URL: | https://adm6.sociables7.com/bQpOaffxSaSsx0DXtQHxPuAWdeMo |
Full analysis: | https://app.any.run/tasks/3b8004b5-9472-43b5-b00f-834e2cf091bd |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 21:20:30 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MD5: | 06B8BEC283BDEB025A77D34777D81A10 |
SHA1: | BAF858E8420A3B697DE2547D7DBAD15FD2260B88 |
SHA256: | 988ECDA5CB0A616B450D87A7669CA479899630CF55B267918EF58BDF2400AF56 |
SSDEEP: | 3:N8jTiTOVLhs/DTdLz0vb:2viTOVqLTV0D |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb | binary | |
MD5:311F1298863858C8334BD7A8A0E34014 | SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State | binary | |
MD5:44E757A264B035B82A6AA3F993BCF139 | SHA256:CF09D7BE1AFC1024CB92D4F52725C3FEBDCD06DD671D48C0A9760701886CB4CE | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\694b996d-e4e2-4dc5-8415-1702f512cc97.tmp | binary | |
MD5:44E757A264B035B82A6AA3F993BCF139 | SHA256:CF09D7BE1AFC1024CB92D4F52725C3FEBDCD06DD671D48C0A9760701886CB4CE | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF296d39.TMP | binary | |
MD5:D0453075479429FE52D8FB780A7DA8E9 | SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3024 | svchost.exe | HEAD | 200 | 199.232.210.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 404 | 104.21.64.1:443 | https://adm6.sociables7.com/bQpOaffxSaSsx0DXtQHxPuAWdeMo | unknown | — | — | — |
3024 | svchost.exe | GET | — | 199.232.210.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.210.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.210.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 199.232.210.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
— | — | POST | 200 | 204.79.197.239:443 | https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=7:6BxN_H6LGChDRpfFZQW0slwH0Z3bXuiS34Xoy8Z5i8I&cup2hreq=9b0874baf7826fa99e9a8f74621b4fd4f3ae12e45bbaae9552dd5885b8769add | unknown | text | 18.4 Kb | whitelisted |
— | — | GET | 200 | 13.107.21.239:443 | https://edge.microsoft.com/neededge/v1?bucket=18 | unknown | xml | 741 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 239.255.255.250:1900 | — | — | — | unknown |
7232 | RUXIMICS.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3080 | MoUsoCoreWorker.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
— | — | 224.0.0.251:5353 | — | — | — | unknown |
7172 | msedge.exe | 104.21.64.1:443 | adm6.sociables7.com | — | — | unknown |
3080 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3696 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
7172 | msedge.exe | 2.23.242.9:443 | go.microsoft.com | Ooredoo Q.S.C. | QA | whitelisted |
7172 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
adm6.sociables7.com |
| unknown |
go.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Tycoon2FA`s Phishing-Kit domain by CrossDomain ( .sociables7 .com) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Tycoon2FA`s Phishing-Kit domain by CrossDomain ( .sociables7 .com) |