URL: | https://www.dropbox.com/scl/fi/a8kjtopdslckfrv3d95dd/HB-8.png?rlkey=x3ik4du1dyywbw3am0bun0c24&st=hfa6y177&dl=0 |
Full analysis: | https://app.any.run/tasks/f851daa9-2511-45bc-b70a-61f094935742 |
Verdict: | Malicious activity |
Analysis date: | January 11, 2025, 00:44:49 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
MD5: | E6320317C2E08DF5535FF0120ABCC8FD |
SHA1: | 825BD77344F70E52B6659E95D8540024E558823F |
SHA256: | 8920C64F176C8513FED2F147B9BEC8830BBE4BCAD0236021B00F542F223837B5 |
SSDEEP: | 3:N8DSLcVHGkG6ZKrpOGcYK0V9XPUpjBtCh7cRYiBhdS:2OLHk3KrgL0V1PUpjnn+iBe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2248 | C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache | C:\Windows\System32\svchost.exe | services.exe | |
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 10.0.19041.1 (WinBuild.160101.0800) | ||||
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100 | binary | |
MD5:88F48152F7898EB1EB2A005BC5A3F789 | SHA256:7F5E3C686437B9880E89DC008DEA14F60910BCCEA70751FE24498AD3A5391B34 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000107 | binary | |
MD5:311F1298863858C8334BD7A8A0E34014 | SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000101 | binary | |
MD5:88F48152F7898EB1EB2A005BC5A3F789 | SHA256:7F5E3C686437B9880E89DC008DEA14F60910BCCEA70751FE24498AD3A5391B34 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc | binary | |
MD5:07F24BA6D7CA12D969F9277176F29D7C | SHA256:3A2FD84C9BD4ADF777CE8ED743B47251C6490F4676F753E1F604F7462A1DCDB1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103 | binary | |
MD5:8E3E3F21D5176F890CD9F999858589B8 | SHA256:3FE6527F7B1A0065A30CB44B872D0420E10F50E7BFC2E151424BE61A25E97A9D | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010d | binary | |
MD5:6735B2A4F451E2CE07A6FE014582D97F | SHA256:1CB7A28B9AB326A1BE342C336F68CD12305D77293FF0ACE7FB6ED87D1AD533DA | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb | binary | |
MD5:7CE18B1DE10103DC5E4E376AAD138842 | SHA256:7BF9F60BB70136FE28BE4C88292D9597F080DF8C908EEE6C29E0925851928310 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fe | binary | |
MD5:4E0DE291C350F4518386D4E5B061EA2C | SHA256:1DDA90FF778C2493F4BE41EF8B174885678534B8BF7343B4FD808FFFC9CA33F1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fd | binary | |
MD5:07F24BA6D7CA12D969F9277176F29D7C | SHA256:3A2FD84C9BD4ADF777CE8ED743B47251C6490F4676F753E1F604F7462A1DCDB1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000102 | binary | |
MD5:F38C6C36EC3879CC1F838A6DD97A8A03 | SHA256:AA3A752A35E17BABF58DDFCE04EAD9D067F074D7838855DC61BA7B0487B73DE0 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 162.125.72.18:443 | https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fa8kjtopdslckfrv3d95dd%2FHB-8.png&request_id=be98f22e279241b8a8f6d6779b22984b&time=1736556298 | unknown | — | — | — |
— | — | GET | 200 | 162.125.72.18:443 | https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fa8kjtopdslckfrv3d95dd%2FHB-8.png&request_id=be98f22e279241b8a8f6d6779b22984b&time=1736556298 | unknown | — | — | — |
— | — | GET | 200 | 162.125.72.18:443 | https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fa8kjtopdslckfrv3d95dd%2FHB-8.png&request_id=be98f22e279241b8a8f6d6779b22984b&time=1736556298 | unknown | — | — | — |
— | — | GET | 200 | 104.16.99.29:443 | https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_data_modules_stormcrow-vflMHL-MX.js | unknown | — | — | — |
— | — | GET | 200 | 162.125.72.18:443 | https://www.dropbox.com/scl/fi/a8kjtopdslckfrv3d95dd/HB-8.png?rlkey=x3ik4du1dyywbw3am0bun0c24&st=hfa6y177&dl=0 | unknown | html | 168 Kb | shared |
— | — | GET | 200 | 104.16.100.29:443 | https://cfl.dropboxstatic.com/static/metaserver/static/css/dig/fonts-vflMHuSEC.css | unknown | text | 3.40 Kb | whitelisted |
— | — | GET | 200 | 104.16.100.29:443 | https://cfl.dropboxstatic.com/static/metaserver/static/css/dig-components/tokens-vfltkUjWJ.css | unknown | text | 58.5 Kb | whitelisted |
— | — | GET | 200 | 104.16.99.29:443 | https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_edison-vflFhVtEu.js | unknown | binary | 43.2 Kb | whitelisted |
— | — | GET | 200 | 104.16.100.29:443 | https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_ts_utils-vfl8TjVcK.js | unknown | binary | 15.2 Kb | whitelisted |
— | — | GET | 200 | 104.16.99.29:443 | https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_edison_init_edison_page-vflkXmrEC.js | unknown | binary | 1.44 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
6296 | RUXIMICS.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
3080 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4724 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4668 | msedge.exe | 224.0.0.251:5353 | — | — | — | unknown |
7172 | msedge.exe | 162.125.72.18:443 | www.dropbox.com | DROPBOX | US | shared |
7172 | msedge.exe | 104.16.100.29:443 | cfl.dropboxstatic.com | — | — | shared |
3080 | MoUsoCoreWorker.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4724 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7172 | msedge.exe | 162.125.6.20:443 | d.dropbox.com | DROPBOX | US | shared |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
www.dropbox.com |
| shared |
cfl.dropboxstatic.com |
| shared |
d.dropbox.com |
| shared |
go.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
assets.dropbox.com |
| whitelisted |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
xpaywalletcdn.azureedge.net |
| whitelisted |