Malware Analysis Report

2024-10-19 08:20

Sample ID 240613-w9dbwasajl
Target https://utrqr.com
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://utrqr.com was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 18:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 18:36

Reported

2024-06-13 18:39

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

157s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://utrqr.com

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://utrqr.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3708 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4984 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5388 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5272 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5556 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5428 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=1036 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5828 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5832 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6264 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6308 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6188 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 utrqr.com udp
US 8.8.8.8:53 utrqr.com udp
US 8.8.8.8:53 utrqr.com udp
US 47.251.83.23:443 utrqr.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 usps.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 usps.com udp
US 8.8.8.8:53 usps.com udp
US 56.0.134.100:443 usps.com tcp
US 2.17.251.28:443 bzib.nelreports.net tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 23.83.251.47.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.usps.com udp
US 8.8.8.8:53 www.usps.com udp
US 8.8.8.8:53 www.usps.com udp
US 192.229.221.165:443 www.usps.com tcp
US 8.8.8.8:53 www.googleoptimize.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 172.217.16.238:443 www.googleoptimize.com tcp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 28.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 100.134.0.56.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 165.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.17.107.121:443 www.bing.com tcp
US 8.8.8.8:53 121.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 fast.fonts.net udp
US 8.8.8.8:53 fast.fonts.net udp
US 104.16.41.28:443 fast.fonts.net tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 dap.digitalgov.gov udp
US 8.8.8.8:53 dap.digitalgov.gov udp
US 8.8.8.8:53 resources.digital-cloud-gov.medallia.com udp
US 8.8.8.8:53 resources.digital-cloud-gov.medallia.com udp
US 8.8.8.8:53 trkn.us udp
US 8.8.8.8:53 trkn.us udp
BE 104.68.89.2:443 resources.digital-cloud-gov.medallia.com tcp
FR 3.162.38.40:443 dap.digitalgov.gov tcp
GB 104.86.110.97:443 trkn.us tcp
US 8.8.8.8:53 28.41.16.104.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 s.pinimg.com udp
US 8.8.8.8:53 s.pinimg.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 bat.bing.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 151.101.188.157:443 static.ads-twitter.com tcp
US 204.79.197.237:443 bat.bing.com tcp
US 151.101.188.84:443 s.pinimg.com tcp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 40.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 2.89.68.104.in-addr.arpa udp
US 8.8.8.8:53 97.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 155.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 84.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 sc-static.net udp
US 8.8.8.8:53 sc-static.net udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 js.adsrvr.org udp
US 8.8.8.8:53 js.adsrvr.org udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 r.turn.com udp
US 8.8.8.8:53 r.turn.com udp
NL 2.18.121.197:443 snap.licdn.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
NL 46.228.164.11:443 r.turn.com tcp
FR 18.244.32.109:443 js.adsrvr.org tcp
FR 3.162.38.245:443 sc-static.net tcp
US 18.245.194.122:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 3976941.fls.doubleclick.net udp
US 8.8.8.8:53 3976941.fls.doubleclick.net udp
US 8.8.8.8:53 3976941.fls.doubleclick.net udp
US 8.8.8.8:53 www.usps.com udp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 216.58.204.70:443 3976941.fls.doubleclick.net tcp
GB 216.58.204.70:443 3976941.fls.doubleclick.net tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 109.32.244.18.in-addr.arpa udp
US 8.8.8.8:53 197.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 245.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
GB 216.58.204.70:443 3976941.fls.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 151.101.1.140:443 alb.reddit.com tcp
US 8.8.8.8:53 sp.analytics.yahoo.com udp
US 8.8.8.8:53 sp.analytics.yahoo.com udp
US 8.8.8.8:53 insight.adsrvr.org udp
US 8.8.8.8:53 insight.adsrvr.org udp
US 8.8.8.8:53 urldefense.com udp
US 8.8.8.8:53 urldefense.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 r.turn.com udp
US 8.8.8.8:53 r.turn.com udp
IE 34.252.40.201:443 sp.analytics.yahoo.com tcp
US 52.223.40.198:443 insight.adsrvr.org tcp
US 151.101.188.84:443 s.pinimg.com udp
DE 37.252.171.21:443 secure.adnxs.com tcp
NL 46.228.164.11:443 r.turn.com tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 201.40.252.34.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 pixel-config.reddit.com udp
US 8.8.8.8:53 pixel-config.reddit.com udp
US 151.101.1.140:443 pixel-config.reddit.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 tr.snapchat.com udp
US 8.8.8.8:53 tr.snapchat.com udp
US 8.8.8.8:53 tr.snapchat.com udp
US 8.8.8.8:53 www.usps.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 tr.snapchat.com udp
US 8.8.8.8:53 tr.snapchat.com udp
US 35.190.43.134:443 tr.snapchat.com tcp
US 8.8.8.8:53 ct.pinterest.com udp
US 8.8.8.8:53 ct.pinterest.com udp
PL 93.184.221.165:443 t.co tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 35.190.43.134:443 tr.snapchat.com tcp
US 35.190.43.134:443 tr.snapchat.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 151.101.0.84:443 ct.pinterest.com tcp
US 151.101.0.84:443 ct.pinterest.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 urldefense.com udp
US 8.8.8.8:53 urldefense.com udp
US 52.6.56.188:443 urldefense.com tcp
US 8.8.8.8:53 tr6.snapchat.com udp
US 8.8.8.8:53 tr6.snapchat.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 134.43.190.35.in-addr.arpa udp
US 8.8.8.8:53 131.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 165.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 84.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 35.190.43.134:443 tr6.snapchat.com udp
US 8.8.8.8:53 getrockerbox.com udp
US 8.8.8.8:53 getrockerbox.com udp
US 8.8.8.8:53 storage.cloud.kargo.com udp
US 8.8.8.8:53 storage.cloud.kargo.com udp
US 104.26.9.177:443 getrockerbox.com tcp
NL 2.18.121.28:443 storage.cloud.kargo.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 177.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 28.121.18.2.in-addr.arpa udp
NL 2.18.121.28:443 storage.cloud.kargo.com tcp
US 8.8.8.8:53 crb.kargo.com udp
US 8.8.8.8:53 crb.kargo.com udp
US 8.8.8.8:53 crb.kargo.com udp
US 8.8.8.8:53 3976941.fls.doubleclick.net udp
US 8.8.8.8:53 kds-pixel2.kargo.com udp
US 8.8.8.8:53 kds-pixel2.kargo.com udp
DE 18.198.166.65:443 crb.kargo.com tcp
DE 18.198.166.65:443 crb.kargo.com tcp
US 100.27.112.239:443 kds-pixel2.kargo.com tcp
US 8.8.8.8:53 ct.pinterest.com udp
US 8.8.8.8:53 ct.pinterest.com udp
US 8.8.8.8:53 ct.pinterest.com udp
US 8.8.8.8:53 www.usps.com udp
US 151.101.0.84:443 ct.pinterest.com udp
US 8.8.8.8:53 65.166.198.18.in-addr.arpa udp
US 8.8.8.8:53 239.112.27.100.in-addr.arpa udp
US 52.223.40.198:443 insight.adsrvr.org tcp
US 8.8.8.8:53 insight.adsrvr.org udp
US 8.8.8.8:53 www.usps.com udp
US 151.101.128.84:443 ct.pinterest.com tcp
US 8.8.8.8:53 insight.adsrvr.org udp
US 8.8.8.8:53 www.usps.com udp
US 151.101.128.84:443 ct.pinterest.com tcp
US 8.8.8.8:53 84.128.101.151.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
BE 2.17.107.121:443 www.bing.com udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

N/A