Malware Analysis Report

2025-01-17 21:38

Sample ID 240603-qcjvhagg93
Target http://fanlink.tv/
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file http://fanlink.tv/ was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:06

Reported

2024-06-03 13:09

Platform

win10v2004-20240508-en

Max time kernel

136s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fanlink.tv/

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fanlink.tv/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3848,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4100,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3576,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5424,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5440,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5940,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6128,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5040,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5892,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=5916,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5652,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 fanlink.tv udp
US 8.8.8.8:53 fanlink.tv udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 13.56.96.205:80 fanlink.tv tcp
US 8.8.8.8:53 fanlink.tv udp
US 13.56.96.205:80 fanlink.tv tcp
US 8.8.8.8:53 fanlink.tv udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 fanlink.tv udp
US 8.8.8.8:53 fanlink.tv udp
US 13.52.31.143:443 fanlink.tv tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
BE 2.21.17.194:443 www.microsoft.com tcp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 205.96.56.13.in-addr.arpa udp
US 8.8.8.8:53 3.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 143.31.52.13.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 www.toneden.io udp
US 8.8.8.8:53 www.toneden.io udp
US 8.8.8.8:53 www.toneden.io udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.56.96.205:443 www.toneden.io tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 st.toneden.io udp
US 8.8.8.8:53 st.toneden.io udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 104.21.27.152:443 use.fontawesome.com udp
GB 18.165.160.118:443 st.toneden.io tcp
GB 18.165.160.118:443 st.toneden.io tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
GB 199.232.56.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 152.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 118.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 cdn.evbstatic.com udp
US 8.8.8.8:53 cdn.evbstatic.com udp
GB 13.224.81.88:443 cdn.evbstatic.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 cdn.lr-in.com udp
US 8.8.8.8:53 cdn.lr-in.com udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.0.176:443 js.stripe.com tcp
NL 23.62.61.56:443 analytics.tiktok.com tcp
US 104.21.234.144:443 cdn.lr-in.com udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 144.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 104.21.234.144:443 cdn.lr-in.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 www.toneden.io udp
US 104.21.234.144:443 cdn.lr-in.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 snap.licdn.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 96.17.178.207:443 snap.licdn.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 207.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.0.176:443 js.stripe.com tcp
US 8.8.8.8:53 api.stripe.com udp
US 8.8.8.8:53 api.stripe.com udp
IE 34.241.202.139:443 api.stripe.com tcp
US 151.101.0.176:443 js.stripe.com tcp
US 8.8.8.8:53 js.stripe.com udp
US 8.8.8.8:53 www.toneden.io udp
US 8.8.8.8:53 widget.intercom.io udp
US 8.8.8.8:53 widget.intercom.io udp
GB 3.162.20.122:443 widget.intercom.io tcp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.0.176:443 js.stripe.com tcp
US 8.8.8.8:53 js.intercomcdn.com udp
US 8.8.8.8:53 js.intercomcdn.com udp
GB 18.165.160.35:443 js.intercomcdn.com tcp
GB 18.165.160.35:443 js.intercomcdn.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 139.202.241.34.in-addr.arpa udp
US 8.8.8.8:53 122.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 13.56.96.205:443 www.toneden.io tcp
US 13.56.96.205:443 www.toneden.io tcp
US 8.8.8.8:53 m.stripe.com udp
US 8.8.8.8:53 m.stripe.com udp
US 44.235.107.126:443 m.stripe.com tcp
US 8.8.8.8:53 r.stripe.com udp
US 8.8.8.8:53 r.stripe.com udp
US 54.187.119.242:443 r.stripe.com tcp
US 8.8.8.8:53 35.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 126.107.235.44.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 242.119.187.54.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.toneden.io udp
US 8.8.8.8:53 www.toneden.io udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.com udp
US 8.8.8.8:53 m.stripe.com udp
US 52.25.24.113:443 m.stripe.com tcp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 113.24.25.52.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 www.toneden.io udp
US 8.8.8.8:53 www.toneden.io udp
US 13.52.31.143:443 www.toneden.io tcp
US 13.52.31.143:443 www.toneden.io tcp

Files

N/A