Malware Analysis Report

2025-01-19 00:30

Sample ID 240508-sk9r1aad6v
Target https://rvianc.com/?bhxvsfgq=5555d6a1972108a069d0245007c206ad4a6b3b3dc31b1e83621d70b9cae348dda788b24c5058777fab081c12588a8576e9dc2fc090f86969e80a904f548d567f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://rvianc.com/?bhxvsfgq=5555d6a1972108a069d0245007c206ad4a6b3b3dc31b1e83621d70b9cae348dda788b24c5058777fab081c12588a8576e9dc2fc090f86969e80a904f548d567f was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-08 15:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-08 15:12

Reported

2024-05-08 15:14

Platform

win10v2004-20240508-en

Max time kernel

132s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rvianc.com/?bhxvsfgq=5555d6a1972108a069d0245007c206ad4a6b3b3dc31b1e83621d70b9cae348dda788b24c5058777fab081c12588a8576e9dc2fc090f86969e80a904f548d567f

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rvianc.com/?bhxvsfgq=5555d6a1972108a069d0245007c206ad4a6b3b3dc31b1e83621d70b9cae348dda788b24c5058777fab081c12588a8576e9dc2fc090f86969e80a904f548d567f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4692,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4716,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5252,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5424,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5440,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5908,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6120,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4140,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5636,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=3892,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=4148,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 rvianc.com udp
US 8.8.8.8:53 rvianc.com udp
DE 77.37.67.67:443 rvianc.com tcp
US 8.8.8.8:53 rvianc.com udp
DE 77.37.67.67:443 rvianc.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
DE 2.19.126.145:443 bzib.nelreports.net tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 167.89.28.184.in-addr.arpa udp
US 8.8.8.8:53 67.67.37.77.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 145.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.18.125.91:443 js.hcaptcha.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
BE 2.17.107.131:443 www.bing.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 rvianc.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 rvianc.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 131.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 91.125.18.104.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 rvianc.com udp
US 8.8.8.8:53 rvianc.com udp
US 104.18.125.91:443 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
N/A 224.0.0.251:5353 udp
US 104.18.125.91:443 api.hcaptcha.com udp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
BE 2.17.107.131:443 www.bing.com udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
DE 77.37.67.67:443 rvianc.com tcp
DE 77.37.67.67:443 rvianc.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 104.18.125.91:443 imgs3.hcaptcha.com udp
US 104.18.125.91:443 imgs3.hcaptcha.com udp
US 104.18.125.91:443 imgs3.hcaptcha.com tcp
US 8.8.8.8:53 rvianc.com udp
US 8.8.8.8:53 rvianc.com udp
US 8.8.8.8:53 bushveidminerals.com udp
US 8.8.8.8:53 bushveidminerals.com udp
US 8.8.8.8:53 bushveidminerals.com udp
DE 77.37.67.67:443 bushveidminerals.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
DE 77.37.67.67:443 bushveidminerals.com tcp
DE 77.37.67.67:443 bushveidminerals.com udp
DE 77.37.67.67:443 bushveidminerals.com tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
BE 2.17.107.129:443 www.bing.com udp
US 8.8.8.8:53 37.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 outlook.office365.com udp
US 8.8.8.8:53 outlook.office365.com udp
US 8.8.8.8:53 outlook.office365.com udp
US 8.8.8.8:53 bushveidminerals.com udp
GB 52.98.227.114:443 outlook.office365.com tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
US 8.8.8.8:53 r4.res.office365.com udp
US 8.8.8.8:53 r4.res.office365.com udp
DE 23.38.98.104:443 r4.res.office365.com tcp
DE 77.37.67.67:443 bushveidminerals.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 129.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 114.227.98.52.in-addr.arpa udp
DE 77.37.67.67:443 bushveidminerals.com tcp
US 8.8.8.8:53 104.98.38.23.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp
BE 2.17.107.121:443 www.bing.com udp
US 8.8.8.8:53 121.107.17.2.in-addr.arpa udp

Files

N/A