Malware analysis https://1d700a-66d.icpage.net/analytics/click/?d=https://challenge.reliancesnv.com&h=a3525bb1b3&p=1&l=152&n=45555&f=44a11c4222585b76db1490ce1bba86b0 Malicious activity

Add for printing

URL:	https://1d700a-66d.icpage.net/analytics/click/?d=https://challenge.reliancesnv.com&h=a3525bb1b3&p=1&l=152&n=45555&f=44a11c4222585b76db1490ce1bba86b0
Full analysis:	https://app.any.run/tasks/a32ff4ab-6133-41d4-8e0c-d154ce80b3d6
Verdict:	Malicious activity
Analysis date:	April 15, 2025, 18:50:26
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	phishing
MD5:	FC7B7F93F9483E7C13A8A64897815604
SHA1:	E8E0EA7617F783F17D216A03BC15A89CB5CC2BAD
SHA256:	0DEE82E4113BB51A7068FBAD7268EF0EDB1B50B29317E82E8C9A0817FD430EA5
SSDEEP:	3:N8qiEIjUbJJXJuKDNR6fIBLX2T3jiH4CYUALB4cHHoNoPAtn:2qiEuUbvXJuoNR0IBLmTTiH4C5AlHo4C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

134

Monitored processes

0

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

No data

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

0

Text files

0

Unknown types

0

Dropped files

No data

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

16

TCP/UDP connections

31

DNS requests

23

Threats

1

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3080	MoUsoCoreWorker.exe	GET	200	2.16.253.202:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
3080	MoUsoCoreWorker.exe	GET	200	23.48.23.173:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
—	—	GET	200	2.16.183.87:443	https://challenge.reliancesnv.com/	unknown	—	—	—
2208	RUXIMICS.exe	GET	200	2.16.253.202:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	404	2.16.183.87:443	https://challenge.reliancesnv.com/files/images/Logo.png	unknown	—	—	—
—	—	GET	404	2.16.183.74:443	https://challenge.reliancesnv.com/files/images/Logo.png	unknown	—	—	—
—	—	GET	—	2.16.183.87:443	https://chase.com/	unknown	—	—	—
—	—	GET	—	2.16.183.74:443	https://chase.com/favicon.ico	unknown	—	—	—
—	—	GET	—	13.107.6.158:443	https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox	unknown	—	—	—
—	—	GET	302	104.18.38.224:443	https://1d700a-66d.icpage.net/analytics/click/?d=https://challenge.reliancesnv.com&h=a3525bb1b3&p=1&l=152&n=45555&f=44a11c4222585b76db1490ce1bba86b0	unknown	html	110 b	—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	239.255.255.250:1900	—	—	—	whitelisted
3080	MoUsoCoreWorker.exe	40.127.240.158:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
2208	RUXIMICS.exe	40.127.240.158:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
4208	svchost.exe	40.127.240.158:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
3080	MoUsoCoreWorker.exe	23.48.23.173:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
1396	msedge.exe	172.64.149.32:443	1d700a-66d.icpage.net	CLOUDFLARENET	US	unknown
3080	MoUsoCoreWorker.exe	2.16.253.202:80	www.microsoft.com	Akamai International B.V.	NL	whitelisted
2208	RUXIMICS.exe	2.16.253.202:80	www.microsoft.com	Akamai International B.V.	NL	whitelisted
1396	msedge.exe	172.234.252.95:443	challenge.reliancesnv.com	Akamai International B.V.	US	unknown
3080	MoUsoCoreWorker.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted

DNS requests

Domain	IP	Reputation
google.com	216.58.206.78	whitelisted
crl.microsoft.com	23.48.23.173 23.48.23.141 23.48.23.147 23.48.23.176 23.48.23.177	whitelisted
1d700a-66d.icpage.net	172.64.149.32 104.18.38.224	unknown
www.microsoft.com	2.16.253.202	whitelisted
challenge.reliancesnv.com	172.234.252.95	unknown
settings-win.data.microsoft.com	51.124.78.146	whitelisted
www.bing.com	2.19.96.121 2.19.96.130 2.19.96.128 2.19.96.90 2.19.96.104 2.19.96.91 2.19.96.16 2.19.96.123 2.19.96.88 2.16.241.218 2.16.241.205 2.16.241.207 2.16.241.201	whitelisted
chase.com	146.143.13.57 146.143.141.57 146.143.83.57	whitelisted
edge.microsoft.com	150.171.28.11 150.171.27.11	whitelisted
edgeassetservice.azureedge.net	13.107.246.45	whitelisted

Threats

PID	Process	Class	Message
—	—	Possible Social Engineering Attempted	ET PHISHING Javascript Browser Fingerprinting POST Request

Add for printing

No debug info

General Info

https://1d700a-66d.icpage.net/analytics/click/?d=https://challenge.reliancesnv.com&h=a3525bb1b3&p=1&l=152&n=45555&f=44a11c4222585b76db1490ce1bba86b0

FC7B7F93F9483E7C13A8A64897815604

E8E0EA7617F783F17D216A03BC15A89CB5CC2BAD

0DEE82E4113BB51A7068FBAD7268EF0EDB1B50B29317E82E8C9A0817FD430EA5

3:N8qiEIjUbJJXJuKDNR6fIBLX2T3jiH4CYUALB4cHHoNoPAtn:2qiEuUbvXJuoNR0IBLmTTiH4C5AlHo4C

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings