| URL: | http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg |
| Full analysis: | https://app.any.run/tasks/44609fb7-75b3-4408-96cf-c70f6873a871 |
| Verdict: | Malicious activity |
| Analysis date: | February 26, 2024, 20:42:48 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MD5: | B0E8738DDD6843144A46702CB55A405B |
| SHA1: | 6A92603AA8A1891BD98BD1A25B87B5FB11B2C0A2 |
| SHA256: | 75A13533E93C4CB1E42429B95F73084AAFBC8A15870A43D717F8086033A86D0C |
| SSDEEP: | 3:N1Kag28EIVVKuV6W6Ydo:Cag2VIVdM |
MALICIOUS
No malicious indicators.SUSPICIOUS
Reads the date of Windows installation
- identity_helper.exe (PID: 4900)
INFO
Reads Microsoft Office registry keys
- msedge.exe (PID: 6088)
Reads the computer name
- identity_helper.exe (PID: 4900)
Checks supported languages
- identity_helper.exe (PID: 4900)
Checks proxy server information
- slui.exe (PID: 2784)
Process checks computer location settings
- identity_helper.exe (PID: 4900)
Reads the software policy settings
- slui.exe (PID: 2784)
Application launched itself
- msedge.exe (PID: 6088)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
175
Monitored processes
25
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 68 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5304 --field-trial-handle=2080,i,12598920320766958575,3801139492150439811,131072 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 111.0.1661.62 Modules
| |||||||||||||||
| 1740 | "C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=2080,i,12598920320766958575,3801139492150439811,131072 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\identity_helper.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: PWA Identity Proxy Host Exit code: 3221226029 Version: 111.0.1661.62 Modules
| |||||||||||||||
| 1856 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4128 --field-trial-handle=2080,i,12598920320766958575,3801139492150439811,131072 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 111.0.1661.62 Modules
| |||||||||||||||
| 2108 | C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe -Embedding | C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft OneDriveFile Co-Authoring Executable Exit code: 0 Version: 19.043.0304.0013 Modules
| |||||||||||||||
| 2224 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=876 --field-trial-handle=2080,i,12598920320766958575,3801139492150439811,131072 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 111.0.1661.62 Modules
| |||||||||||||||
| 2332 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5984 --field-trial-handle=2080,i,12598920320766958575,3801139492150439811,131072 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 111.0.1661.62 Modules
| |||||||||||||||
| 2404 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4720 --field-trial-handle=2080,i,12598920320766958575,3801139492150439811,131072 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 111.0.1661.62 Modules
| |||||||||||||||
| 2480 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3296 --field-trial-handle=2080,i,12598920320766958575,3801139492150439811,131072 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 111.0.1661.62 Modules
| |||||||||||||||
| 2784 | C:\WINDOWS\System32\slui.exe -Embedding | C:\Windows\System32\slui.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Activation Client Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 3180 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1704 --field-trial-handle=2080,i,12598920320766958575,3801139492150439811,131072 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 111.0.1661.62 Modules
| |||||||||||||||
Total events
16 500
Read events
16 419
Write events
78
Delete events
3
Modification events
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | failed_count |
Value: 0 | |||
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | state |
Value: 2 | |||
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: | |||
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: 01000000 | |||
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon |
| Operation: | write | Name: | state |
Value: 1 | |||
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} |
| Operation: | write | Name: | dr |
Value: 1 | |||
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics |
| Operation: | write | Name: | user_experience_metrics.stability.exited_cleanly |
Value: 0 | |||
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge |
| Operation: | write | Name: | UsageStatsInSample |
Value: 1 | |||
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} |
| Operation: | write | Name: | usagestats |
Value: 0 | |||
| (PID) Process: | (6088) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} |
| Operation: | write | Name: | urlstats |
Value: 0 | |||
Executable files
1
Suspicious files
17
Text files
57
Unknown types
12
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF134912.TMP | — | |
MD5:— | SHA256:— | |||
| 6088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 6088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF134922.TMP | — | |
MD5:— | SHA256:— | |||
| 6088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old | — | |
MD5:— | SHA256:— | |||
| 6088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF134951.TMP | — | |
MD5:— | SHA256:— | |||
| 6088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old | — | |
MD5:— | SHA256:— | |||
| 6088 | msedge.exe | C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\CRASHPAD\SETTINGS.DAT | binary | |
MD5:C772EC2E53FD7E48DC8CA2D21DCB19F0 | SHA256:C84C7EEA9AFE24518763A9C51B797E4246D1922659293F0B23D74AB0642EC12A | |||
| 6088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old | text | |
MD5:9B6F2C1B508CAB40F58311A51FB69DD2 | SHA256:9E6F15E7BF3C524B1D2A87C59113843B741B0FC229FE81701E15E7A3750D5525 | |||
| 6088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old | text | |
MD5:CD74D5C17693004F95115B7A411F2ABD | SHA256:C641B405EDF72CB704A0E451ECEA63D120911823BF6C3068AE0EE4C77D5B0C6E | |||
| 6088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old | text | |
MD5:069B740CF242093DB057B1653F3DECE1 | SHA256:CD75D1A28A17210B4A76FD27A89D92D4E290780C0CA09B46D985E039650269DC | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
112
TCP/UDP connections
139
DNS requests
43
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6592 | msedge.exe | GET | 404 | 45.74.19.84:80 | http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg | unknown | xml | 341 b | unknown |
6592 | msedge.exe | GET | 404 | 45.74.19.84:80 | http://45.74.19.84/favicon.ico | unknown | xml | 341 b | unknown |
— | — | POST | 404 | 49.13.77.253:443 | https://49.13.77.253/service/update2/json?cup2key=12:-raVH0dx9eMoZxN35IRSr5_ad-yENVjS0bxrTMD5USY&cup2hreq=9f2103f612744093c25fd518321ae3b2e3e8761a3b41059d9f004c9d0f9b9bec | unknown | xml | 341 b | — |
— | — | POST | 404 | 49.13.77.253:443 | https://49.13.77.253/service/update2/json?cup2key=12:vJGNngT6Jzc21ihtj9yVU9OT_4CoFG1jnwYpb_WrijE&cup2hreq=7062b3b81dba6b66e8a8ae4fa3b604cd855b083e48ae646a6dacec276bdf8656 | unknown | xml | 341 b | — |
— | — | GET | 404 | 49.13.77.253:443 | https://49.13.77.253/config/v1/Edge/111.0.1661.62?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfull=0&scpguard=0&scpfre=0&scpver=0&osarch=x86_64&osver=10.0.19044&wu=1&devicefamily=desktop&uma=0&sessionid=24&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245 | unknown | xml | 341 b | — |
— | — | GET | 404 | 49.13.77.253:443 | https://49.13.77.253/abusiveadblocking/api/v1/blocklist | unknown | xml | 341 b | — |
— | — | GET | 404 | 49.13.77.253:443 | https://49.13.77.253/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=2.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 | unknown | xml | 341 b | — |
— | — | GET | 404 | 49.13.77.253:443 | https://49.13.77.253/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest&version=4.6.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 | unknown | xml | 341 b | — |
— | — | POST | 404 | 49.13.77.253:443 | https://49.13.77.253/RST2.srf | unknown | xml | 341 b | — |
— | — | POST | 404 | 49.13.77.253:443 | https://49.13.77.253/RST2.srf | unknown | xml | 341 b | — |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
3848 | svchost.exe | 239.255.255.250:1900 | — | — | — | unknown |
6088 | msedge.exe | 239.255.255.250:1900 | — | — | — | unknown |
6592 | msedge.exe | 45.74.19.84:80 | — | — | IS | unknown |
6592 | msedge.exe | 13.107.42.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7156 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
5928 | svchost.exe | 20.190.160.20:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6896 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6592 | msedge.exe | 142.250.186.163:443 | update.googleapis.com | GOOGLE | US | whitelisted |
6592 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
config.edge.skype.com |
| whitelisted |
update.googleapis.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
edgeservices.bing.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
15.164.165.52.in-addr.arpa |
| unknown |