URL:

https://www.dropbox.com/scl/fi/vovn0y551sc912kgjpns7/Hard-Corner-LLC.paper?rlkey=znymgmm4atnuemlj3z20zpjcf&st=sy8uy6id&dl=0

Full analysis: https://app.any.run/tasks/13e2d857-f917-4d3e-9edb-c15eb2290837
Verdict: Malicious activity
Analysis date: January 10, 2025, 20:52:49
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
tycoon
storm1747
Indicators:
MD5:

07FE5DF3AE7E13EA7BDCA1049DA28DC0

SHA1:

80154092867D5E918B6CDFFF8A94392B5E822F50

SHA256:

A2367A86623A1B144E6D2760458307ED7DCAB559D5001623CEB36436B9849D1A

SSDEEP:

3:N8DSLcVHGkG6GTKQQK9hVKtEXZMLNpEEstYdsgpV93sJTm/4:2OLHkoWQR7VrEILYdsmV93sMA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7172)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
158
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
193
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000106binary
MD5:60B0F8488C19883545DE3E498F46795F
SHA256:DD6F012E70B9C14873E3C2AB7B91BCB08AE7E5E71E4C27172B9121AE201DA211
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000107binary
MD5:B51186FCF1845F1FDF1902D65D7E5415
SHA256:E3874E2578FF5943302EE3DFDFDA5D0E4186509CAFDD16BADC5BBD0DEB36E1CB
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000febinary
MD5:07F24BA6D7CA12D969F9277176F29D7C
SHA256:3A2FD84C9BD4ADF777CE8ED743B47251C6490F4676F753E1F604F7462A1DCDB1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fcbinary
MD5:07F24BA6D7CA12D969F9277176F29D7C
SHA256:3A2FD84C9BD4ADF777CE8ED743B47251C6490F4676F753E1F604F7462A1DCDB1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100binary
MD5:4E0DE291C350F4518386D4E5B061EA2C
SHA256:1DDA90FF778C2493F4BE41EF8B174885678534B8BF7343B4FD808FFFC9CA33F1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000104binary
MD5:F38C6C36EC3879CC1F838A6DD97A8A03
SHA256:AA3A752A35E17BABF58DDFCE04EAD9D067F074D7838855DC61BA7B0487B73DE0
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF29625c.TMPbinary
MD5:D2615E0C4F6C46045EDB3EAA0ACE252A
SHA256:48EFA073914F67BCCE305DECBC121BE7FA6D343982BE00A666B4C5FB6A30A7A9
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010bbinary
MD5:2C2A066AB88F365EB9E272F041F05718
SHA256:90CC824872162CAAA1E48D9E11A5898182155B603741099F2E0BF07839AEFAF4
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103binary
MD5:8E3E3F21D5176F890CD9F999858589B8
SHA256:3FE6527F7B1A0065A30CB44B872D0420E10F50E7BFC2E151424BE61A25E97A9D
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ffbinary
MD5:F38C6C36EC3879CC1F838A6DD97A8A03
SHA256:AA3A752A35E17BABF58DDFCE04EAD9D067F074D7838855DC61BA7B0487B73DE0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
322
TCP/UDP connections
152
DNS requests
139
Threats
28

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
162.125.72.18:443
https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fvovn0y551sc912kgjpns7%2FHard-Corner-LLC.paper&request_id=d88aa45bfd804376a50c74311ce47c62&time=1736542380
unknown
GET
200
104.16.100.29:443
https://cfl.dropboxstatic.com/static/metaserver/static/css/abuse/fingerprintjs_component-vflTizAkf.css
unknown
text
305 b
whitelisted
GET
200
162.125.72.18:443
https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fvovn0y551sc912kgjpns7%2FHard-Corner-LLC.paper&request_id=d88aa45bfd804376a50c74311ce47c62&time=1736542380
unknown
GET
200
162.125.72.18:443
https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fvovn0y551sc912kgjpns7%2FHard-Corner-LLC.paper&request_id=d88aa45bfd804376a50c74311ce47c62&time=1736542380
unknown
GET
200
104.16.99.29:443
https://cfl.dropboxstatic.com/static/metaserver/static/css/maestro_appshell_styles-vflfNNLV5.css
unknown
text
2.96 Kb
whitelisted
GET
200
104.16.99.29:443
https://cfl.dropboxstatic.com/static/metaserver/static/js/alameda_bundle/alameda_bundle_edge_en-vfljOrPyL.js
unknown
binary
27.4 Kb
whitelisted
GET
200
104.16.100.29:443
https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_api_v2_routes_password_confirmation_provider-vfl0fwYVD.js
unknown
binary
5.06 Kb
whitelisted
GET
200
104.16.100.29:443
https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_core_exception_reporter-vfls3SC8E.js
unknown
binary
56.2 Kb
whitelisted
GET
200
104.16.100.29:443
https://cfl.dropboxstatic.com/static/metaserver/static/css/google_one_tap-vflp9XDLJ.css
unknown
text
8.33 Kb
whitelisted
GET
200
104.16.100.29:443
https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_edison_init_edison_page-vflkXmrEC.js
unknown
binary
1.44 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.251:5353
unknown
239.255.255.250:1900
whitelisted
3144
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3080
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5248
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7172
msedge.exe
162.125.66.18:443
www.dropbox.com
DROPBOX
DE
shared
7172
msedge.exe
104.16.99.29:443
cfl.dropboxstatic.com
shared
3080
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7172
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7172
msedge.exe
184.28.89.167:443
go.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.142
whitelisted
www.dropbox.com
  • 162.125.66.18
  • 162.125.72.18
shared
cfl.dropboxstatic.com
  • 104.16.99.29
  • 104.16.100.29
shared
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
d.dropbox.com
  • 162.125.6.20
shared
msedge.b.tlu.dl.delivery.mp.microsoft.com
  • 2.16.168.112
  • 2.16.168.108
  • 199.232.210.172
  • 199.232.214.172
whitelisted
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
  • 104.126.37.152
  • 104.126.37.168
  • 104.126.37.144
  • 104.126.37.171
  • 104.126.37.179
  • 104.126.37.154
  • 104.126.37.129
  • 104.126.37.128
  • 104.126.37.130
  • 104.126.37.160
  • 104.126.37.185
  • 104.126.37.153
  • 104.126.37.145
  • 104.126.37.163
  • 104.126.37.155
  • 104.126.37.178
  • 2.21.65.132
  • 2.21.65.154
whitelisted
xpaywalletcdn.azureedge.net
  • 13.107.246.45
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain ( .zonirath .ru)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain ( .zonirath .ru)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
No debug info