URL: | https://www.juhifertility.com/uploads/ahy27u.php?4mtc4= |
Full analysis: | https://app.any.run/tasks/4c3f5d88-4162-44df-b4d7-395efd1e67f6 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 19:48:35 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MD5: | 557769FE8006F8BC350993B17A11DD04 |
SHA1: | 5DEA2C068E7B5FEABCEAAC64D9197389C9DBF16F |
SHA256: | A4E22CF504139879927B469228297FB4FBA10DC90D774E9BD380F94993267A30 |
SSDEEP: | 3:N8DSLoNMc6KTKr+9SQcuB:2OLox6KW+9RB |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2248 | C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache | C:\Windows\System32\svchost.exe | services.exe | |
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 10.0.19041.1 (WinBuild.160101.0800) | ||||
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb | binary | |
MD5:311F1298863858C8334BD7A8A0E34014 | SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\aa7137ca-a22a-44b6-a6e8-cce7df11377b.tmp | binary | |
MD5:0E7DB277296076C60231A51B274B24BE | SHA256:84091BDBDD3B0FCB526B1CA97593A614359C71B6E200C20994A7E03C035A1E6F | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State | binary | |
MD5:0E7DB277296076C60231A51B274B24BE | SHA256:84091BDBDD3B0FCB526B1CA97593A614359C71B6E200C20994A7E03C035A1E6F | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF296d29.TMP | binary | |
MD5:D0453075479429FE52D8FB780A7DA8E9 | SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\9ae6a7ef-acda-4c89-b31c-de909f5156c6.tmp | binary | |
MD5:4EF7D4D43911FCBDE36A5683275B35D2 | SHA256:0C4D63BBF68DFF1838BE0EDC88EF98E0F896A05495322A6BB4C44FC43904C641 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000102 | compressed | |
MD5:7C29149C66233696139A5CF590C9CA00 | SHA256:63E718BD3BB4E717EDB381FE8B68226403E86DBB3BB1D7AE1AA1E691B9259216 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fe | html | |
MD5:32EA291FACB1688DF0F4FA2E395C4617 | SHA256:4AA32C99F4433A49C111D06940196CAF8F7118D4585DCFF1A406F8FB1510CDDD | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000105 | binary | |
MD5:6493FE362AABD3C296CE2BDCD13FCC5A | SHA256:49A6C16C9253EBC83F43CEC4F09E938E781D7BABCA2EDBDFAE408B6BFF02071B | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000104 | binary | |
MD5:57CC2054C8941B98079ABA8C70F95989 | SHA256:91E559C65DE91C8414596457D5C2B9E18C95A66F0703169FBE7FF239E543F4CA | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF296068.TMP | binary | |
MD5:D2615E0C4F6C46045EDB3EAA0ACE252A | SHA256:48EFA073914F67BCCE305DECBC121BE7FA6D343982BE00A666B4C5FB6A30A7A9 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 302 | 23.37.237.227:443 | https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18 | unknown | — | — | — |
— | — | GET | 302 | 148.66.138.124:443 | https://www.juhifertility.com/uploads/ahy27u.php?4mtc4= | unknown | — | — | — |
— | — | GET | 302 | 104.21.96.1:443 | https://expedition.bostov.click/help/?1821584355485&sub_id_1=mail | unknown | — | — | — |
3024 | svchost.exe | HEAD | 200 | 2.16.168.108:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 2.16.168.108:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 2.16.168.108:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 2.16.168.108:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 2.16.168.108:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817857&P2=404&P3=2&P4=M5gqAjFvyKbUtVYMETearmFbUVqvFI47j4O%2bht3lVOtJXoGfnPwhw5IyBKugVSEqu2P53B%2bdtXS4anPQtskdSg%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 200 | 13.107.246.45:443 | https://xpaywalletcdn.azureedge.net/mswallet/ExpressCheckout/v2/GetEligibleSites?version=0&type=dafSite&IsStable=false | unknown | binary | 332 Kb | whitelisted |
— | — | GET | 200 | 67.212.173.75:443 | https://fly.asssing.shop/?utm_term=7458376211790561341&tid=57696e3332 | unknown | binary | 9.20 Kb | — |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 224.0.0.251:5353 | — | — | — | unknown |
7316 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
3080 | MoUsoCoreWorker.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
1888 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7172 | msedge.exe | 148.66.138.124:443 | www.juhifertility.com | AS-26496-GO-DADDY-COM-LLC | SG | unknown |
7172 | msedge.exe | 104.21.32.1:443 | expedition.bostov.click | — | — | unknown |
7172 | msedge.exe | 13.107.21.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7172 | msedge.exe | 2.23.242.9:443 | go.microsoft.com | Ooredoo Q.S.C. | QA | whitelisted |
7172 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
www.juhifertility.com |
| unknown |
expedition.bostov.click |
| unknown |
edge.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
fly.asssing.shop |
| unknown |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
xpaywalletcdn.azureedge.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (digitdsk .xyz) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (digitdsk .xyz) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (digitdsk .xyz) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (digitdsk .xyz) |