URL:

https://ce4.ajax.a8b.co/get?redir=1&id=d4vCW7zizPl1mo0GYx0ELgo%20CCIybH9%2Fc4qC7CeWEuI%3D&uri=%2F%2Fdustcontrol-ab.jimdosite.com

Full analysis: https://app.any.run/tasks/3b0a2eec-c3aa-465d-b9f2-071cefd6c729
Verdict: Malicious activity
Analysis date: January 10, 2025, 19:08:23
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
Indicators:
MD5:

E34EC52FDA3F4DE45302C6122C046874

SHA1:

77D3428020703C56BF088E50C56EB887BD463615

SHA256:

B1899189278AEA711103E79F6900B82FEC2BAE7CC08D2BC4C0C9E7D95119FEBB

SSDEEP:

3:N8dRLxayp6Ihre1N5ByjGYjQAdt0oL0IBKWQA2:2syUI81RwB1BNQh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7172)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
166
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
37
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fbbinary
MD5:311F1298863858C8334BD7A8A0E34014
SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent Statebinary
MD5:8BECF3FBB91D119C1E9BE5869D39A1F1
SHA256:4D530E7DCEBB0C450CFF0DBA720BEEE7DA6E8462E9B18372C02F7D5CD3BFACBE
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecuritybinary
MD5:A3CB99D7554482951C9124364C19455E
SHA256:01B8920AEEB5BC12566CAD2E3CEC6AA12F3EDD223E8F03459060E2AFD9483D84
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF296039.TMPbinary
MD5:D0453075479429FE52D8FB780A7DA8E9
SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF29c348.TMPbinary
MD5:8BECF3FBB91D119C1E9BE5869D39A1F1
SHA256:4D530E7DCEBB0C450CFF0DBA720BEEE7DA6E8462E9B18372C02F7D5CD3BFACBE
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF29cb76.TMPbinary
MD5:A3CB99D7554482951C9124364C19455E
SHA256:01B8920AEEB5BC12566CAD2E3CEC6AA12F3EDD223E8F03459060E2AFD9483D84
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\35848c34-9957-4b5e-a1a0-40a14075d95b.tmpbinary
MD5:A3CB99D7554482951C9124364C19455E
SHA256:01B8920AEEB5BC12566CAD2E3CEC6AA12F3EDD223E8F03459060E2AFD9483D84
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000febinary
MD5:9A01B69183A9604AB3A439E388B30501
SHA256:20B535FA80C8189E3B87D1803038389960203A886D502BC2EF1857AFFC2F38D2
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\00093b31-777e-492a-a383-a62f695b94c4.tmpbinary
MD5:061D9CDAB7977BFD2F2EA94137404ADE
SHA256:274098EA0C5B8475065490337C367AA40872C0FDD3BD42DE868B8D7521D465DC
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fccompressed
MD5:49E45882A55DA1536EEA758C7DF35436
SHA256:84152A78AF77D1CA34816DCAFEA72B286E5B2780F62DB74A2BBABB2888EEEFF5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
130
TCP/UDP connections
102
DNS requests
104
Threats
29

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
302
34.214.221.163:443
https://ce4.ajax.a8b.co/get?redir=1&id=d4vCW7zizPl1mo0GYx0ELgo%20CCIybH9%2Fc4qC7CeWEuI%3D&uri=%2F%2Fdustcontrol-ab.jimdosite.com
unknown
3024
svchost.exe
HEAD
200
2.16.168.112:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817061&P2=404&P3=2&P4=ahUdFUO2JvxrRXAWm7TeiOvyYLp8mMs20%2bYws0mZIvdt1ZjaFfcbk2hcPt1QLtlamgKAT3mEVFf%2bfvjzRZuhqg%3d%3d
unknown
whitelisted
GET
302
44.238.153.186:443
https://ce4.ajax.a8b.co/get?redir=1&id=d4vCW7zizPl1mo0GYx0ELgo%20CCIybH9%2Fc4qC7CeWEuI%3D&uri=%2F%2Fdustcontrol-ab.jimdosite.com
unknown
3024
svchost.exe
GET
206
2.16.168.112:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817061&P2=404&P3=2&P4=ahUdFUO2JvxrRXAWm7TeiOvyYLp8mMs20%2bYws0mZIvdt1ZjaFfcbk2hcPt1QLtlamgKAT3mEVFf%2bfvjzRZuhqg%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
2.16.168.112:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817061&P2=404&P3=2&P4=ahUdFUO2JvxrRXAWm7TeiOvyYLp8mMs20%2bYws0mZIvdt1ZjaFfcbk2hcPt1QLtlamgKAT3mEVFf%2bfvjzRZuhqg%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
2.16.168.112:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817061&P2=404&P3=2&P4=ahUdFUO2JvxrRXAWm7TeiOvyYLp8mMs20%2bYws0mZIvdt1ZjaFfcbk2hcPt1QLtlamgKAT3mEVFf%2bfvjzRZuhqg%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
2.16.168.112:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817061&P2=404&P3=2&P4=ahUdFUO2JvxrRXAWm7TeiOvyYLp8mMs20%2bYws0mZIvdt1ZjaFfcbk2hcPt1QLtlamgKAT3mEVFf%2bfvjzRZuhqg%3d%3d
unknown
whitelisted
3024
svchost.exe
GET
206
2.16.168.112:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736817061&P2=404&P3=2&P4=ahUdFUO2JvxrRXAWm7TeiOvyYLp8mMs20%2bYws0mZIvdt1ZjaFfcbk2hcPt1QLtlamgKAT3mEVFf%2bfvjzRZuhqg%3d%3d
unknown
whitelisted
GET
200
104.18.94.41:443
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8ffef4fe2881453b&lang=auto
unknown
text
118 Kb
whitelisted
GET
200
104.18.95.41:443
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/0avay/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
unknown
html
26.0 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
239.255.255.250:1900
whitelisted
2384
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3080
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
7340
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
224.0.0.251:5353
unknown
7172
msedge.exe
44.238.153.186:443
ce4.ajax.a8b.co
AMAZON-02
US
unknown
7172
msedge.exe
162.159.128.70:443
dustcontrol-ab.jimdosite.com
CLOUDFLARENET
whitelisted
3080
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7172
msedge.exe
104.18.95.41:443
challenges.cloudflare.com
whitelisted
7340
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.142
whitelisted
ce4.ajax.a8b.co
  • 44.238.153.186
  • 34.214.221.163
unknown
dustcontrol-ab.jimdosite.com
  • 162.159.128.70
  • 162.159.129.70
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
challenges.cloudflare.com
  • 104.18.95.41
  • 104.18.94.41
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
go.microsoft.com
  • 2.23.242.9
whitelisted
msedge.b.tlu.dl.delivery.mp.microsoft.com
  • 2.16.168.112
  • 2.16.168.108
  • 199.232.210.172
  • 199.232.214.172
  • 23.50.131.30
  • 23.50.131.24
whitelisted
www.bing.com
  • 2.23.227.208
  • 2.23.227.215
  • 104.126.37.170
  • 104.126.37.145
  • 104.126.37.179
  • 104.126.37.154
  • 104.126.37.184
  • 104.126.37.147
  • 104.126.37.153
  • 104.126.37.146
  • 104.126.37.130
whitelisted
jimdo-dolphin-static-assets-prod.freetls.fastly.net
  • 151.101.66.79
  • 151.101.194.79
  • 151.101.2.79
  • 151.101.130.79
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspicious RDGA Subdomain ( .jimdosite .com)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspicious RDGA Subdomain ( .jimdosite .com)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspicious RDGA Subdomain ( .jimdosite .com)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspicious RDGA Subdomain ( .jimdosite .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (saudigraphco .com)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (saudigraphco .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info