URL: | https://url.us.m.mimecastprotect.com/s/wLBVCkRV0MS5zDO9jU2fjSGdpbn?domain=tome.app |
Full analysis: | https://app.any.run/tasks/726e7285-4f98-4a5f-a5a2-79690a9c3b34 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 19:11:53 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MD5: | 8A1DDBFA6F1FE6DCEC51C79FDC48DEE9 |
SHA1: | 444E4356B40AB0C5542756425834A3269D183F35 |
SHA256: | A7184FAC9924E9FE0FECB53358CE19FE4D182CF0ACCE009D80C93136535B70CC |
SSDEEP: | 3:N8UjmTSCGnzmKo3f8cPwTP2iEy:2UjwGT9c4OiT |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb | binary | |
MD5:D0458251919892E37D70B1E3656D699F | SHA256:FC3A1643A267D9E0463255A92095B7806504F6FB85DC8CD96C3A052194E8D024 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fd | binary | |
MD5:2DADE2ECE0448707F438380799352C14 | SHA256:02445245B0BA14CC851EBBFC4D6FE25837F307B68D79D1F9F279DF19CA8DB2AC | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100 | binary | |
MD5:79B27479029F188A6ED2DEA500383D75 | SHA256:9D98D66221B9240C48E6AA445770ABECE3A6B40DAB6637D25B7473E2F7BE42DA | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc | binary | |
MD5:B87BBF653B7D03775F3CA8015223E8F2 | SHA256:06C2C112DB618624F1D67992BB09020D7F08439197195A13A943CBEBAF9B94B0 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000104 | compressed | |
MD5:ACB12B46FE2F095A2CD366C047959E4A | SHA256:B79347801E812F59C2FD5436C1BA85E7D3FE445F380F200C76DA6BE7DB3C6F8A | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000105 | compressed | |
MD5:C1DC3625B42AE6356D50064E7E00285D | SHA256:E51D9759D360E4C6F735A4BFF89AC5E191EFB8718E6374C57EFA23EC0863C42B | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010b | binary | |
MD5:7D21E0A721FB9E914A0BCFF742F54437 | SHA256:7003617F0F0C2A8D9B79A9ECA5E3F2CCE7ED15E5FD6E282318BA1587CBA2B87E | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103 | compressed | |
MD5:ECC8A4281B9EDF0D8968DB6FF23B4C81 | SHA256:141661FAE2FE883CB63FA804EEDF4C435F4DC1104F94CB088B3E52EEC9A80E8F | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010d | binary | |
MD5:824EC5FAA0E7477099D5FAE07C971EC3 | SHA256:0EFE84DE0B506CE74FDCCFF824F33BF044BD15408069CE04C4068BAFB3BBB180 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000106 | compressed | |
MD5:FE8A6B8A78669C4766F66C735A9C34AA | SHA256:B9205CD00CB308ABF370BFC673DA36C69F1C8B616D215645A4353CEBA9CD4CA1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 307 | 13.107.246.45:443 | https://url.us.m.mimecastprotect.com/r/Bffs0YFFYCTu5Gfgqc1L3zmemOv6kUTm0_NcrwWy3vXn52wHTXZCwQusvzQJskSxIPkJWpEw-JPMsyGh0r3kN5zRSvH0owi7QVelRmstO0X1HJEpr6X34zRHE2JB0BVRhySag6h9kuXs4EiD1qXR4G03xYKTMNpdYqzMBY8WTUUupzoJY9ESsNuQJ8Rb2XUpS8f22w8qWhm5l3iTsg_d2qX9q8niR2iUiqs3m6zysU3ZyCnKrqKR-bwuHb5M02MPpKL95MJOLac87bCGmmkYYw-8ZaHsX9OGTtcsNnt5FxgIlshKwjqYlCBONpzWbca2ccXPvZgC0CwZ8XPK5BVGTtXkvQxHWADobXDqs2IZaExKGnsNMScZzLhlveQLZwbt9CrJShBWSBibcRuXBKi7q7ckYAlxtiuYiB2ZAKYhuC2IegIiSSyZa29LXKUX5T62qbwnuxjK3MrA8IV3J_oWvxlZOVpbnq2MNui1YZ-1yriBTTJ-QbV1C7bzcDtiN2JB-AZpf_v7k70wER6ZWjDApNgdfeTEZD_qTQ3sp9SYXYYr_yldRv-r5lxIK4epkhpki-sQ9qRQ1_cUm_Z3REH64nv8XR0E2JTJhyGjxQORDz6Hav_03onlFOCKRpDrDAlFRG7JRC_SC8VNhED9sqbJnIOBF-lCNzHFtQpW0WstpHwpvZ9GQS1-QlTJGzfkJXXP0M9MgKWSH-lswzKbk7VbmPvQZuZDN5ezqGTQUYpBK_jA7HkOTiIfh-uhnwRsR6Gku46jZsDHwq_F0aj-oFNOx-vyAEj7lXC-sBJVUenr4w1zVoWQx6PqZr71kwkIVtf_tdN6XH7tf0-yIky21k_4k_-U-zKeo8Tyv9F6efxTr32eCVpUUDhScE1l6toHKl-2StWNMhfdX3s0iEklOOMJPQVXPnTODqKFBHm6KmF22rGkf9ZSwjBim3dhRk3D0cBYcvqmXc86JCWfOoUalgiVeUBF1Hu7NVT23JjjHRG7XZx5QcQoZkcb_2fH3hQpRQe4ax2sHnT8gyY2OkRpHkfcT2ahecjvY90Cn2R1zMCDD4LsyabXoIlCJ4c6K4tbZqB4fLm6JjytNTDdlwKoIyJa1pZAPc4CIFnXtmFbunYTjXAzCjGEUEjFwJVFohJK2EREEs-GsanzQk_TISvYVS1AywcBER1mC9PK8D39gXXYURk7s_vMZsrxZcxfu2CB9vTailenjUXiM1ycnScZP0vj42VZmX7uETKORX61u1H-9dVrtvky8e7T51GgmpD_ZS_sXS3WjWfMDJnwXtl0EZ9BjGjNfu5e4REzbjCdF-gz3sBq--Xi-Lq7lluAsCzAJPgkWV1unFXoBecqO8-mu-EUFP5kjynxdmnVo1hLwt7va3yY-ZBq1JJcMnrSPxVnKNCjd3DoRILPtzUkh5Leh7Z_M3nfa-qXm_JFrWHTAHWkxdztrl0BgDCVZDXLS_fX_XLJrqFziJHju5bCsz7JD4IxCTQHCLcPnPKwkVz7dkZXR2zyEstTN4Hxj4-7BtSHNtgzzTJK-DrPlQef5gUe44ROiDrJWrAi5_2uD_MR2zcINhVn1g0_MTpgphEabLk5duJWaulALj5LwaoMZBx2acvAyQD5DSxbemIq3gQz2kvThcko44d3eWFervjeCJc9079nutplp6WjNIvUdU6HbMxzUd8d8hTH4pwVkaIjpBbSHxF_k8Z-aWI-NDcpAnAcat3h7Zs5zUw6HiGkBwhzLYeqsOhNeIeYdRuaknEHbkoR52WRrjmkTuW3_JYVktrNS4BwGXUZsnewTLpRe5qpeyU_cnSc5ga778AQHMEpimo7Er_q2dTswzTZQGDG5HC4GuEC6scY6b163M1XBEByKTNsYd54x8fB_rbJcSOkv_u4FWgxPnr7n-UmL2uyWvHLuPDXiBuJSUQJfa_xKLspmEdeArmat60T-srjUJ9MhmJ9O0ojpGop4VlxE83-hgzvwwuNSUPp3inrdWhq5YaCf-QzaSP6YVJ1rCEnNnc-qrc1_Nd9JN9lhZ3rlTnJEkhKZnT5FxS9U6KUZcLKm6ajmac-rQ4Jg-zdy2PCgTFFHFDv61Ox08sEei0aT6SEJU-cF-epxe6tQ0ecaLNoVknFOPl6_4Z-vX_hCaQzJUbc9WOOTSXyHuYoyVN9a_suKchWCC9niTo_nU7yFJTGOz2AWQOrQ89u7rCWznJ2FFAcvDfMfTJbzYWUEIdhvzT0mGX5dC-9vQI0ySC82zpg8K4h4goApJdCTGN880vrIdyTDqqwykwC0hlCUPE0rniKidNXRtPXBtbEi9Y8ps0T-RYriCuTsqGt2-fjOaR8zy3pxLFTYl_Rs7XtKqfpuaq8xltKKRh4tY_KSMCHXUuwppKnpv4u1ZZY210fCs9jycQ2bmLeYj6RWAFSbHopCVwL04Id2XzRAbizLYLNS23tzJa-ntZ2Swa9hQ3p230qqh0dx3Cn7xZ-bqPoTMvPiRl8BRlN0pzuUSe21-SROHn3nBJRskjiRECjAGNCWUzQwPOmaWy2dH0vUiz3c3cRzD7t4vbxk1Aed8wpwjcs4NdAK-0fRLqOJqq3M-paDUIGYJhH9_U5XC8IfzzzJNrMlefMzs_QeVLdZHmp-iZtNEe3FOZXuSXrMw2xCVIwXJdKzmD8rI5F9P2K6jhrycIRcRKnvTObRBh_FqXqx4DL_SG4jnrJyCzCQPkDwnk6M2LuhFTOr1J7h5gcyYZQo7E0h8ROPlIAb8ezR7T3WeO1kh650DZufi6KLHmbz3NofglmlZz3azj8GksbXDFrazJIkyoPShwFOJCRaHeG14-yZyGwjzK8f20ORECc85GJSyuyOr5lcbmE9qpgQOEOI5o1hrndxPxK3TvvGc1RRCuQBGOB3T0p2i_AU4cy5DXaX82woNRs2KfJp66UhR3R_RaGNvXDd7k-dYDoHGYGwbtFZKqEHXGYehmkqjr-84OFzYTS6z-5BMzyxKoBb4WY6cFZ15DSI-acNdrl_zmShnxQLTPE2yaTVpG-D2EN5Kd-U4tbzWf93FsVKCK9h6EzBUsNGxK6kjCacdZR | unknown | — | — | — |
— | — | GET | 307 | 13.107.246.45:443 | https://url.us.m.mimecastprotect.com/s/wLBVCkRV0MS5zDO9jU2fjSGdpbn?domain=tome.app | unknown | — | — | — |
— | — | GET | — | 108.138.7.31:443 | https://static.tome.app/fonts/ACD59936-6D28-4358-998A-E658F8111A0D.otf | unknown | — | — | — |
— | — | GET | — | 108.138.7.72:443 | https://static.tome.app/fonts/39B57C62-A78F-440C-AABD-17E4D6EC64C9.otf | unknown | — | — | — |
— | — | GET | — | 108.138.7.10:443 | https://static.tome.app/fonts/D557D5DC-F5E4-4A57-BC99-14B16539351F.otf | unknown | — | — | — |
— | — | GET | — | 108.138.7.118:443 | https://static.tome.app/fonts/F575F6D4-4161-4CD9-A195-ED8C5CB0E04D.otf | unknown | — | — | — |
— | — | GET | — | 108.138.7.72:443 | https://static.tome.app/fonts/7B8465A1-D69D-47C7-977F-AD1C3AA10FC9.otf | unknown | — | — | — |
— | — | GET | — | 76.76.21.21:443 | https://tome.app/_next/static/chunks/vendor.0d6e4079-13ad5416b763ccb5.js?dpl=dpl_H7NpUixaLtQD3RS6KRc8srbbRJ3j | unknown | — | — | — |
— | — | GET | — | 108.138.7.31:443 | https://static.tome.app/fonts/DB18CFD3-FEA3-428C-9988-9EF99462B401.otf | unknown | — | — | — |
— | — | GET | — | 76.76.21.21:443 | https://tome.app/_next/static/chunks/webpack-77cfffac18dacb1f.js?dpl=dpl_H7NpUixaLtQD3RS6KRc8srbbRJ3j | unknown | — | — | — |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1580 | RUXIMICS.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3080 | MoUsoCoreWorker.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7360 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 224.0.0.251:5353 | — | — | — | unknown |
7172 | msedge.exe | 205.139.111.117:443 | url.us.m.mimecastprotect.com | MIMECAST | US | unknown |
7172 | msedge.exe | 76.76.21.21:443 | tome.app | AMAZON-02 | US | unknown |
3080 | MoUsoCoreWorker.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
7172 | msedge.exe | 108.138.7.31:443 | static.tome.app | AMAZON-02 | US | suspicious |
7172 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7172 | msedge.exe | 23.35.238.131:443 | go.microsoft.com | AKAMAI-AS | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
url.us.m.mimecastprotect.com |
| unknown |
tome.app |
| unknown |
static.tome.app |
| unknown |
go.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
backend.tome.app |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Bidirectional and low-latency communication CDN (cdn .socket .io) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Bidirectional and low-latency communication CDN (cdn .socket .io) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Bidirectional and low-latency communication CDN (cdn .socket .io) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Bidirectional and low-latency communication CDN (cdn .socket .io) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Domain chain identified as Phishing (socketaad) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net) |