DDC0C51299CD0CB991BD2BFC2440764DBF
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF296da6.TMPbinary
MD5:D0453075479429FE52D8FB780A7DA8E9
SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000106compressed
MD5:6D408851E293965E7F032B6ACE305ACD
SHA256:C34B920BE4E070093DAE32B00A5CC177C80D18D4EAE7C694BE1C3C799D856048
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103compressed
MD5:6D408851E293965E7F032B6ACE305ACD
SHA256:C34B920BE4E070093DAE32B00A5CC177C80D18D4EAE7C694BE1C3C799D856048
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
106
TCP/UDP connections
85
DNS requests
79
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
302
184.30.21.171:443
https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18
unknown
GET
404
172.236.243.90:443
https://ftsonl.awwtec.co/favicon.ico
unknown
GET
200
216.58.206.68:443
https://www.google.com/recaptcha/api.js
unknown
binary
870 b
whitelisted
GET
200
172.236.243.90:443
https://ftsonl.awwtec.co/?Xi7aV=v6L1
unknown
html
174 Kb
3024
svchost.exe
HEAD
200
146.75.122.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736814451&P2=404&P3=2&P4=PL6v7T9cucAXp4hV10DLJGfUJc%2bvniauGyhhX2f9qPiz5MnB2k4eV7y0rdcy0ZlP3ppTIpcM8su2TUGnxbTO5g%3d%3d
unknown
whitelisted
GET
200
172.236.243.90:443
https://ftsonl.awwtec.co/?Xi7aV=v6L1
unknown
3024
svchost.exe
GET
206
146.75.122.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736814451&P2=404&P3=2&P4=PL6v7T9cucAXp4hV10DLJGfUJc%2bvniauGyhhX2f9qPiz5MnB2k4eV7y0rdcy0ZlP3ppTIpcM8su2TUGnxbTO5g%3d%3d
unknown
whitelisted
GET
200
142.250.181.227:443
https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js
unknown
binary
547 Kb
whitelisted
GET
200
204.79.197.239:443
https://edge.microsoft.com/autofillservice/v1/pages/ChRDaHJvbWUvMTIyLjAuMjM2NS41ORIZCfDzLgXw7g5-EgUNU1pHxSlWHcjxAGiryw==?alt=proto
unknown
text
20 b
whitelisted
POST
302
172.236.243.90:443
https://ftsonl.awwtec.co/?Xi7aV=v6L1
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3612
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
239.255.255.250:1900
whitelisted
3080
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2384
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
224.0.0.251:5353
unknown
7172
msedge.exe
172.236.243.90:443
ftsonl.awwtec.co
Akamai International B.V.
US
unknown
7172
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7172
msedge.exe
216.58.206.68:443
www.google.com
whitelisted
7172
msedge.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
7172
msedge.exe
104.126.37.169:443
www.bing.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.110
whitelisted
ftsonl.awwtec.co
  • 172.236.243.90
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
www.google.com
  • 216.58.206.68
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
www.bing.com
  • 104.126.37.169
  • 104.126.37.139
  • 104.126.37.146
  • 104.126.37.179
  • 104.126.37.160
  • 104.126.37.144
  • 104.126.37.154
  • 104.126.37.161
  • 104.126.37.178
  • 104.126.37.163
  • 104.126.37.155
  • 104.126.37.162
  • 104.126.37.147
  • 104.126.37.129
  • 104.126.37.171
  • 104.126.37.130
  • 104.126.37.153
  • 104.126.37.168
  • 104.126.37.131
whitelisted
www.gstatic.com
  • 142.250.181.227
whitelisted
fonts.gstatic.com
  • 172.217.16.195
whitelisted
msedge.b.tlu.dl.delivery.mp.microsoft.com
  • 146.75.122.172
  • 23.50.131.30
  • 23.50.131.24
  • 23.32.238.105
  • 23.32.238.152
  • 23.32.238.99
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected phishing domain name created with Leet (l1ve)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected phishing domain name created with Leet (l1ve)
No debug info