URL:

https://www.dropbox.com/scl/fi/a8kjtopdslckfrv3d95dd/HB-8.png?rlkey=x3ik4du1dyywbw3am0bun0c24&st=hfa6y177&dl=0

Full analysis: https://app.any.run/tasks/f851daa9-2511-45bc-b70a-61f094935742
Verdict: Malicious activity
Analysis date: January 11, 2025, 00:44:49
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
qrcode
qr-redirect
MD5:

E6320317C2E08DF5535FF0120ABCC8FD

SHA1:

825BD77344F70E52B6659E95D8540024E558823F

SHA256:

8920C64F176C8513FED2F147B9BEC8830BBE4BCAD0236021B00F542F223837B5

SSDEEP:

3:N8DSLcVHGkG6ZKrpOGcYK0V9XPUpjBtCh7cRYiBhdS:2OLHk3KrgL0V1PUpjnn+iBe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Connects to unusual port

      • msedge.exe (PID: 7172)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
svchost.exe msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
2248C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
7172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
74
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100binary
MD5:88F48152F7898EB1EB2A005BC5A3F789
SHA256:7F5E3C686437B9880E89DC008DEA14F60910BCCEA70751FE24498AD3A5391B34
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000107binary
MD5:311F1298863858C8334BD7A8A0E34014
SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000101binary
MD5:88F48152F7898EB1EB2A005BC5A3F789
SHA256:7F5E3C686437B9880E89DC008DEA14F60910BCCEA70751FE24498AD3A5391B34
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fcbinary
MD5:07F24BA6D7CA12D969F9277176F29D7C
SHA256:3A2FD84C9BD4ADF777CE8ED743B47251C6490F4676F753E1F604F7462A1DCDB1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103binary
MD5:8E3E3F21D5176F890CD9F999858589B8
SHA256:3FE6527F7B1A0065A30CB44B872D0420E10F50E7BFC2E151424BE61A25E97A9D
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010dbinary
MD5:6735B2A4F451E2CE07A6FE014582D97F
SHA256:1CB7A28B9AB326A1BE342C336F68CD12305D77293FF0ACE7FB6ED87D1AD533DA
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fbbinary
MD5:7CE18B1DE10103DC5E4E376AAD138842
SHA256:7BF9F60BB70136FE28BE4C88292D9597F080DF8C908EEE6C29E0925851928310
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000febinary
MD5:4E0DE291C350F4518386D4E5B061EA2C
SHA256:1DDA90FF778C2493F4BE41EF8B174885678534B8BF7343B4FD808FFFC9CA33F1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fdbinary
MD5:07F24BA6D7CA12D969F9277176F29D7C
SHA256:3A2FD84C9BD4ADF777CE8ED743B47251C6490F4676F753E1F604F7462A1DCDB1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000102binary
MD5:F38C6C36EC3879CC1F838A6DD97A8A03
SHA256:AA3A752A35E17BABF58DDFCE04EAD9D067F074D7838855DC61BA7B0487B73DE0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
205
TCP/UDP connections
90
DNS requests
82
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
162.125.72.18:443
https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fa8kjtopdslckfrv3d95dd%2FHB-8.png&request_id=be98f22e279241b8a8f6d6779b22984b&time=1736556298
unknown
GET
200
162.125.72.18:443
https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fa8kjtopdslckfrv3d95dd%2FHB-8.png&request_id=be98f22e279241b8a8f6d6779b22984b&time=1736556298
unknown
GET
200
162.125.72.18:443
https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fa8kjtopdslckfrv3d95dd%2FHB-8.png&request_id=be98f22e279241b8a8f6d6779b22984b&time=1736556298
unknown
GET
200
104.16.99.29:443
https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_data_modules_stormcrow-vflMHL-MX.js
unknown
GET
200
162.125.72.18:443
https://www.dropbox.com/scl/fi/a8kjtopdslckfrv3d95dd/HB-8.png?rlkey=x3ik4du1dyywbw3am0bun0c24&st=hfa6y177&dl=0
unknown
html
168 Kb
shared
GET
200
104.16.100.29:443
https://cfl.dropboxstatic.com/static/metaserver/static/css/dig/fonts-vflMHuSEC.css
unknown
text
3.40 Kb
whitelisted
GET
200
104.16.100.29:443
https://cfl.dropboxstatic.com/static/metaserver/static/css/dig-components/tokens-vfltkUjWJ.css
unknown
text
58.5 Kb
whitelisted
GET
200
104.16.99.29:443
https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_edison-vflFhVtEu.js
unknown
binary
43.2 Kb
whitelisted
GET
200
104.16.100.29:443
https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_ts_utils-vfl8TjVcK.js
unknown
binary
15.2 Kb
whitelisted
GET
200
104.16.99.29:443
https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_edison_init_edison_page-vflkXmrEC.js
unknown
binary
1.44 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6296
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
239.255.255.250:1900
whitelisted
3080
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4724
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4668
msedge.exe
224.0.0.251:5353
unknown
7172
msedge.exe
162.125.72.18:443
www.dropbox.com
DROPBOX
US
shared
7172
msedge.exe
104.16.100.29:443
cfl.dropboxstatic.com
shared
3080
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4724
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7172
msedge.exe
162.125.6.20:443
d.dropbox.com
DROPBOX
US
shared

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.206
whitelisted
www.dropbox.com
  • 162.125.72.18
  • 162.125.66.18
shared
cfl.dropboxstatic.com
  • 104.16.100.29
  • 104.16.99.29
shared
d.dropbox.com
  • 162.125.6.20
shared
go.microsoft.com
  • 23.218.210.69
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
assets.dropbox.com
  • 52.222.236.76
  • 52.222.236.51
  • 52.222.236.19
  • 52.222.236.37
whitelisted
msedge.b.tlu.dl.delivery.mp.microsoft.com
  • 23.32.238.105
  • 23.32.238.152
  • 199.232.214.172
  • 199.232.210.172
  • 2.16.168.112
  • 2.16.168.108
whitelisted
xpaywalletcdn.azureedge.net
  • 13.107.246.45
whitelisted

Threats

No threats detected
No debug info