Malware Analysis Report

2025-01-18 01:35

Sample ID 240613-j2gccazhjf
Target https://d2x10c04.na1.hs-sales-engage.com/Ctc/DO+23284/d2x10c04/JlF2-6qcW8wLKSR6lZ3n-W6PnBkQ4HZxhMVzyhxZ9jkb6-W10Z_Yc3_f7TYW1RSXjx9236ddW5f4wJz2yK4rkW2y8KTC4vK-bvW1kF3Fk29v00fW4dsCCP3PpXW-W28q0yV2cBNw9W8jmBfp3tJ6k2W3sR8Zv4Fsr4tW93Ctf19kC36ZW1Rv920368-YcW6t5nZG1B2zDTW8Dk14z8FCrp5W56vhHQ3C8ZdJW6mTyrN5LG_L8W6PB5GP8y0ghrW1qXpV83BnL_VW3pJ_667t_Mr6W8JWdlF7XMNb3W7BJxNb5PZYt4W48r1cn8yX5jCW611NM_6Xr7wjW1vKvrg6xNVLsW7Q-YLg20xr2cW22x6Bx4QnG7tW4_LYql7BDVLTdvg68804
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://d2x10c04.na1.hs-sales-engage.com/Ctc/DO+23284/d2x10c04/JlF2-6qcW8wLKSR6lZ3n-W6PnBkQ4HZxhMVzyhxZ9jkb6-W10Z_Yc3_f7TYW1RSXjx9236ddW5f4wJz2yK4rkW2y8KTC4vK-bvW1kF3Fk29v00fW4dsCCP3PpXW-W28q0yV2cBNw9W8jmBfp3tJ6k2W3sR8Zv4Fsr4tW93Ctf19kC36ZW1Rv920368-YcW6t5nZG1B2zDTW8Dk14z8FCrp5W56vhHQ3C8ZdJW6mTyrN5LG_L8W6PB5GP8y0ghrW1qXpV83BnL_VW3pJ_667t_Mr6W8JWdlF7XMNb3W7BJxNb5PZYt4W48r1cn8yX5jCW611NM_6Xr7wjW1vKvrg6xNVLsW7Q-YLg20xr2cW22x6Bx4QnG7tW4_LYql7BDVLTdvg68804 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:09

Reported

2024-06-13 08:12

Platform

win10v2004-20240611-en

Max time kernel

129s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d2x10c04.na1.hs-sales-engage.com/Ctc/DO+23284/d2x10c04/JlF2-6qcW8wLKSR6lZ3n-W6PnBkQ4HZxhMVzyhxZ9jkb6-W10Z_Yc3_f7TYW1RSXjx9236ddW5f4wJz2yK4rkW2y8KTC4vK-bvW1kF3Fk29v00fW4dsCCP3PpXW-W28q0yV2cBNw9W8jmBfp3tJ6k2W3sR8Zv4Fsr4tW93Ctf19kC36ZW1Rv920368-YcW6t5nZG1B2zDTW8Dk14z8FCrp5W56vhHQ3C8ZdJW6mTyrN5LG_L8W6PB5GP8y0ghrW1qXpV83BnL_VW3pJ_667t_Mr6W8JWdlF7XMNb3W7BJxNb5PZYt4W48r1cn8yX5jCW611NM_6Xr7wjW1vKvrg6xNVLsW7Q-YLg20xr2cW22x6Bx4QnG7tW4_LYql7BDVLTdvg68804

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d2x10c04.na1.hs-sales-engage.com/Ctc/DO+23284/d2x10c04/JlF2-6qcW8wLKSR6lZ3n-W6PnBkQ4HZxhMVzyhxZ9jkb6-W10Z_Yc3_f7TYW1RSXjx9236ddW5f4wJz2yK4rkW2y8KTC4vK-bvW1kF3Fk29v00fW4dsCCP3PpXW-W28q0yV2cBNw9W8jmBfp3tJ6k2W3sR8Zv4Fsr4tW93Ctf19kC36ZW1Rv920368-YcW6t5nZG1B2zDTW8Dk14z8FCrp5W56vhHQ3C8ZdJW6mTyrN5LG_L8W6PB5GP8y0ghrW1qXpV83BnL_VW3pJ_667t_Mr6W8JWdlF7XMNb3W7BJxNb5PZYt4W48r1cn8yX5jCW611NM_6Xr7wjW1vKvrg6xNVLsW7Q-YLg20xr2cW22x6Bx4QnG7tW4_LYql7BDVLTdvg68804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=3328,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --field-trial-handle=2116,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5312,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5336,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --field-trial-handle=5316,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=4872,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5000,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6160,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5504,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 d2x10c04.na1.hs-sales-engage.com udp
US 8.8.8.8:53 d2x10c04.na1.hs-sales-engage.com udp
US 8.8.8.8:53 d2x10c04.na1.hs-sales-engage.com udp
US 172.64.149.165:443 d2x10c04.na1.hs-sales-engage.com tcp
US 172.64.149.165:443 d2x10c04.na1.hs-sales-engage.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.9.158:443 business.bing.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 13.107.42.16:443 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 165.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 d2x10c04.na1.hs-sales-engage.com udp
US 8.8.8.8:53 d2x10c04.na1.hs-sales-engage.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 8.8.8.8:53 accelbyte.io udp
US 8.8.8.8:53 accelbyte.io udp
US 8.8.8.8:53 accelbyte.io udp
US 199.60.103.32:443 accelbyte.io tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 32.103.60.199.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 199.60.103.32:443 accelbyte.io udp
US 8.8.8.8:53 platform.linkedin.com udp
US 8.8.8.8:53 platform.linkedin.com udp
US 152.199.22.144:443 platform.linkedin.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accelbyte.io udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 21418031.fs1.hubspotusercontent-na1.net udp
US 8.8.8.8:53 21418031.fs1.hubspotusercontent-na1.net udp
US 8.8.8.8:53 static.hsappstatic.net udp
US 8.8.8.8:53 static.hsappstatic.net udp
US 104.18.41.124:443 21418031.fs1.hubspotusercontent-na1.net tcp
US 104.18.41.124:443 21418031.fs1.hubspotusercontent-na1.net tcp
US 104.18.41.124:443 21418031.fs1.hubspotusercontent-na1.net tcp
US 104.18.41.124:443 21418031.fs1.hubspotusercontent-na1.net tcp
US 104.17.174.91:443 static.hsappstatic.net tcp
US 104.18.41.124:443 21418031.fs1.hubspotusercontent-na1.net tcp
US 104.18.41.124:443 21418031.fs1.hubspotusercontent-na1.net tcp
US 104.18.41.124:443 21418031.fs1.hubspotusercontent-na1.net tcp
US 104.18.41.124:443 21418031.fs1.hubspotusercontent-na1.net tcp
US 104.18.41.124:443 21418031.fs1.hubspotusercontent-na1.net tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 js.hscollectedforms.net udp
US 8.8.8.8:53 js.hscollectedforms.net udp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 js.hs-analytics.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 104.16.110.254:443 js.hscollectedforms.net tcp
US 104.17.175.201:443 js.hs-analytics.net tcp
US 172.64.153.27:443 js.hs-banner.com tcp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 app.hubspot.com udp
US 8.8.8.8:53 app.hubspot.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 104.16.117.116:443 app.hubspot.com tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
NL 23.62.61.122:443 www.bing.com tcp
US 8.8.8.8:53 forms.hscollectedforms.net udp
US 8.8.8.8:53 forms.hscollectedforms.net udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 accelbyte.io udp
US 151.101.188.157:443 platform.twitter.com tcp
US 151.101.188.157:443 platform.twitter.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 144.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 124.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 91.174.17.104.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 254.110.16.104.in-addr.arpa udp
US 8.8.8.8:53 201.175.17.104.in-addr.arpa udp
US 8.8.8.8:53 27.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 172.64.153.27:443 js.hs-banner.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 js.zi-scripts.com udp
US 8.8.8.8:53 js.zi-scripts.com udp
US 8.8.8.8:53 track.hubspot.com udp
US 8.8.8.8:53 track.hubspot.com udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 116.117.16.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 122.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 104.18.37.212:443 js.zi-scripts.com udp
GB 172.217.169.46:443 play.google.com udp
US 104.18.37.212:443 js.zi-scripts.com udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 104.16.118.43:443 ws.zoominfo.com udp
US 8.8.8.8:53 212.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 43.118.16.104.in-addr.arpa udp
US 104.16.118.43:443 ws.zoominfo.com udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.122:443 www.bing.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 199.232.210.172:80 tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp

Files

N/A