Malware Analysis Report

2024-11-15 05:10

Sample ID 240606-zp1s8abh41
Target https://url.us.m.mimecastprotect.com/s/d9YaCn5V9JT6yyP6zc9XDFS?domain=my.healthequity.com
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://url.us.m.mimecastprotect.com/s/d9YaCn5V9JT6yyP6zc9XDFS?domain=my.healthequity.com was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-06 20:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 20:54

Reported

2024-06-06 20:54

Platform

ubuntu2404-amd64-20240523-en

Max time network

19s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 url.us.m.mimecastprotect.com udp
US 8.8.8.8:53 url.us.m.mimecastprotect.com udp
US 207.211.31.113:443 url.us.m.mimecastprotect.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 44.241.205.248:443 location.services.mozilla.com tcp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozorg.moz.works udp
GB 13.224.77.115:443 www.mozilla.org tcp
US 207.211.31.113:443 url.us.m.mimecastprotect.com tcp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 my.healthequity.com udp
US 8.8.8.8:53 my.healthequity.com udp
US 8.8.8.8:53 my.healthequity.com.cdn.cloudflare.net udp
US 104.16.21.42:443 my.healthequity.com tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 35.201.103.21:443 normandy.cdn.mozilla.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 34.98.75.36:443 classify-client.services.mozilla.com tcp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 34.107.243.93:443 push.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 www.vodafone.co.uk udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.vodafone.co.uk udp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 www-live.waf.digital-prod.vodafoneaws.co.uk udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 bbc.map.fastly.net udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 forms.bootshearingcare.com udp
US 8.8.8.8:53 forms.bootshearingcare.com udp
US 8.8.8.8:53 www.womenshealthmag.com udp
US 8.8.8.8:53 www.womenshealthmag.com udp
US 8.8.8.8:53 e11847.a.akamaiedge.net udp
US 8.8.8.8:53 hearst-hdm.map.fastly.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.42:443 ajax.googleapis.com tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.200.42:443 ajax.googleapis.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 seal.digicert.com udp
US 8.8.8.8:53 seal.digicert.com udp
IE 63.33.186.64:443 seal.digicert.com tcp
US 8.8.8.8:53 cdn.walkme.com udp
US 8.8.8.8:53 cdn.walkme.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 e12923.a.akamaiedge.net udp
BE 104.68.83.225:443 cdn.walkme.com tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 papi.walkme.com udp
US 8.8.8.8:53 papi.walkme.com udp
BE 104.68.83.225:443 papi.walkme.com tcp
US 8.8.8.8:53 zn3wuoawaazkbfa29-healthequity.siteintercept.qualtrics.com udp
US 8.8.8.8:53 zn3wuoawaazkbfa29-healthequity.siteintercept.qualtrics.com udp
US 8.8.8.8:53 prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net udp
US 104.17.209.240:443 zn3wuoawaazkbfa29-healthequity.siteintercept.qualtrics.com tcp
US 8.8.8.8:53 siteintercept.qualtrics.com udp
US 8.8.8.8:53 siteintercept.qualtrics.com udp
US 8.8.8.8:53 prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net udp
US 104.17.208.240:443 siteintercept.qualtrics.com tcp
US 8.8.8.8:53 prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net udp
US 8.8.8.8:53 my.healthequity.com.cdn.cloudflare.net udp
US 8.8.8.8:53 iad1.qualtrics.com udp
US 8.8.8.8:53 iad1.qualtrics.com udp
US 8.8.8.8:53 e12398.b.akamaiedge.net udp
SE 23.34.233.95:443 iad1.qualtrics.com tcp
US 8.8.8.8:53 prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net udp
US 8.8.8.8:53 www.theguardian.com udp
US 8.8.8.8:53 www.theguardian.com udp
US 8.8.8.8:53 www.timeout.com udp
US 8.8.8.8:53 www.timeout.com udp
US 8.8.8.8:53 playerserver.walkme.com udp
US 8.8.8.8:53 playerserver.walkme.com udp
US 8.8.8.8:53 ec-playback.walkme.com udp
US 8.8.8.8:53 ec-playback.walkme.com udp
BE 104.68.83.225:443 playerserver.walkme.com tcp
US 34.117.60.46:443 ec-playback.walkme.com tcp
US 8.8.8.8:53 my.healthequity.com.cdn.cloudflare.net udp
US 34.117.60.46:443 ec-playback.walkme.com udp
US 8.8.8.8:53 ec.walkme.com udp
US 8.8.8.8:53 ec.walkme.com udp
US 35.201.109.167:443 ec.walkme.com tcp
US 8.8.8.8:53 ec.walkme.com udp
US 35.201.109.167:443 ec.walkme.com udp
US 8.8.8.8:53 my.healthequity.com.cdn.cloudflare.net udp
US 8.8.8.8:53 edition.cnn.com udp
US 8.8.8.8:53 edition.cnn.com udp
US 8.8.8.8:53 time.com udp
US 8.8.8.8:53 time.com udp
US 8.8.8.8:53 my.healthequity.com.cdn.cloudflare.net udp
US 8.8.8.8:53 ec-playback.walkme.com udp
US 34.117.60.46:443 ec-playback.walkme.com udp
US 8.8.8.8:53 www.businessinsider.com udp
US 8.8.8.8:53 www.businessinsider.com udp
US 8.8.8.8:53 theconversation.com udp
US 8.8.8.8:53 theconversation.com udp
US 8.8.8.8:53 f.shared.global.fastly.net udp
US 8.8.8.8:53 www.inverse.com udp
US 8.8.8.8:53 www.inverse.com udp

Files

N/A