URL: | https://www.dropbox.com/scl/fi/vovn0y551sc912kgjpns7/Hard-Corner-LLC.paper?rlkey=znymgmm4atnuemlj3z20zpjcf&st=sy8uy6id&dl=0 |
Full analysis: | https://app.any.run/tasks/13e2d857-f917-4d3e-9edb-c15eb2290837 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 20:52:49 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MD5: | 07FE5DF3AE7E13EA7BDCA1049DA28DC0 |
SHA1: | 80154092867D5E918B6CDFFF8A94392B5E822F50 |
SHA256: | A2367A86623A1B144E6D2760458307ED7DCAB559D5001623CEB36436B9849D1A |
SSDEEP: | 3:N8DSLcVHGkG6GTKQQK9hVKtEXZMLNpEEstYdsgpV93sJTm/4:2OLHkoWQR7VrEILYdsmV93sMA |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000106 | binary | |
MD5:60B0F8488C19883545DE3E498F46795F | SHA256:DD6F012E70B9C14873E3C2AB7B91BCB08AE7E5E71E4C27172B9121AE201DA211 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000107 | binary | |
MD5:B51186FCF1845F1FDF1902D65D7E5415 | SHA256:E3874E2578FF5943302EE3DFDFDA5D0E4186509CAFDD16BADC5BBD0DEB36E1CB | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fe | binary | |
MD5:07F24BA6D7CA12D969F9277176F29D7C | SHA256:3A2FD84C9BD4ADF777CE8ED743B47251C6490F4676F753E1F604F7462A1DCDB1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc | binary | |
MD5:07F24BA6D7CA12D969F9277176F29D7C | SHA256:3A2FD84C9BD4ADF777CE8ED743B47251C6490F4676F753E1F604F7462A1DCDB1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100 | binary | |
MD5:4E0DE291C350F4518386D4E5B061EA2C | SHA256:1DDA90FF778C2493F4BE41EF8B174885678534B8BF7343B4FD808FFFC9CA33F1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000104 | binary | |
MD5:F38C6C36EC3879CC1F838A6DD97A8A03 | SHA256:AA3A752A35E17BABF58DDFCE04EAD9D067F074D7838855DC61BA7B0487B73DE0 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF29625c.TMP | binary | |
MD5:D2615E0C4F6C46045EDB3EAA0ACE252A | SHA256:48EFA073914F67BCCE305DECBC121BE7FA6D343982BE00A666B4C5FB6A30A7A9 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010b | binary | |
MD5:2C2A066AB88F365EB9E272F041F05718 | SHA256:90CC824872162CAAA1E48D9E11A5898182155B603741099F2E0BF07839AEFAF4 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103 | binary | |
MD5:8E3E3F21D5176F890CD9F999858589B8 | SHA256:3FE6527F7B1A0065A30CB44B872D0420E10F50E7BFC2E151424BE61A25E97A9D | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ff | binary | |
MD5:F38C6C36EC3879CC1F838A6DD97A8A03 | SHA256:AA3A752A35E17BABF58DDFCE04EAD9D067F074D7838855DC61BA7B0487B73DE0 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 162.125.72.18:443 | https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fvovn0y551sc912kgjpns7%2FHard-Corner-LLC.paper&request_id=d88aa45bfd804376a50c74311ce47c62&time=1736542380 | unknown | — | — | — |
— | — | GET | 200 | 104.16.100.29:443 | https://cfl.dropboxstatic.com/static/metaserver/static/css/abuse/fingerprintjs_component-vflTizAkf.css | unknown | text | 305 b | whitelisted |
— | — | GET | 200 | 162.125.72.18:443 | https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fvovn0y551sc912kgjpns7%2FHard-Corner-LLC.paper&request_id=d88aa45bfd804376a50c74311ce47c62&time=1736542380 | unknown | — | — | — |
— | — | GET | 200 | 162.125.72.18:443 | https://www.dropbox.com/page_success/end?edison_page_name=scl_oboe_file&path=%2Fscl%2Ffi%2Fvovn0y551sc912kgjpns7%2FHard-Corner-LLC.paper&request_id=d88aa45bfd804376a50c74311ce47c62&time=1736542380 | unknown | — | — | — |
— | — | GET | 200 | 104.16.99.29:443 | https://cfl.dropboxstatic.com/static/metaserver/static/css/maestro_appshell_styles-vflfNNLV5.css | unknown | text | 2.96 Kb | whitelisted |
— | — | GET | 200 | 104.16.99.29:443 | https://cfl.dropboxstatic.com/static/metaserver/static/js/alameda_bundle/alameda_bundle_edge_en-vfljOrPyL.js | unknown | binary | 27.4 Kb | whitelisted |
— | — | GET | 200 | 104.16.100.29:443 | https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/c_api_v2_routes_password_confirmation_provider-vfl0fwYVD.js | unknown | binary | 5.06 Kb | whitelisted |
— | — | GET | 200 | 104.16.100.29:443 | https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_core_exception_reporter-vfls3SC8E.js | unknown | binary | 56.2 Kb | whitelisted |
— | — | GET | 200 | 104.16.100.29:443 | https://cfl.dropboxstatic.com/static/metaserver/static/css/google_one_tap-vflp9XDLJ.css | unknown | text | 8.33 Kb | whitelisted |
— | — | GET | 200 | 104.16.100.29:443 | https://cfl.dropboxstatic.com/static/atlas/file_viewer/scl_oboe_file_bundle_amd/dist/e_edison_init_edison_page-vflkXmrEC.js | unknown | binary | 1.44 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 224.0.0.251:5353 | — | — | — | unknown |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
3144 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3080 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
5248 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
7172 | msedge.exe | 162.125.66.18:443 | www.dropbox.com | DROPBOX | DE | shared |
7172 | msedge.exe | 104.16.99.29:443 | cfl.dropboxstatic.com | — | — | shared |
3080 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7172 | msedge.exe | 13.107.21.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7172 | msedge.exe | 184.28.89.167:443 | go.microsoft.com | AKAMAI-AS | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
www.dropbox.com |
| shared |
cfl.dropboxstatic.com |
| shared |
edge.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
d.dropbox.com |
| shared |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
xpaywalletcdn.azureedge.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain ( .zonirath .ru) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain ( .zonirath .ru) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |