URL:

https://2fa.com-token-auth.com/XNlcvVys3S2V3bWIvLzljeXhqV0JsbFZINzBERHRBWGMxN0UzalZNZ3FVQjQrM3Z4UVJDWFpuMXZhVWdpVjAyN2FtQk5OSkZDOGJLZXBDSmpjZk1EaUxNR1grc3o2bk5jZk9CZFpuUmVOamk5THVkQzlsZWVvV2psM1JRdjZZR0xkbDdzZFJlbDhmemkxdnN0QjhucG9ZRFovKzBYUW16RFVwcHdTeUJpN20yK1NFMXd2OFJSN0RteFBCcGFLR3FUNW5BdVdnd3l6cGxKOVRlL21lekstLVJ

Full analysis: https://app.any.run/tasks/47b034f4-f02f-4f77-b47b-5b07cb8851a6
Verdict: Malicious activity
Analysis date: January 10, 2025, 18:40:30
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
MD5:

F636A7FF5F4F5AF7C7393B9873FA7302

SHA1:

24AF0311AC44A736DD71A19A79330D7084AC6C2C

SHA256:

0D64D3811A7CA1F789514EB304A5D5D554DCEB4899A01C34045867FACF5F6705

SSDEEP:

6:2jORXhy+TI/i4AR84P/NwdfRuHKbfJghOYTFxqHDEh+:2jORXY+TErAR9ockfJa/TFxqHDEh+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • KNOWBE4 has been detected (SURICATA)

      • msedge.exe (PID: 7172)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
146
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#KNOWBE4 msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
8
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF296d1a.TMPbinary
MD5:D0453075479429FE52D8FB780A7DA8E9
SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\fdbfdb55-af1f-435f-8455-c4773041643a.tmpbinary
MD5:75C045943884AA96F4017F266E4B2BE1
SHA256:1F6085D0A5CBAB0EBCB8E0714FAD4280A9A5F4A95E9F16F3A40C0D49B2187710
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fcbinary
MD5:311F1298863858C8334BD7A8A0E34014
SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\a7573f51-791b-4c1b-b6b0-8eea382e770f.tmpbinary
MD5:60819D52FAC599AB696A7CFD3B2FD724
SHA256:38F679D6AC7E5566835AF66ACA18664A52CD90BB31FD29E5E1906796B892D3A5
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecuritybinary
MD5:60819D52FAC599AB696A7CFD3B2FD724
SHA256:38F679D6AC7E5566835AF66ACA18664A52CD90BB31FD29E5E1906796B892D3A5
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent Statebinary
MD5:75C045943884AA96F4017F266E4B2BE1
SHA256:1F6085D0A5CBAB0EBCB8E0714FAD4280A9A5F4A95E9F16F3A40C0D49B2187710
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF29525e.TMPbinary
MD5:D2615E0C4F6C46045EDB3EAA0ACE252A
SHA256:48EFA073914F67BCCE305DECBC121BE7FA6D343982BE00A666B4C5FB6A30A7A9
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fbbinary
MD5:D17B5A55EC9D8608C1D2B531CCB6DE88
SHA256:DC2A3600C7CDFAEA40DB03757D6915D67518215DB51397C8A5BB3F132AE89A49
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
59
TCP/UDP connections
27
DNS requests
28
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
18.155.153.74:443
https://2fa.com-token-auth.com/favicon.ico
unknown
GET
302
23.52.120.96:443
https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18
unknown
3024
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d
unknown
whitelisted
3024
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fd0b3f36-5596-4351-a52a-324d9881c330?P1=1737015153&P2=404&P3=2&P4=ee7p6oLWzv%2b47iSZjoWDY2%2bFF4cvGGXsF4EZG6QJ3PmrnsyNpgJvZrEo3CBxXP4DU%2fR93Ylee%2fwvFsnh7imSKA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
239.255.255.250:1900
unknown
3580
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3080
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4708
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4668
msedge.exe
224.0.0.251:5353
unknown
7172
msedge.exe
35.169.9.104:443
2fa.com-token-auth.com
AMAZON-AES
US
suspicious
7172
msedge.exe
13.107.246.45:443
xpaywalletcdn.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4708
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7172
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7172
msedge.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 40.127.240.158
unknown
google.com
  • 142.250.185.238
unknown
2fa.com-token-auth.com
  • 35.169.9.104
  • 54.161.180.244
  • 54.87.176.87
  • 3.231.74.234
  • 34.193.6.123
  • 34.195.197.181
unknown
xpaywalletcdn.azureedge.net
  • 13.107.246.45
unknown
go.microsoft.com
  • 23.35.238.131
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
unknown
msedge.b.tlu.dl.delivery.mp.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
  • 23.50.131.24
  • 23.50.131.30
unknown
www.bing.com
  • 92.123.104.38
  • 92.123.104.31
  • 92.123.104.62
  • 92.123.104.33
  • 92.123.104.34
  • 92.123.104.32
unknown

Threats

PID
Process
Class
Message
Misc activity
ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (com-token-auth .com)
No debug info