Malware Analysis Report

2025-01-18 01:03

Sample ID 240613-rc66gawdpp
Target https://bxwui.r.sp1-brevo.net/mk/cl/f/sh/1t6Af4OiGsE8LR5BhpHckb2L2UUQ7i/Qz2SDkqmxVsV
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://bxwui.r.sp1-brevo.net/mk/cl/f/sh/1t6Af4OiGsE8LR5BhpHckb2L2UUQ7i/Qz2SDkqmxVsV was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:03

Reported

2024-06-13 14:06

Platform

win10v2004-20240611-en

Max time kernel

137s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bxwui.r.sp1-brevo.net/mk/cl/f/sh/1t6Af4OiGsE8LR5BhpHckb2L2UUQ7i/Qz2SDkqmxVsV

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bxwui.r.sp1-brevo.net/mk/cl/f/sh/1t6Af4OiGsE8LR5BhpHckb2L2UUQ7i/Qz2SDkqmxVsV

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3980,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3888,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4352,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4108,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5468,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5476,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5940,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6152,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5524,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5732,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 bxwui.r.sp1-brevo.net udp
US 8.8.8.8:53 bxwui.r.sp1-brevo.net udp
US 8.8.8.8:53 bxwui.r.sp1-brevo.net udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
BE 1.179.112.195:443 bxwui.r.sp1-brevo.net tcp
BE 1.179.112.195:443 bxwui.r.sp1-brevo.net tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 195.112.179.1.in-addr.arpa udp
US 8.8.8.8:53 sibautomation.com udp
US 8.8.8.8:53 sibautomation.com udp
US 8.8.8.8:53 sibautomation.com udp
US 8.8.8.8:53 bxwui.r.sp1-brevo.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 172.64.150.186:443 sibautomation.com tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 valuestreameurope.ch udp
US 8.8.8.8:53 valuestreameurope.ch udp
US 8.8.8.8:53 valuestreameurope.ch udp
US 8.8.8.8:53 bxwui.r.sp1-brevo.net udp
US 8.8.8.8:53 in-automate.brevo.com udp
US 8.8.8.8:53 in-automate.brevo.com udp
DE 78.47.18.127:443 valuestreameurope.ch tcp
DE 78.47.18.127:443 valuestreameurope.ch tcp
US 172.64.149.40:443 in-automate.brevo.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 c0.wp.com udp
US 8.8.8.8:53 c0.wp.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 192.0.77.37:443 c0.wp.com tcp
US 192.0.77.37:443 c0.wp.com tcp
US 192.0.77.37:443 c0.wp.com tcp
US 192.0.77.37:443 c0.wp.com tcp
US 192.0.77.37:443 c0.wp.com tcp
US 192.0.77.37:443 c0.wp.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 192.0.77.37:443 c0.wp.com tcp
US 192.0.77.37:443 c0.wp.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 186.150.64.172.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 127.18.47.78.in-addr.arpa udp
US 8.8.8.8:53 40.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 37.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 192.0.77.37:443 c0.wp.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
NL 23.62.61.113:443 www.bing.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
GB 163.70.151.21:443 connect.facebook.net udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
NL 23.62.61.57:443 www.bing.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 57.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 valuestreameurope.ch udp
US 8.8.8.8:53 valuestreameurope.ch udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
IE 52.111.236.22:443 tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 valuestreameurope.ch udp
US 8.8.8.8:53 valuestreameurope.ch udp
DE 78.47.18.127:443 valuestreameurope.ch tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 192.0.76.3:443 pixel.wp.com udp
US 192.0.77.37:443 c0.wp.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 142.250.178.14:443 google.com udp
DE 78.47.18.127:443 valuestreameurope.ch tcp
US 8.8.8.8:53 valuestreameurope.ch udp
US 8.8.8.8:53 valuestreameurope.ch udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.16.238:443 apis.google.com udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 192.0.77.37:443 c0.wp.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
DE 78.47.18.127:443 valuestreameurope.ch tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 192.0.76.3:443 pixel.wp.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 apis.google.com udp

Files

N/A