Malware analysis https://track.pstmrk.it/3s/gamma.app/JjV-/Qia9AQ/AQ/89998c6f-6f2f-48ef-988b-2c71a9f4b078/1/JFTYCTDiR- Malicious activity

Add for printing

URL:	https://track.pstmrk.it/3s/gamma.app/JjV-/Qia9AQ/AQ/89998c6f-6f2f-48ef-988b-2c71a9f4b078/1/JFTYCTDiR-
Full analysis:	https://app.any.run/tasks/22f68cc6-d922-4de7-9817-5a712e02d25f
Verdict:	Malicious activity
Analysis date:	May 10, 2025, 01:06:37
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	phishing
MD5:	55F79D963305BC6B350BE498B0FDF914
SHA1:	C47A903FC2C0AE502EF065DC1EB6F0C538D3048E
SHA256:	17BF9132522F55CDF1FD0AE9A2811444D7BB5080A0E19ED89B92BC5ED133E0C9
SSDEEP:	3:N8fv83WnEV9Bd0dmIcdFqGSdyyyNv:2n8OE1d0AhdF9ScyyNv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

148

Monitored processes

1

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
1396	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2372,i,8504447382059928769,14367336096275567116,262144 --variations-seed-version /prefetch:3	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe		msedge.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

45

Text files

13

Unknown types

0

Dropped files

PID	Process	Filename		Type
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1		binary
		MD5:764B65B8EAF71782F3B389974BE9EA7E	SHA256:4D127F796E8889D049DA1719E0C1EB38A5D76E1F48B785B0A2811E941490BC0C
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3		binary
		MD5:0806F2DFF681C394B6CA341D5AA6572E	SHA256:86F876127D7F6EC4015FA945AE3F318A915F6CFE1D75E26C239093C0C918DC9D
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb		compressed
		MD5:10B84D6DDEFB33D0D3F0615CA3E91C5A	SHA256:C69A6E50A300D39721F9AE8FC5B40600DD90093F65E3A4650C9540C58C071144
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c6		binary
		MD5:671E5511F5F667E1102B5C1E04D4190A	SHA256:1E654302AF010F94C994F3980F582B7748E727771C6492A7EEB14BB400D8DC2A
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000be		binary
		MD5:C5D7E80F7C76F707B76846A20B28907C	SHA256:1F482A1F82A4A00C308A9DAFC7B40E043B7180ADB2D1468297167FC9DFCE695F
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\f8d1aa49-2914-4dfc-bc6b-f1d6a63e7ad4.tmp		binary
		MD5:3140CB797498137E330D3CAE1AD5970A	SHA256:B4C87E65FB18FF2E4028E934653089C7DE70D854E7D861D9A1063189C5212119
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bd		binary
		MD5:AB632DA2E04EA311E078D0456E185873	SHA256:63E996CE464BC817E49F5116FA2A1B2A2CA25340768E92157EEE4E889C7C8A90
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2		binary
		MD5:0C3E693586754A02975071A720746336	SHA256:2C608D956FB5138EF176B125E04E3E4961799E92C2928DFFCD9BA05BBF812565
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c8		binary
		MD5:BEAA20C255BE9E38AEBF09A31D3CBFAE	SHA256:F064B90551FD55D59A4DBE39C5ECF461D60B8D7D0EE9B4364B652B9ED21E9CBC
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c7		binary
		MD5:6DB9016B26D4FEB8960AC1495477E9D6	SHA256:63C688633C5DA0872B180A311760ED4A16353B67BA643A75AFC22F15BE87E9F5

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

67

TCP/UDP connections

48

DNS requests

67

Threats

11

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	302	3.130.226.128:443	https://track.pstmrk.it/3s/gamma.app/JjV-/Qia9AQ/AQ/89998c6f-6f2f-48ef-988b-2c71a9f4b078/1/JFTYCTDiR-	unknown	—	—	—
—	—	GET	302	3.13.46.171:443	https://track.pstmrk.it/3s/gamma.app/JjV-/Qia9AQ/AQ/89998c6f-6f2f-48ef-988b-2c71a9f4b078/1/JFTYCTDiR-	unknown	—	—	—
4940	RUXIMICS.exe	GET	200	23.48.23.143:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
3080	MoUsoCoreWorker.exe	GET	200	23.48.23.143:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
468	svchost.exe	GET	200	23.48.23.143:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
4940	RUXIMICS.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
3080	MoUsoCoreWorker.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
468	svchost.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	POST	200	20.190.160.17:443	https://login.live.com/RST2.srf	unknown	xml	1.24 Kb	whitelisted
—	—	POST	400	20.190.160.17:443	https://login.live.com/ppsecure/deviceaddcredential.srf	unknown	text	203 b	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	239.255.255.250:1900	—	—	—	whitelisted
4940	RUXIMICS.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
3080	MoUsoCoreWorker.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
468	svchost.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1396	msedge.exe	54.155.60.93:443	track.pstmrk.it	AMAZON-02	IE	shared
7040	svchost.exe	40.126.31.69:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1396	msedge.exe	104.18.10.200:443	gamma.app	CLOUDFLARENET	—	suspicious
4940	RUXIMICS.exe	23.48.23.143:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
3080	MoUsoCoreWorker.exe	23.48.23.143:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
468	svchost.exe	23.48.23.143:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	4.231.128.59 51.104.136.2	whitelisted
google.com	216.58.206.46	whitelisted
track.pstmrk.it	54.155.60.93 52.18.252.197 54.154.85.144	shared
login.live.com	40.126.31.69 20.190.159.4 20.190.159.131 40.126.31.3 40.126.31.73 20.190.159.23 20.190.159.2 40.126.31.2	whitelisted
gamma.app	104.18.10.200 104.18.11.200	unknown
crl.microsoft.com	23.48.23.143 23.48.23.156 23.48.23.166	whitelisted
www.microsoft.com	184.30.21.171	whitelisted
go.microsoft.com	184.30.18.9	whitelisted
www.bing.com	104.126.37.128 104.126.37.139 104.126.37.123 104.126.37.130 104.126.37.131 104.126.37.136 104.126.37.145	whitelisted
challenges.cloudflare.com	104.18.95.41 104.18.94.41	whitelisted

Threats

PID	Process	Class	Message
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Not Suspicious Traffic	INFO [ANY.RUN] An application monitoring request to sentry .io
—	—	Not Suspicious Traffic	INFO [ANY.RUN] An application monitoring request to sentry .io

Add for printing

No debug info

General Info

https://track.pstmrk.it/3s/gamma.app/JjV-/Qia9AQ/AQ/89998c6f-6f2f-48ef-988b-2c71a9f4b078/1/JFTYCTDiR-

55F79D963305BC6B350BE498B0FDF914

C47A903FC2C0AE502EF065DC1EB6F0C538D3048E

17BF9132522F55CDF1FD0AE9A2811444D7BB5080A0E19ED89B92BC5ED133E0C9

3:N8fv83WnEV9Bd0dmIcdFqGSdyyyNv:2n8OE1d0AhdF9ScyyNv

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings