Malware Analysis Report

2024-11-15 05:08

Sample ID 240606-ydxfzsba31
Target https://url.us.m.mimecastprotect.com/s/OYOwCpY6jVUxXlqDQhPuZZI?domain=doc.clickup.com
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://url.us.m.mimecastprotect.com/s/OYOwCpY6jVUxXlqDQhPuZZI?domain=doc.clickup.com was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-06 19:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 19:40

Reported

2024-06-06 19:41

Platform

ubuntu2404-amd64-20240523-en

Max time network

50s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 url.us.m.mimecastprotect.com udp
US 8.8.8.8:53 url.us.m.mimecastprotect.com udp
US 207.211.31.106:443 url.us.m.mimecastprotect.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 35.166.253.131:443 location.services.mozilla.com tcp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozorg.moz.works udp
GB 13.224.77.115:443 www.mozilla.org tcp
US 207.211.31.106:443 url.us.m.mimecastprotect.com tcp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 35.201.103.21:443 normandy.cdn.mozilla.net tcp
US 44.237.98.207:443 shavar.services.mozilla.com tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.98.75.36:443 classify-client.services.mozilla.com tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 34.107.243.93:443 push.services.mozilla.com udp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 www.vodafone.co.uk udp
US 8.8.8.8:53 www.vodafone.co.uk udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 bbc.map.fastly.net udp
US 8.8.8.8:53 www-live.waf.digital-prod.vodafoneaws.co.uk udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 www.womenshealthmag.com udp
US 8.8.8.8:53 www.womenshealthmag.com udp
US 8.8.8.8:53 forms.bootshearingcare.com udp
US 8.8.8.8:53 forms.bootshearingcare.com udp
US 8.8.8.8:53 e11847.a.akamaiedge.net udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 hearst-hdm.map.fastly.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 www.theguardian.com udp
US 8.8.8.8:53 www.timeout.com udp
US 8.8.8.8:53 www.timeout.com udp
US 8.8.8.8:53 www.theguardian.com udp
US 8.8.8.8:53 time.com udp
US 8.8.8.8:53 edition.cnn.com udp
US 8.8.8.8:53 edition.cnn.com udp
US 8.8.8.8:53 time.com udp
US 8.8.8.8:53 www.businessinsider.com udp
US 8.8.8.8:53 www.businessinsider.com udp
US 8.8.8.8:53 theconversation.com udp
US 8.8.8.8:53 theconversation.com udp
US 8.8.8.8:53 f.shared.global.fastly.net udp
US 8.8.8.8:53 www.wired.com udp
US 8.8.8.8:53 www.wired.com udp
US 8.8.8.8:53 h2.condenast.map.fastly.net udp
US 8.8.8.8:53 doc.clickup.com udp
US 8.8.8.8:53 doc.clickup.com udp
GB 18.165.160.63:443 doc.clickup.com tcp
GB 18.165.160.63:443 doc.clickup.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 18.172.96.64:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 doc-cdn.clickup.com udp
US 8.8.8.8:53 doc-cdn.clickup.com udp
US 8.8.8.8:53 app-cdn.clickup.com udp
US 8.8.8.8:53 app-cdn.clickup.com udp
GB 3.162.20.33:443 doc-cdn.clickup.com tcp
GB 3.162.20.33:443 doc-cdn.clickup.com tcp
GB 3.162.20.33:443 doc-cdn.clickup.com tcp
GB 3.162.20.33:443 doc-cdn.clickup.com tcp
GB 3.162.20.33:443 doc-cdn.clickup.com tcp
GB 13.224.81.97:443 app-cdn.clickup.com tcp
GB 3.162.20.33:443 doc-cdn.clickup.com udp
GB 13.224.81.97:443 app-cdn.clickup.com udp
US 8.8.8.8:53 www.theatlantic.com udp
US 8.8.8.8:53 www.theatlantic.com udp
US 8.8.8.8:53 news.sky.com udp
US 8.8.8.8:53 news.sky.com udp
US 8.8.8.8:53 na-eu.atlanticmedia.map.fastly.net udp
US 8.8.8.8:53 e10653.e12.akamaiedge.net udp
US 8.8.8.8:53 sdk.split.io udp
US 8.8.8.8:53 sdk.split.io udp
US 8.8.8.8:53 split.map.fastly.net udp
US 151.101.3.9:443 sdk.split.io tcp
US 151.101.3.9:443 sdk.split.io tcp
GB 3.162.20.33:443 doc-cdn.clickup.com udp
US 8.8.8.8:53 www.inverse.com udp
US 8.8.8.8:53 www.inverse.com udp
US 8.8.8.8:53 www.houseandgarden.co.uk udp
US 8.8.8.8:53 www.houseandgarden.co.uk udp
US 8.8.8.8:53 rum.browser-intake-datadoghq.com udp
US 8.8.8.8:53 rum.browser-intake-datadoghq.com udp
US 3.233.158.32:443 rum.browser-intake-datadoghq.com tcp
US 3.233.158.30:443 rum.browser-intake-datadoghq.com tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 8.8.8.8:53 app.clickup.com udp
US 8.8.8.8:53 app.clickup.com udp
IE 54.229.160.14:443 app.clickup.com tcp
IE 54.229.160.14:443 app.clickup.com tcp
GB 18.165.160.63:443 doc.clickup.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 18.172.96.64:80 ocsp.r2m02.amazontrust.com tcp
GB 18.172.96.64:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.cnet.com udp
US 8.8.8.8:53 www.cnet.com udp
US 8.8.8.8:53 www.cntraveller.com udp
US 8.8.8.8:53 www.cntraveller.com udp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
US 216.239.34.181:443 analytics.google.com tcp
BE 64.233.167.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 prod-us-east-2-2.clickup.com udp
US 8.8.8.8:53 prod-us-east-2-2.clickup.com udp
US 18.116.58.15:443 prod-us-east-2-2.clickup.com tcp
US 18.116.58.15:443 prod-us-east-2-2.clickup.com tcp
US 216.239.34.181:443 analytics.google.com udp
US 18.116.58.15:443 prod-us-east-2-2.clickup.com tcp
US 18.116.58.15:443 prod-us-east-2-2.clickup.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 18.172.96.64:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 18.172.96.64:80 ocsp.r2m02.amazontrust.com tcp
GB 18.172.96.64:80 ocsp.r2m02.amazontrust.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 cdn.segment.com udp
US 8.8.8.8:53 cdn.segment.com udp
US 8.8.8.8:53 d296je7bbdd650.cloudfront.net udp
GB 18.172.98.174:443 cdn.segment.com tcp
GB 18.172.98.174:443 cdn.segment.com tcp
US 8.8.8.8:53 www.independent.co.uk udp
US 8.8.8.8:53 www.independent.co.uk udp
US 8.8.8.8:53 api.segment.io udp
US 8.8.8.8:53 api.segment.io udp
US 54.69.251.6:443 api.segment.io tcp
US 54.69.251.6:443 api.segment.io tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
GB 216.58.204.74:443 safebrowsing.googleapis.com tcp
GB 216.58.204.74:443 safebrowsing.googleapis.com udp
US 8.8.8.8:53 drlairribeiro.com udp
US 8.8.8.8:53 drlairribeiro.com udp
BR 144.22.143.77:443 drlairribeiro.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 n.sni.global.fastly.net udp
US 44.212.163.116:443 tcp
BR 144.22.143.77:443 drlairribeiro.com udp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 services.addons.mozilla.org udp
GB 18.172.89.65:443 services.addons.mozilla.org tcp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 34.160.90.233:443 versioncheck-bg.addons.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 34.160.90.233:443 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 18.165.160.87:443 addons.mozilla.org tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
FR 23.200.86.251:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 cdn.socket.io udp
US 8.8.8.8:53 cdn.socket.io udp
US 8.8.8.8:53 10decadesmen.com udp
US 8.8.8.8:53 10decadesmen.com udp
US 8.8.8.8:53 d2vgu95hoyrpkh.cloudfront.net udp
US 172.67.180.94:443 10decadesmen.com tcp
GB 3.162.20.89:443 cdn.socket.io tcp
US 172.67.180.94:443 10decadesmen.com udp
US 8.8.8.8:53 www.w3schools.com udp
US 8.8.8.8:53 www.w3schools.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 cs837.wac.edgecastcdn.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 192.229.133.221:443 www.w3schools.com tcp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp

Files

N/A