URL:

https://google.co.ve/url?6q=vhnzmsyJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fs%2Fwdsoft.com.br%2F7yoya%2Ffwjjhadffn3uag%2FbW9oYW4ucGFyYW1hc2l2YW1AYWxmYW5hci5jb20%3D%C3%A3%E2%82%AC%E2%80%9A%24%24%24%C3%A3%E2%82%AC%E2%80%9A

Full analysis: https://app.any.run/tasks/a5aa04ba-c59d-47ad-b525-0ef98b431250
Verdict: Malicious activity
Analysis date: December 14, 2024, 02:18:35
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
Indicators:
MD5:

EE5CFE6C23C489E32E6DE0913E6506A6

SHA1:

EA3F326E99B7458ACF7875FF2FD1B173C34EF645

SHA256:

D31494B319B937D553A3328896801BA79527EF38149BCFBB284268504C57A47B

SSDEEP:

6:2LuJLQkZHRtMqfaDETXfpAJ8plNKzAvAgIq1B9BxAvAgIqV:2yjPfaDAmJ8pQVxq1fVxqV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 4792)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
133
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
4792"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2604 --field-trial-handle=2320,i,16194277592197507296,15814343983252007256,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
10
Suspicious files
16
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c4text
MD5:A14BDC22836412FD7E818B72710C8A6F
SHA256:809EF4F0F748C44E79C609753543FD8F0C2B7E0F925B0DB2F024F35D52337117
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bebinary
MD5:A13950D5C46BA7626038A14928733C65
SHA256:A64B352A67063E61461395D884206A080E64E0705151E21F59C438670F4B1E3F
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent Statebinary
MD5:F8AEBE077C6A9FCEB3F0484ADCE7969C
SHA256:EDE46D418526EE54A8393EA8C2228E8FBB5B201091FFC84B02E83AE6E46A3C7E
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2b6679.TMPbinary
MD5:15D26FA4E16467BE658F42074AC0DBAA
SHA256:D287407BD901A32E3F38F4392984507184D596C3694FAA69DD0B2E68F9F3A8FE
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2c46f6.TMPbinary
MD5:2A21453795942FD88CBB06714604B9FD
SHA256:5DFE0384325B556EE4B8668E502312B9BA6ADC298CD9213DDFA528CB959ADC06
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c5text
MD5:D2F56C9452725F9271AEEC713DDE4801
SHA256:4473EB4FBF3FDDF79BB1526E85882C91BC7D28A6974E68845FA3B22EDDC426B9
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3text
MD5:F4031F3CF7E2C747D97BB42E9D87223C
SHA256:44A168E9D173976EB16FDE11CCCF04C33FC59FA3C9D778A9C03D7105C5C4112E
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c7text
MD5:685C27129149F470A7336953EBBA0FF2
SHA256:C0F0C4B3519CA795C33E1BF4E0988A0A6618A38195078F60A3CF6D1FA2BE3AF1
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdtext
MD5:E27CA466A5710AA739C2C41863C0EF52
SHA256:109543EAAA5BC404F225BDCF9A654AF048D3819124605C138A9EC5D40F72BCBE
4792msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bctext
MD5:0ACC8A15F2E542DCC4A8FE695D888173
SHA256:8E07285DA9693AA2BCB4D89F87876583CD5AD6170ED0C634A0AF08984FC9D39F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
97
TCP/UDP connections
59
DNS requests
41
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
403
191.252.141.125:443
https://wdsoft.com.br/favicon.ico
unknown
HEAD
200
184.30.17.174:443
https://fs.microsoft.com/fs/windows/config.json
unknown
5896
RUXIMICS.exe
GET
200
23.32.238.107:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2856
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
3804
svchost.exe
GET
200
23.38.73.129:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4304
MoUsoCoreWorker.exe
GET
200
23.38.73.129:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2856
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
4304
MoUsoCoreWorker.exe
GET
200
23.32.238.107:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3804
svchost.exe
GET
200
23.32.238.107:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5896
RUXIMICS.exe
GET
200
23.38.73.129:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3804
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
224.0.0.251:5353
unknown
4792
msedge.exe
40.79.150.121:443
MICROSOFT-CORP-MSN-AS-BLOCK
FR
unknown
5896
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4304
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5988
svchost.exe
239.255.255.250:1900
whitelisted
4792
msedge.exe
142.250.185.163:443
google.co.ve
GOOGLE
US
whitelisted
6552
svchost.exe
184.30.17.174:443
fs.microsoft.com
AKAMAI-AS
DE
whitelisted
4792
msedge.exe
216.58.206.35:443
www.google.co.ve
GOOGLE
US
whitelisted
5896
RUXIMICS.exe
23.32.238.107:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
google.co.ve
  • 142.250.185.163
whitelisted
fs.microsoft.com
  • 184.30.17.174
whitelisted
www.google.co.ve
  • 216.58.206.35
whitelisted
crl.microsoft.com
  • 23.32.238.107
  • 23.32.238.112
  • 2.16.241.19
  • 2.16.241.12
whitelisted
wdsoft.com.br
  • 191.252.141.125
unknown
www.microsoft.com
  • 23.38.73.129
  • 95.101.149.131
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.19.80.27
  • 2.19.80.89
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.130
  • 2.23.209.182
  • 2.23.209.149
whitelisted
ntp.msn.com
  • 204.79.197.203
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (wdsoft .com .br)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (wdsoft .com .br)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://google.co.ve/url?6q=vhnzmsyJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fs%2Fwdsoft.com.br%2F7yoya%2Ffwjjhadffn3uag%2FbW9oYW4ucGFyYW1hc2l2YW1AYWxmYW5hci5jb20%3D%C3%A3%E2%82%AC%E2%80%9A%24%24%24%C3%A3%E2%82%AC%E2%80%9A