URL:

loginmicrosoft.jabboskitchen.com/cache/css?email=pricing.ro%40scangl.com

Full analysis: https://app.any.run/tasks/0cd83563-b2c0-4e11-916e-55d47357f123
Verdict: Malicious activity
Analysis date: January 10, 2025, 23:49:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
Indicators:
MD5:

AB26F7C1F6FC1AA1C089E277A5C7D1F7

SHA1:

A2A2ADDCFE1400DFE473AB281C718432965CF1C9

SHA256:

3716C97CD3325BFB3A7A5E4F0CFECEA95F4470C9DDFE547020D2D561F8D00B03

SSDEEP:

3:PutALLd2ELKBWatlSXMbslUSI:Pug0qPVXMbsK7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7172)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
173
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
26
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecuritybinary
MD5:C8EEB1A492140EA45D69A6DF6219CE2A
SHA256:BEE45F785D51C4EA004CC542453BED4DA0811478519AEF494570952AF06804D9
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\e2918dd3-f9d7-4b70-9281-4dda0b90a91d.tmpbinary
MD5:F56B2B0A20F5B0BAB8BC19A2D9D445F6
SHA256:39B558794C8848BE34310D70B3B09176D94C3BDB7C987B711273213EA9B4532E
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent Statebinary
MD5:F56B2B0A20F5B0BAB8BC19A2D9D445F6
SHA256:39B558794C8848BE34310D70B3B09176D94C3BDB7C987B711273213EA9B4532E
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fbbinary
MD5:D17B5A55EC9D8608C1D2B531CCB6DE88
SHA256:DC2A3600C7CDFAEA40DB03757D6915D67518215DB51397C8A5BB3F132AE89A49
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\105df924-ba63-4569-8058-636a97a6ac87.tmpbinary
MD5:47FDBE402734D1E24F9F4811C2BAC5D9
SHA256:EC12FF71E5258E02CD07D914C255698430B10A4FB0A8B308E978FC52238ACF43
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\bec167fb-d84a-4a31-93ed-112d9009f666.tmpbinary
MD5:2467A1A456298E4FE374ECE984AE2E51
SHA256:6F778F0620574DBB86F3F6145B4EA20076DB65B961D1631B09CD228197F71C9B
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\e793eef2-1ad9-447c-a445-1a53adb08534.tmpbinary
MD5:C8EEB1A492140EA45D69A6DF6219CE2A
SHA256:BEE45F785D51C4EA004CC542453BED4DA0811478519AEF494570952AF06804D9
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2a5c8b.TMPbinary
MD5:5CAF7F89A0226D22CB7512D1E13470F4
SHA256:663959930259B05045E80A9B720E08B70584EAFDC6EFD2D2A530752594570F8F
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF29552d.TMPbinary
MD5:D0453075479429FE52D8FB780A7DA8E9
SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fcbinary
MD5:311F1298863858C8334BD7A8A0E34014
SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
104
TCP/UDP connections
71
DNS requests
76
Threats
24

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
307
192.185.129.84:443
https://loginmicrosoft.jabboskitchen.com/cache/css/?email=pricing.ro%40scangl.com
unknown
GET
302
184.30.21.171:443
https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18
unknown
GET
302
104.18.95.41:443
https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
unknown
GET
302
104.18.94.41:443
https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
unknown
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d
unknown
whitelisted
3024
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fd0b3f36-5596-4351-a52a-324d9881c330?P1=1737015365&P2=404&P3=2&P4=aZC%2frSYwuzk11bA8DXogbhCKAgenI6yg6OLasQGrWaQZhwZPhhfwp59GJlJKhtEz0KVinmGFjy6ZISdH7Uy9Og%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
239.255.255.250:1900
unknown
5248
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5840
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3080
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4668
msedge.exe
224.0.0.251:5353
unknown
7172
msedge.exe
192.185.129.84:443
loginmicrosoft.jabboskitchen.com
UNIFIEDLAYER-AS-1
US
unknown
7172
msedge.exe
172.66.47.63:443
loginmicrosoftonlineklo.pages.dev
shared
7172
msedge.exe
104.18.94.41:443
challenges.cloudflare.com
whitelisted
7172
msedge.exe
13.107.246.45:443
xpaywalletcdn.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5248
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
unknown
google.com
  • 172.217.18.110
unknown
loginmicrosoft.jabboskitchen.com
  • 192.185.129.84
unknown
loginmicrosoftonlineklo.pages.dev
  • 172.66.47.63
  • 172.66.44.193
unknown
challenges.cloudflare.com
  • 104.18.94.41
  • 104.18.95.41
unknown
xpaywalletcdn.azureedge.net
  • 13.107.246.45
unknown
go.microsoft.com
  • 2.23.242.9
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
unknown
msedge.b.tlu.dl.delivery.mp.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
  • 217.20.57.21
  • 217.20.57.25
  • 217.20.57.24
  • 84.201.210.22
  • 84.201.210.35
  • 217.20.57.43
  • 217.20.57.40
  • 84.201.210.19
  • 23.32.238.99
  • 23.32.238.121
  • 23.32.238.105
  • 217.20.57.39
  • 84.201.210.20
  • 217.20.57.41
  • 84.201.210.34
  • 84.201.210.21
  • 84.201.210.37
  • 2.16.168.112
  • 2.16.168.108
unknown
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
  • 104.126.37.123
  • 104.126.37.131
  • 104.126.37.139
  • 104.126.37.145
  • 104.126.37.163
  • 104.126.37.128
unknown

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev)
Misc activity
ET INFO DNS Query to Cloudflare Page Developer Domain (pages .dev)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (loginmicrosoftonlineklo .pages .dev)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (loginmicrosoftonlineklo .pages .dev)
Misc activity
ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain chain identified as Phishing (challengepages)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain chain identified as Phishing (challengepages)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
No debug info