URL:

https://google.co.ve/url?6q=qxleazhJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fs%2Fwdsoft.com.br%2F7yoya%2Fsdn8ctp5iw216o%2FY2xhdWRpYS50aGllbGVtYW5uQHJ0bC5jb20%3D%C3%A3%E2%82%AC%E2%80%9A%24%24%C3%A3%E2%82%AC%E2%80%9A

Full analysis: https://app.any.run/tasks/24e5f733-d6eb-4c34-b7bf-270ddf53112f
Verdict: Malicious activity
Analysis date: December 14, 2024, 04:46:23
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
Indicators:
MD5:

6C9D9C77E3AB8A238B4AD2815A3E08E4

SHA1:

E4BB0B36324C0EE7A5495E0DAB69D8D0E61AEC5C

SHA256:

CE5AAF0C0B842921781B01C79236769AB7C0F098AEBC7C2D4D0818CC55C2020F

SSDEEP:

6:2LuJLQkbEkRtMqfaDEpd6ieUPjKzAvAgIq1BKBxAvAgIqV:2yjFfaDGsieUPQVxq1iVxqV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 4792)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
144
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
4792"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2604 --field-trial-handle=2320,i,16194277592197507296,15814343983252007256,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
10
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent Statebinary
MD5:9B4BD4E14950C0FB7762EFB7C1C8FF6C
SHA256:A249BBCAA2B44FB64365C40159EF0FAAA7BFB0F8E13F68A67B254577472AA481
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2b610a.TMPbinary
MD5:15D26FA4E16467BE658F42074AC0DBAA
SHA256:D287407BD901A32E3F38F4392984507184D596C3694FAA69DD0B2E68F9F3A8FE
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\4f099ee7-6ba7-4bd2-9ff7-3d7698265995.tmpbinary
MD5:3A34C141FB2DA763CBA7DE151E5518EC
SHA256:7A3B3F160FCBDDE811687A86FBA9C91F6B005E8C3BE7F69FDBD408A81E7D44F6
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2c47c1.TMPbinary
MD5:2A21453795942FD88CBB06714604B9FD
SHA256:5DFE0384325B556EE4B8668E502312B9BA6ADC298CD9213DDFA528CB959ADC06
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecuritybinary
MD5:3A34C141FB2DA763CBA7DE151E5518EC
SHA256:7A3B3F160FCBDDE811687A86FBA9C91F6B005E8C3BE7F69FDBD408A81E7D44F6
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\5abfe8d3-dc2e-4a0c-89a4-88ec830c4f63.tmpbinary
MD5:9B4BD4E14950C0FB7762EFB7C1C8FF6C
SHA256:A249BBCAA2B44FB64365C40159EF0FAAA7BFB0F8E13F68A67B254577472AA481
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2f65d9.TMPbinary
MD5:9B4BD4E14950C0FB7762EFB7C1C8FF6C
SHA256:A249BBCAA2B44FB64365C40159EF0FAAA7BFB0F8E13F68A67B254577472AA481
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\050fe659-a573-4295-b31b-26422f27d4b4.tmpbinary
MD5:B3B349393220466FB2C52DB0437EE61E
SHA256:5A15E30620A4AB92E2F1AEE1801AB9642205B1CEA55B9E6479B6AE846DE65F87
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000babinary
MD5:9D3A86131A0DB3FE3C8DA961A9375437
SHA256:25169B42169BB50686D2F56EBD79F58B88761B3CC492F5AC15B1841F27C9DECE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
50
DNS requests
28
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
200
184.30.17.174:443
https://fs.microsoft.com/fs/windows/config.json
unknown
2856
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
GET
403
191.252.141.125:443
https://wdsoft.com.br/favicon.ico
unknown
2856
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
4304
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2856
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
2856
svchost.exe
GET
200
2.16.164.106:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
2888
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2856
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
5968
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.251:5353
unknown
2888
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4792
msedge.exe
20.42.73.25:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4304
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5968
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5988
svchost.exe
239.255.255.250:1900
whitelisted
4792
msedge.exe
142.250.184.227:443
google.co.ve
GOOGLE
US
whitelisted
7108
svchost.exe
184.28.90.27:443
fs.microsoft.com
AKAMAI-AS
US
whitelisted
4792
msedge.exe
216.58.206.67:443
www.google.co.ve
GOOGLE
US
whitelisted
5968
svchost.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.212.174
whitelisted
google.co.ve
  • 142.250.184.227
whitelisted
fs.microsoft.com
  • 184.28.90.27
whitelisted
www.google.co.ve
  • 216.58.206.67
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.106
whitelisted
wdsoft.com.br
  • 191.252.141.125
unknown
www.microsoft.com
  • 95.101.149.131
  • 184.30.21.171
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
www.bing.com
  • 2.23.209.182
  • 2.23.209.189
  • 2.23.209.140
  • 2.23.209.176
  • 2.23.209.185
  • 2.23.209.187
  • 2.23.209.133
  • 2.23.209.149
  • 2.23.209.179
  • 2.23.209.130
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (wdsoft .com .br)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (wdsoft .com .br)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://google.co.ve/url?6q=qxleazhJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fs%2Fwdsoft.com.br%2F7yoya%2Fsdn8ctp5iw216o%2FY2xhdWRpYS50aGllbGVtYW5uQHJ0bC5jb20%3D%C3%A3%E2%82%AC%E2%80%9A%24%24%C3%A3%E2%82%AC%E2%80%9A