URL:

http://email.bigcontacts.com/c/eJw8yk1uwyAQQOHTDLtYMPx6wSJtlWtEY8DYlQkRkFTp6atsunx6X_TRiIVY8sJKo6VEYdjmtdGKL_NquRLOOLuQldouapnVGswa2O6Ro-ZCcOGQCzPhPFvpQnJpjS5FDYovew71NiiMPoVa2OG3Me4d5BnwAniJtVNu-3E86f0BL32jlqZtlIOV1yk8-qjlFGmQB_sBiOV1Lal3yum6R0AEeZYKnXVaAn4CYqBypz3frkfN_wQQNedSvst-sea_Sw_bD7XxC4rf7qM9-phqy-zp8S8AAP__KBtR_A

Full analysis: https://app.any.run/tasks/d0b1c758-f36a-45fc-8937-bd2dfb40bad5
Verdict: Malicious activity
Analysis date: January 10, 2025, 21:00:41
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
telegram
Indicators:
MD5:

4DD1DB16E367976E8506D37C3F2C6029

SHA1:

39041349CD4B3901D51C34E5A492B1278B161C7A

SHA256:

B61E7DE24DC1C5BA0F662ACF7CFD89C90C3AFE4A7447CC212CF3A1990726FCAB

SSDEEP:

6:C+sKmOSpTT7JAdO+MWebw5DDmbVLNpSUVzaoALn/vdI6WR4y5DSaqMku:olT7GxMWzl8LN8UVOBJI9RtTku

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7172)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Attempting to use instant messaging service

      • msedge.exe (PID: 7172)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
155
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
28
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecuritybinary
MD5:D8F24244B8580D8FA6B98165706DE7EB
SHA256:11A8EB0E0B2933C7841662AC67FAB5C2EACE0760A2AC43FE4648279712265A83
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF29dfaa.TMPbinary
MD5:D8F24244B8580D8FA6B98165706DE7EB
SHA256:11A8EB0E0B2933C7841662AC67FAB5C2EACE0760A2AC43FE4648279712265A83
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fcimage
MD5:DFBA35A10488D1E27F59C04383435FE9
SHA256:6DA8A815CDDB4F57FED1050A6070DD7CBD3B7F7C59FDFD0101A0B4DD904DEBC8
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000feimage
MD5:25DCC9FE53908DC5DA260BC3D559F5FB
SHA256:CDE17C3894EAB1101C02F3FE7980A11A2CE80D4380513CA3443E766852F4DF1E
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF29722b.TMPbinary
MD5:D2615E0C4F6C46045EDB3EAA0ACE252A
SHA256:48EFA073914F67BCCE305DECBC121BE7FA6D343982BE00A666B4C5FB6A30A7A9
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\79785075-e1f0-4511-a200-87961653cc0f.tmpbinary
MD5:7E9C81C4C3C51C2ADD329C4F4A77F684
SHA256:6EEBF7F01A186C42C2BBEA526C0AF68DF9CEE1DCA60189C97B5C34F728DE65BF
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000101binary
MD5:311F1298863858C8334BD7A8A0E34014
SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent Statebinary
MD5:7E9C81C4C3C51C2ADD329C4F4A77F684
SHA256:6EEBF7F01A186C42C2BBEA526C0AF68DF9CEE1DCA60189C97B5C34F728DE65BF
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\42059011-81a9-453e-b8fc-ccee78029d47.tmpbinary
MD5:79708BF1A054E422D44C042DA33409AB
SHA256:029F18B9914492E7EA8A4CB1F17A8A251750D6FFD22E511C40AB94CA573E3697
7172msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\9ae6a7ef-acda-4c89-b31c-de909f5156c6.tmpbinary
MD5:D8F24244B8580D8FA6B98165706DE7EB
SHA256:11A8EB0E0B2933C7841662AC67FAB5C2EACE0760A2AC43FE4648279712265A83
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
79
TCP/UDP connections
61
DNS requests
74
Threats
23

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7172
msedge.exe
GET
302
34.110.180.34:80
http://email.bigcontacts.com/c/eJw8yk1uwyAQQOHTDLtYMPx6wSJtlWtEY8DYlQkRkFTp6atsunx6X_TRiIVY8sJKo6VEYdjmtdGKL_NquRLOOLuQldouapnVGswa2O6Ro-ZCcOGQCzPhPFvpQnJpjS5FDYovew71NiiMPoVa2OG3Me4d5BnwAniJtVNu-3E86f0BL32jlqZtlIOV1yk8-qjlFGmQB_sBiOV1Lal3yum6R0AEeZYKnXVaAn4CYqBypz3frkfN_wQQNedSvst-sea_Sw_bD7XxC4rf7qM9-phqy-zp8S8AAP__KBtR_A
unknown
3024
svchost.exe
HEAD
200
84.201.210.21:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736814260&P2=404&P3=2&P4=c74md5vA8A8wi4acyq6DMmPDX3GddhWIn%2bL%2f7%2b6BpVBviByf5g1XKo4G6PSKoyOiXLcwyySZa83Ad3F6D5NhzA%3d%3d
unknown
whitelisted
GET
302
184.30.21.171:443
https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18
unknown
GET
200
104.21.112.1:443
https://i.ibb.co/zr2zMVC/output-onlinepngtools.png
unknown
image
50.5 Kb
whitelisted
GET
200
104.21.48.1:443
https://i.ibb.co/42sVSPG/b.png
unknown
image
3.44 Kb
whitelisted
GET
200
104.21.16.1:443
https://i.ibb.co/zr2zMVC/output-onlinepngtools.png
unknown
image
50.5 Kb
whitelisted
GET
200
20.223.35.26:443
https://arc.msn.com/v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=13&OPSYS=WIN10&locale=en-US&country=US&edgeid=4286224394064939872&ACHANNEL=4&ABUILD=122.0.6261.70&poptin=0&devosver=10.0.19045.4046&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=122&AMINOR=0&ABLD=6261&APATCH=70
unknown
binary
2.07 Kb
whitelisted
GET
200
13.107.246.45:443
https://xpaywalletcdn.azureedge.net/mswallet/ExpressCheckout/v2/GetEligibleSites?version=0&type=topSite&IsStable=false
unknown
binary
497 b
whitelisted
GET
404
192.185.170.18:443
https://dosagrillva.com/favicon.ico
unknown
html
11.5 Kb
3024
svchost.exe
GET
206
84.201.210.21:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736814260&P2=404&P3=2&P4=c74md5vA8A8wi4acyq6DMmPDX3GddhWIn%2bL%2f7%2b6BpVBviByf5g1XKo4G6PSKoyOiXLcwyySZa83Ad3F6D5NhzA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3076
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3080
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
239.255.255.250:1900
whitelisted
5248
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4668
msedge.exe
224.0.0.251:5353
unknown
7172
msedge.exe
104.126.37.146:443
www.bing.com
Akamai International B.V.
DE
whitelisted
7172
msedge.exe
34.110.180.34:80
email.bigcontacts.com
GOOGLE
US
suspicious
7172
msedge.exe
192.185.170.18:443
dosagrillva.com
UNIFIEDLAYER-AS-1
US
unknown
7172
msedge.exe
142.250.186.74:443
ajax.googleapis.com
GOOGLE
US
whitelisted
7172
msedge.exe
91.134.9.160:443
i.ibb.co
OVH SAS
FR
shared

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
www.bing.com
  • 104.126.37.146
  • 104.126.37.154
  • 104.126.37.161
  • 104.126.37.178
  • 104.126.37.179
  • 104.126.37.176
  • 104.126.37.160
  • 104.126.37.163
  • 104.126.37.153
  • 104.126.37.170
  • 104.126.37.129
  • 104.126.37.185
  • 104.126.37.171
  • 104.126.37.131
  • 104.126.37.130
  • 104.126.37.128
  • 104.126.37.123
  • 104.126.37.144
  • 104.126.37.145
  • 104.126.37.139
  • 104.126.37.184
  • 2.23.227.215
  • 2.23.227.208
whitelisted
email.bigcontacts.com
  • 34.110.180.34
unknown
dosagrillva.com
  • 192.185.170.18
unknown
ajax.googleapis.com
  • 142.250.186.74
whitelisted
i.ibb.co
  • 91.134.9.160
  • 91.134.82.79
  • 91.134.10.168
  • 91.134.10.182
  • 91.134.10.127
  • 91.134.9.159
shared
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
arc.msn.com
  • 20.223.36.55
  • 20.103.156.88
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
api.ipify.org
  • 104.26.12.205
  • 104.26.13.205
  • 172.67.74.152
shared

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Not Suspicious Traffic
INFO [ANY.RUN] Image hosting service ImgBB
Not Suspicious Traffic
INFO [ANY.RUN] Image hosting service ImgBB
Not Suspicious Traffic
INFO [ANY.RUN] Image hosting service ImgBB
Not Suspicious Traffic
INFO [ANY.RUN] Image hosting service ImgBB
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain chain identified as Phishing (ipibb)
No debug info