URL:

https://google.co.ve/url?6q=nzl5jjgJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fs%2Fchargezero.com.br%2Fyoya%2F1rclpl8itaeqp%2FZGFsbGFzLmZlcmd1c29uQHNhc2tnYW1pbmcuY29t%C3%A3%E2%82%AC%E2%80%9A%24%24%24%C3%A3%E2%82%AC%E2%80%9A

Full analysis: https://app.any.run/tasks/7383b71c-a5d2-4708-9c07-27f72f909047
Verdict: Malicious activity
Analysis date: December 13, 2024, 19:34:37
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
Indicators:
MD5:

BE1EB947434D0CDE91445EB9F2713C9E

SHA1:

ED3CDF23C62E0FB230F16084B10B1093F27777D6

SHA256:

16510371DD8713C6876D539BF308DAED9FD2011C4E00EFD549540B7C2B3190D6

SSDEEP:

6:2LuJLQkBQRtMqfP0omWC067BAvAgIq1B9BxAvAgIqV:2yjgfP0Tp0iVxq1fVxqV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 4792)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
130
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
4792"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2604 --field-trial-handle=2320,i,16194277592197507296,15814343983252007256,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
4
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\faac86a9-c44e-42c3-9741-dc099810d66c.tmp
MD5:
SHA256:
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
MD5:
SHA256:
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2b6466.TMPbinary
MD5:15D26FA4E16467BE658F42074AC0DBAA
SHA256:D287407BD901A32E3F38F4392984507184D596C3694FAA69DD0B2E68F9F3A8FE
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\57f6ff6c-d9c8-45c9-8af8-1e7994821e7d.tmpbinary
MD5:78B67A8F48883E307647D6C843E997D5
SHA256:FB4BE9AF27C349A9E09C13063CB0DD6A0B3B37C005E3D1C2C3412FD9B72277F2
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2c4b6a.TMPbinary
MD5:2A21453795942FD88CBB06714604B9FD
SHA256:5DFE0384325B556EE4B8668E502312B9BA6ADC298CD9213DDFA528CB959ADC06
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecuritybinary
MD5:D2775E31E5F9E2D1D5E81A38B61270D6
SHA256:3C575B72926AC4338C9F9FFBBA3580CAD91DBF96C78A27C2BF5AA17B4EB8C35C
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000batss
MD5:22EE8D6641B5322770CDE9BD6DB99EE7
SHA256:BCEE69FA3B0A6D7C425DE90AEBB56EB5EC73864B90EA868A5D6D63867920E550
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
35
DNS requests
21
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4304
MoUsoCoreWorker.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5968
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6440
RUXIMICS.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
HEAD
200
23.35.236.109:443
https://fs.microsoft.com/fs/windows/config.json
unknown
2856
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
2856
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
6440
RUXIMICS.exe
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5968
svchost.exe
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2856
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
2856
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.251:5353
unknown
6440
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4304
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5968
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4792
msedge.exe
51.11.192.49:443
MICROSOFT-CORP-MSN-AS-BLOCK
FR
unknown
5988
svchost.exe
239.255.255.250:1900
whitelisted
4792
msedge.exe
142.250.186.131:443
google.co.ve
GOOGLE
US
whitelisted
5968
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4792
msedge.exe
142.250.186.99:443
www.google.co.ve
GOOGLE
US
whitelisted
4304
MoUsoCoreWorker.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.106.86.13
whitelisted
google.com
  • 142.250.185.78
whitelisted
google.co.ve
  • 142.250.186.131
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.google.co.ve
  • 142.250.186.99
whitelisted
www.microsoft.com
  • 23.218.209.163
  • 88.221.169.152
whitelisted
chargezero.com.br
  • 191.252.138.177
unknown
fs.microsoft.com
  • 184.28.90.27
whitelisted
www.bing.com
  • 2.23.209.149
  • 2.23.209.179
  • 2.23.209.185
  • 2.23.209.176
  • 2.23.209.182
  • 2.23.209.133
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.130
  • 2.23.209.189
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (chargezero .com .br)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (chargezero .com .br)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (chargezero .com .br)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (chargezero .com .br)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://google.co.ve/url?6q=nzl5jjgJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fs%2Fchargezero.com.br%2Fyoya%2F1rclpl8itaeqp%2FZGFsbGFzLmZlcmd1c29uQHNhc2tnYW1pbmcuY29t%C3%A3%E2%82%AC%E2%80%9A%24%24%24%C3%A3%E2%82%AC%E2%80%9A