URL: | https://2fa.com-token-auth.com/XNlcvVys3S2V3bWIvLzljeXhqV0JsbFZINzBERHRBWGMxN0UzalZNZ3FVQjQrM3Z4UVJDWFpuMXZhVWdpVjAyN2FtQk5OSkZDOGJLZXBDSmpjZk1EaUxNR1grc3o2bk5jZk9CZFpuUmVOamk5THVkQzlsZWVvV2psM1JRdjZZR0xkbDdzZFJlbDhmemkxdnN0QjhucG9ZRFovKzBYUW16RFVwcHdTeUJpN20yK1NFMXd2OFJSN0RteFBCcGFLR3FUNW5BdVdnd3l6cGxKOVRlL21lekstLVJ |
Full analysis: | https://app.any.run/tasks/47b034f4-f02f-4f77-b47b-5b07cb8851a6 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 18:40:30 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
MD5: | F636A7FF5F4F5AF7C7393B9873FA7302 |
SHA1: | 24AF0311AC44A736DD71A19A79330D7084AC6C2C |
SHA256: | 0D64D3811A7CA1F789514EB304A5D5D554DCEB4899A01C34045867FACF5F6705 |
SSDEEP: | 6:2jORXhy+TI/i4AR84P/NwdfRuHKbfJghOYTFxqHDEh+:2jORXY+TErAR9ockfJa/TFxqHDEh+ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF296d1a.TMP | binary | |
MD5:D0453075479429FE52D8FB780A7DA8E9 | SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\fdbfdb55-af1f-435f-8455-c4773041643a.tmp | binary | |
MD5:75C045943884AA96F4017F266E4B2BE1 | SHA256:1F6085D0A5CBAB0EBCB8E0714FAD4280A9A5F4A95E9F16F3A40C0D49B2187710 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc | binary | |
MD5:311F1298863858C8334BD7A8A0E34014 | SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\a7573f51-791b-4c1b-b6b0-8eea382e770f.tmp | binary | |
MD5:60819D52FAC599AB696A7CFD3B2FD724 | SHA256:38F679D6AC7E5566835AF66ACA18664A52CD90BB31FD29E5E1906796B892D3A5 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity | binary | |
MD5:60819D52FAC599AB696A7CFD3B2FD724 | SHA256:38F679D6AC7E5566835AF66ACA18664A52CD90BB31FD29E5E1906796B892D3A5 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State | binary | |
MD5:75C045943884AA96F4017F266E4B2BE1 | SHA256:1F6085D0A5CBAB0EBCB8E0714FAD4280A9A5F4A95E9F16F3A40C0D49B2187710 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF29525e.TMP | binary | |
MD5:D2615E0C4F6C46045EDB3EAA0ACE252A | SHA256:48EFA073914F67BCCE305DECBC121BE7FA6D343982BE00A666B4C5FB6A30A7A9 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb | binary | |
MD5:D17B5A55EC9D8608C1D2B531CCB6DE88 | SHA256:DC2A3600C7CDFAEA40DB03757D6915D67518215DB51397C8A5BB3F132AE89A49 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 18.155.153.74:443 | https://2fa.com-token-auth.com/favicon.ico | unknown | — | — | — |
— | — | GET | 302 | 23.52.120.96:443 | https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18 | unknown | — | — | — |
3024 | svchost.exe | HEAD | 200 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736876664&P2=404&P3=2&P4=GDlBNGscsF1ySQA2WUhKnFIks4AA69o6XLZRmmvZFmyCk2ygY6se7MZbQfkSYnx5izHtbppLnF7PVK57hamwuQ%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | HEAD | 200 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fd0b3f36-5596-4351-a52a-324d9881c330?P1=1737015153&P2=404&P3=2&P4=ee7p6oLWzv%2b47iSZjoWDY2%2bFF4cvGGXsF4EZG6QJ3PmrnsyNpgJvZrEo3CBxXP4DU%2fR93Ylee%2fwvFsnh7imSKA%3d%3d | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 239.255.255.250:1900 | — | — | — | unknown |
3580 | RUXIMICS.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | unknown |
3080 | MoUsoCoreWorker.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | unknown |
4708 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | unknown |
4668 | msedge.exe | 224.0.0.251:5353 | — | — | — | unknown |
7172 | msedge.exe | 35.169.9.104:443 | 2fa.com-token-auth.com | AMAZON-AES | US | suspicious |
7172 | msedge.exe | 13.107.246.45:443 | xpaywalletcdn.azureedge.net | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4708 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7172 | msedge.exe | 13.107.21.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7172 | msedge.exe | 23.35.238.131:443 | go.microsoft.com | AKAMAI-AS | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| unknown |
google.com |
| unknown |
2fa.com-token-auth.com |
| unknown |
xpaywalletcdn.azureedge.net |
| unknown |
go.microsoft.com |
| unknown |
edge.microsoft.com |
| unknown |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| unknown |
www.bing.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc activity | ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (com-token-auth .com) |