URL: | http://email.bigcontacts.com/c/eJw8yk1uwyAQQOHTDLtYMPx6wSJtlWtEY8DYlQkRkFTp6atsunx6X_TRiIVY8sJKo6VEYdjmtdGKL_NquRLOOLuQldouapnVGswa2O6Ro-ZCcOGQCzPhPFvpQnJpjS5FDYovew71NiiMPoVa2OG3Me4d5BnwAniJtVNu-3E86f0BL32jlqZtlIOV1yk8-qjlFGmQB_sBiOV1Lal3yum6R0AEeZYKnXVaAn4CYqBypz3frkfN_wQQNedSvst-sea_Sw_bD7XxC4rf7qM9-phqy-zp8S8AAP__KBtR_A |
Full analysis: | https://app.any.run/tasks/d0b1c758-f36a-45fc-8937-bd2dfb40bad5 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 21:00:41 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MD5: | 4DD1DB16E367976E8506D37C3F2C6029 |
SHA1: | 39041349CD4B3901D51C34E5A492B1278B161C7A |
SHA256: | B61E7DE24DC1C5BA0F662ACF7CFD89C90C3AFE4A7447CC212CF3A1990726FCAB |
SSDEEP: | 6:C+sKmOSpTT7JAdO+MWebw5DDmbVLNpSUVzaoALn/vdI6WR4y5DSaqMku:olT7GxMWzl8LN8UVOBJI9RtTku |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity | binary | |
MD5:D8F24244B8580D8FA6B98165706DE7EB | SHA256:11A8EB0E0B2933C7841662AC67FAB5C2EACE0760A2AC43FE4648279712265A83 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF29dfaa.TMP | binary | |
MD5:D8F24244B8580D8FA6B98165706DE7EB | SHA256:11A8EB0E0B2933C7841662AC67FAB5C2EACE0760A2AC43FE4648279712265A83 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc | image | |
MD5:DFBA35A10488D1E27F59C04383435FE9 | SHA256:6DA8A815CDDB4F57FED1050A6070DD7CBD3B7F7C59FDFD0101A0B4DD904DEBC8 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fe | image | |
MD5:25DCC9FE53908DC5DA260BC3D559F5FB | SHA256:CDE17C3894EAB1101C02F3FE7980A11A2CE80D4380513CA3443E766852F4DF1E | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF29722b.TMP | binary | |
MD5:D2615E0C4F6C46045EDB3EAA0ACE252A | SHA256:48EFA073914F67BCCE305DECBC121BE7FA6D343982BE00A666B4C5FB6A30A7A9 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\79785075-e1f0-4511-a200-87961653cc0f.tmp | binary | |
MD5:7E9C81C4C3C51C2ADD329C4F4A77F684 | SHA256:6EEBF7F01A186C42C2BBEA526C0AF68DF9CEE1DCA60189C97B5C34F728DE65BF | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000101 | binary | |
MD5:311F1298863858C8334BD7A8A0E34014 | SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State | binary | |
MD5:7E9C81C4C3C51C2ADD329C4F4A77F684 | SHA256:6EEBF7F01A186C42C2BBEA526C0AF68DF9CEE1DCA60189C97B5C34F728DE65BF | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\42059011-81a9-453e-b8fc-ccee78029d47.tmp | binary | |
MD5:79708BF1A054E422D44C042DA33409AB | SHA256:029F18B9914492E7EA8A4CB1F17A8A251750D6FFD22E511C40AB94CA573E3697 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\9ae6a7ef-acda-4c89-b31c-de909f5156c6.tmp | binary | |
MD5:D8F24244B8580D8FA6B98165706DE7EB | SHA256:11A8EB0E0B2933C7841662AC67FAB5C2EACE0760A2AC43FE4648279712265A83 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
7172 | msedge.exe | GET | 302 | 34.110.180.34:80 | http://email.bigcontacts.com/c/eJw8yk1uwyAQQOHTDLtYMPx6wSJtlWtEY8DYlQkRkFTp6atsunx6X_TRiIVY8sJKo6VEYdjmtdGKL_NquRLOOLuQldouapnVGswa2O6Ro-ZCcOGQCzPhPFvpQnJpjS5FDYovew71NiiMPoVa2OG3Me4d5BnwAniJtVNu-3E86f0BL32jlqZtlIOV1yk8-qjlFGmQB_sBiOV1Lal3yum6R0AEeZYKnXVaAn4CYqBypz3frkfN_wQQNedSvst-sea_Sw_bD7XxC4rf7qM9-phqy-zp8S8AAP__KBtR_A | unknown | — | — | — |
3024 | svchost.exe | HEAD | 200 | 84.201.210.21:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736814260&P2=404&P3=2&P4=c74md5vA8A8wi4acyq6DMmPDX3GddhWIn%2bL%2f7%2b6BpVBviByf5g1XKo4G6PSKoyOiXLcwyySZa83Ad3F6D5NhzA%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 302 | 184.30.21.171:443 | https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18 | unknown | — | — | — |
— | — | GET | 200 | 104.21.112.1:443 | https://i.ibb.co/zr2zMVC/output-onlinepngtools.png | unknown | image | 50.5 Kb | whitelisted |
— | — | GET | 200 | 104.21.48.1:443 | https://i.ibb.co/42sVSPG/b.png | unknown | image | 3.44 Kb | whitelisted |
— | — | GET | 200 | 104.21.16.1:443 | https://i.ibb.co/zr2zMVC/output-onlinepngtools.png | unknown | image | 50.5 Kb | whitelisted |
— | — | GET | 200 | 20.223.35.26:443 | https://arc.msn.com/v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=13&OPSYS=WIN10&locale=en-US&country=US&edgeid=4286224394064939872&ACHANNEL=4&ABUILD=122.0.6261.70&poptin=0&devosver=10.0.19045.4046&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=122&AMINOR=0&ABLD=6261&APATCH=70 | unknown | binary | 2.07 Kb | whitelisted |
— | — | GET | 200 | 13.107.246.45:443 | https://xpaywalletcdn.azureedge.net/mswallet/ExpressCheckout/v2/GetEligibleSites?version=0&type=topSite&IsStable=false | unknown | binary | 497 b | whitelisted |
— | — | GET | 404 | 192.185.170.18:443 | https://dosagrillva.com/favicon.ico | unknown | html | 11.5 Kb | — |
3024 | svchost.exe | GET | 206 | 84.201.210.21:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736814260&P2=404&P3=2&P4=c74md5vA8A8wi4acyq6DMmPDX3GddhWIn%2bL%2f7%2b6BpVBviByf5g1XKo4G6PSKoyOiXLcwyySZa83Ad3F6D5NhzA%3d%3d | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3076 | RUXIMICS.exe | 51.124.78.146:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3080 | MoUsoCoreWorker.exe | 51.124.78.146:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
5248 | svchost.exe | 51.124.78.146:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4668 | msedge.exe | 224.0.0.251:5353 | — | — | — | unknown |
7172 | msedge.exe | 104.126.37.146:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
7172 | msedge.exe | 34.110.180.34:80 | email.bigcontacts.com | GOOGLE | US | suspicious |
7172 | msedge.exe | 192.185.170.18:443 | dosagrillva.com | UNIFIEDLAYER-AS-1 | US | unknown |
7172 | msedge.exe | 142.250.186.74:443 | ajax.googleapis.com | GOOGLE | US | whitelisted |
7172 | msedge.exe | 91.134.9.160:443 | i.ibb.co | OVH SAS | FR | shared |
Domain | IP | Reputation |
---|---|---|
google.com |
| whitelisted |
www.bing.com |
| whitelisted |
email.bigcontacts.com |
| unknown |
dosagrillva.com |
| unknown |
ajax.googleapis.com |
| whitelisted |
i.ibb.co |
| shared |
settings-win.data.microsoft.com |
| whitelisted |
arc.msn.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
api.ipify.org |
| shared |
PID | Process | Class | Message |
---|---|---|---|
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Image hosting service ImgBB |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Image hosting service ImgBB |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Image hosting service ImgBB |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Image hosting service ImgBB |
— | — | Misc activity | ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup |
— | — | Misc activity | ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup |
— | — | Misc activity | ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Domain chain identified as Phishing (ipibb) |