Malware analysis https://link-target.net/552387/astralfn&& Malicious activity

Add for printing

URL:	https://link-target.net/552387/astralfn&&
Full analysis:	https://app.any.run/tasks/e09c41b3-24aa-4938-b59f-c4f93cce801f
Verdict:	Malicious activity
Analysis date:	May 10, 2025, 05:19:36
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	qrcode
MD5:	19BBB836072DA0BB315576E7AA2A9D56
SHA1:	6F6AE9699835D10E1203F9E4B05C6A167368E16E
SHA256:	F95D8F0EFEACBE36A77D94CC66A219CC8A018FC9971807078B7D9A4DC39668BB
SSDEEP:	3:N8MLn7yLARKFKghn:2MIzUghn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

145

Monitored processes

1

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
1396	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2372,i,8504447382059928769,14367336096275567116,262144 --variations-seed-version /prefetch:3	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe		msedge.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

7

Suspicious files

72

Text files

30

Unknown types

0

Dropped files

PID	Process	Filename		Type
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ba		text
		MD5:638A4990025383A0F83EBF29BDB84A68	SHA256:878E34B89800BB271D3588E526EB3598EB3822E263F3BDAF53645847D39D0AD6
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0		text
		MD5:83E868DB86C4B6282B5463CD1366DD3E	SHA256:574190C648D6F28B480C747082DDB837E13B2B29B29A459CC5E3825A73B889FA
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c6		binary
		MD5:A40992139C78F772A59FD5C51214A6C5	SHA256:9C2CCF33CFE33CDE3B9DA4A713DC5EB1347D9698BBEBF56854A758D08C8A78BE
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c7		compressed
		MD5:A16A6065097A0EDEF55A75A766F983B8	SHA256:A860C71551997041F1FD8DB3498E932FF7C27FCE45558F79548F35226C748FC6
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb		compressed
		MD5:61E4576E6AA91CD435FE92F085FB0A3C	SHA256:78D8ACA4E50E6BA58890B68F8C3D6E562FF0B16516A0C3DF56BE18B69DCA6AA9
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc		text
		MD5:1DF4C58BB92CBF68DC41C0661DE8309D	SHA256:79FBACD3C251F6FADA1A166F4BE754B3B774740DC843B5E5D3C62080A88B4C46
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bd		compressed
		MD5:485D58609D6366BA36FB7B84EAC6B084	SHA256:D069B972B57701DAA19F8F9703A257667041A039FF5522327C9AD228CB20FAAC
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bf		binary
		MD5:9A01B69183A9604AB3A439E388B30501	SHA256:20B535FA80C8189E3B87D1803038389960203A886D502BC2EF1857AFFC2F38D2
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000cd		text
		MD5:638A4990025383A0F83EBF29BDB84A68	SHA256:878E34B89800BB271D3588E526EB3598EB3822E263F3BDAF53645847D39D0AD6
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000cc		binary
		MD5:16C8028148F0E0EB1CF1AA642143097A	SHA256:DC157A076F6CF96067C724EC50EB0043CB0C6190E49207E545B3FCD700F1776C

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

133

TCP/UDP connections

135

DNS requests

136

Threats

23

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	302	104.18.0.75:443	https://link-target.net/552387/astralfn&&	unknown	—	—	—
2984	svchost.exe	GET	200	2.16.164.18:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
3080	MoUsoCoreWorker.exe	GET	200	2.16.164.18:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
—	—	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	POST	204	216.239.34.181:443	https://analytics.google.com/g/collect?v=2&tid=G-7DRMH8RP03&gtm=45je5571v876039128z8831813050za200zb831813050&_p=1746854387507&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116026~103200004~103233427~103251618~103251620~103284320~103284322~103301114~103301116&cid=499980374.1746854389&ecid=1051319390&ul=en-us&sr=1540x734&uaa=x86&uab=64&uafvl=Chromium%3B122.0.6261.70%7CNot(A%253ABrand%3B24.0.0.0%7CMicrosoft%2520Edge%3B122.0.2365.59&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1746854389&sct=1&seg=0&dl=https%3A%2F%2Flinkvertise.com%2F552387%2Fastralfn%26%26%3Fo%3Dsharing&dt=Linkvertise%20%7C%20The%20Search%20Engine%20for%20exclusive%20Content!&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4967	unknown	—	—	—
—	—	GET	200	104.26.11.238:443	https://assets.churnkey.co/css/app.css	unknown	—	—	—
—	—	POST	204	172.217.18.14:443	https://stats.g.doubleclick.net/g/collect?v=2&tid=G-7DRMH8RP03&cid=499980374.1746854389&gtm=45je5571v876039128z8831813050za200zb831813050&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116026~103200004~103233427~103251618~103251620~103284320~103284322~103301114~103301116	unknown	—	—	—
—	—	GET	200	172.217.18.14:443	https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7762049002141603&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1746854390&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Flinkvertise.com%2F552387%2Fastralfn%26%26%3Fo%3Dsharing&pra=5&wgl=1&aihb=0&asro=0&aifxl=29_18~30_19&aiapm=0.15&aiapmi=0.16&aiact=0.7&aicct=0.7&ailct=0.7&aimart=8&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTIyLjAuMjM2NS41OSIsbnVsbCwwLG51bGwsIjY0IixbWyJDaHJvbWl1bSIsIjEyMi4wLjYyNjEuNzAiXSxbIk5vdChBOkJyYW5kIiwiMjQuMC4wLjAiXSxbIk1pY3Jvc29mdCBFZGdlIiwiMTIyLjAuMjM2NS41OSJdXSwwXQ..&dt=1746854388654&bpp=3&bdt=2687&idt=1797&shv=r20250507&mjsv=m202505060101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=2517545436297&frm=20&pv=2&u_tz=0&u_his=2&u_h=734&u_w=1540&u_ah=734&u_aw=1540&u_cd=24&u_sd=1&dmc=4&adx=-12245933&ady=-12245933&biw=1532&bih=660&scr_x=0&scr_y=0&eid=31092114%2C95358862%2C95358864%2C31092193%2C31092319&oid=2&pvsid=7610398587752622&tmod=805777144&wsm=1&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1540%2C0%2C1540%2C734%2C1532%2C660&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.01&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=1816	unknown	—	—	—
—	—	GET	200	2.16.164.18:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	239.255.255.250:1900	—	—	—	whitelisted
3080	MoUsoCoreWorker.exe	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
6364	RUXIMICS.exe	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
2984	svchost.exe	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1396	msedge.exe	172.67.183.142:443	link-target.net	—	—	suspicious
1396	msedge.exe	104.18.0.75:443	linkvertise.com	—	—	shared
1396	msedge.exe	142.250.186.98:443	securepubads.g.doubleclick.net	—	—	whitelisted
1396	msedge.exe	104.17.24.14:443	cdnjs.cloudflare.com	—	—	whitelisted
1396	msedge.exe	172.217.16.131:443	fonts.gstatic.com	—	—	whitelisted
1396	msedge.exe	104.18.10.207:443	stackpath.bootstrapcdn.com	—	—	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.250.185.142	whitelisted
link-target.net	172.67.183.142 104.21.72.113	unknown
linkvertise.com	104.18.0.75 104.18.1.75	whitelisted
cdn.exmarketplace.com	95.110.206.108 95.110.204.9	unknown
securepubads.g.doubleclick.net	142.250.186.98	whitelisted
cdnjs.cloudflare.com	104.17.24.14 104.17.25.14	whitelisted
www.bing.com	2.16.241.201 2.16.241.218	whitelisted
fonts.gstatic.com	172.217.16.131	whitelisted
maxst.icons8.com	169.150.255.184 212.102.56.179 37.19.194.81 195.181.170.18 207.211.211.27 169.150.255.180 195.181.175.40	whitelisted
stackpath.bootstrapcdn.com	104.18.10.207 104.18.11.207	whitelisted

Threats

PID	Process	Class	Message
—	—	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
—	—	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
—	—	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
—	—	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
—	—	Misc activity	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
—	—	Misc activity	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
—	—	Misc activity	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
—	—	Potential Corporate Privacy Violation	ET INFO External IP Lookup (ipify .org)
—	—	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
—	—	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)

Add for printing

No debug info

General Info

https://link-target.net/552387/astralfn&&

19BBB836072DA0BB315576E7AA2A9D56

6F6AE9699835D10E1203F9E4B05C6A167368E16E

F95D8F0EFEACBE36A77D94CC66A219CC8A018FC9971807078B7D9A4DC39668BB

3:N8MLn7yLARKFKghn:2MIzUghn

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings