URL: | loginmicrosoft.jabboskitchen.com/cache/css?email=pricing.ro%40scangl.com |
Full analysis: | https://app.any.run/tasks/0cd83563-b2c0-4e11-916e-55d47357f123 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 23:49:43 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MD5: | AB26F7C1F6FC1AA1C089E277A5C7D1F7 |
SHA1: | A2A2ADDCFE1400DFE473AB281C718432965CF1C9 |
SHA256: | 3716C97CD3325BFB3A7A5E4F0CFECEA95F4470C9DDFE547020D2D561F8D00B03 |
SSDEEP: | 3:PutALLd2ELKBWatlSXMbslUSI:Pug0qPVXMbsK7 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity | binary | |
MD5:C8EEB1A492140EA45D69A6DF6219CE2A | SHA256:BEE45F785D51C4EA004CC542453BED4DA0811478519AEF494570952AF06804D9 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\e2918dd3-f9d7-4b70-9281-4dda0b90a91d.tmp | binary | |
MD5:F56B2B0A20F5B0BAB8BC19A2D9D445F6 | SHA256:39B558794C8848BE34310D70B3B09176D94C3BDB7C987B711273213EA9B4532E | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State | binary | |
MD5:F56B2B0A20F5B0BAB8BC19A2D9D445F6 | SHA256:39B558794C8848BE34310D70B3B09176D94C3BDB7C987B711273213EA9B4532E | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb | binary | |
MD5:D17B5A55EC9D8608C1D2B531CCB6DE88 | SHA256:DC2A3600C7CDFAEA40DB03757D6915D67518215DB51397C8A5BB3F132AE89A49 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\105df924-ba63-4569-8058-636a97a6ac87.tmp | binary | |
MD5:47FDBE402734D1E24F9F4811C2BAC5D9 | SHA256:EC12FF71E5258E02CD07D914C255698430B10A4FB0A8B308E978FC52238ACF43 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\bec167fb-d84a-4a31-93ed-112d9009f666.tmp | binary | |
MD5:2467A1A456298E4FE374ECE984AE2E51 | SHA256:6F778F0620574DBB86F3F6145B4EA20076DB65B961D1631B09CD228197F71C9B | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\e793eef2-1ad9-447c-a445-1a53adb08534.tmp | binary | |
MD5:C8EEB1A492140EA45D69A6DF6219CE2A | SHA256:BEE45F785D51C4EA004CC542453BED4DA0811478519AEF494570952AF06804D9 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2a5c8b.TMP | binary | |
MD5:5CAF7F89A0226D22CB7512D1E13470F4 | SHA256:663959930259B05045E80A9B720E08B70584EAFDC6EFD2D2A530752594570F8F | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF29552d.TMP | binary | |
MD5:D0453075479429FE52D8FB780A7DA8E9 | SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc | binary | |
MD5:311F1298863858C8334BD7A8A0E34014 | SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 307 | 192.185.129.84:443 | https://loginmicrosoft.jabboskitchen.com/cache/css/?email=pricing.ro%40scangl.com | unknown | — | — | — |
— | — | GET | 302 | 184.30.21.171:443 | https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18 | unknown | — | — | — |
— | — | GET | 302 | 104.18.95.41:443 | https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit | unknown | — | — | — |
— | — | GET | 302 | 104.18.94.41:443 | https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit | unknown | — | — | — |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | HEAD | 200 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.214.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fd0b3f36-5596-4351-a52a-324d9881c330?P1=1737015365&P2=404&P3=2&P4=aZC%2frSYwuzk11bA8DXogbhCKAgenI6yg6OLasQGrWaQZhwZPhhfwp59GJlJKhtEz0KVinmGFjy6ZISdH7Uy9Og%3d%3d | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 239.255.255.250:1900 | — | — | — | unknown |
5248 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
5840 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
3080 | MoUsoCoreWorker.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
4668 | msedge.exe | 224.0.0.251:5353 | — | — | — | unknown |
7172 | msedge.exe | 192.185.129.84:443 | loginmicrosoft.jabboskitchen.com | UNIFIEDLAYER-AS-1 | US | unknown |
7172 | msedge.exe | 172.66.47.63:443 | loginmicrosoftonlineklo.pages.dev | — | — | shared |
7172 | msedge.exe | 104.18.94.41:443 | challenges.cloudflare.com | — | — | whitelisted |
7172 | msedge.exe | 13.107.246.45:443 | xpaywalletcdn.azureedge.net | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5248 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| unknown |
google.com |
| unknown |
loginmicrosoft.jabboskitchen.com |
| unknown |
loginmicrosoftonlineklo.pages.dev |
| unknown |
challenges.cloudflare.com |
| unknown |
xpaywalletcdn.azureedge.net |
| unknown |
go.microsoft.com |
| unknown |
edge.microsoft.com |
| unknown |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| unknown |
www.bing.com |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev) |
— | — | Misc activity | ET INFO DNS Query to Cloudflare Page Developer Domain (pages .dev) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (loginmicrosoftonlineklo .pages .dev) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (loginmicrosoftonlineklo .pages .dev) |
— | — | Misc activity | ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Domain chain identified as Phishing (challengepages) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Domain chain identified as Phishing (challengepages) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |