Malware Analysis Report

2025-01-18 23:28

Sample ID 240627-w84sfavamg
Target http://circuitovtr.com.br/dayo/u4wzs/captcha/[email protected]
Tags
phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://circuitovtr.com.br/dayo/u4wzs/captcha/[email protected] was found to be: Likely malicious.

Malicious Activity Summary

phishing

A potential corporate email address has been identified in the URL: [email protected]

Looks up external IP address via web service

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-27 18:36

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 18:36

Reported

2024-06-27 18:39

Platform

win10v2004-20240508-en

Max time kernel

138s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://circuitovtr.com.br/dayo/u4wzs/captcha/[email protected]

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://circuitovtr.com.br/dayo/u4wzs/captcha/[email protected]

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3768,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1716,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5292,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5312,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=4340,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5924,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=4784,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=3772,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5984,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6384,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 circuitovtr.com.br udp
US 8.8.8.8:53 circuitovtr.com.br udp
US 8.8.8.8:53 circuitovtr.com.br udp
US 8.8.8.8:53 circuitovtr.com.br udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 circuitovtr.com.br udp
US 8.8.8.8:53 circuitovtr.com.br udp
US 13.107.6.158:443 business.bing.com tcp
BR 177.53.140.240:80 circuitovtr.com.br tcp
BR 177.53.140.240:80 circuitovtr.com.br tcp
BR 177.53.140.240:443 circuitovtr.com.br tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 240.140.53.177.in-addr.arpa udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 8.8.8.8:53 circuitovtr.com.br udp
US 104.21.50.221:443 k1g.ticemi.com udp
US 8.8.8.8:53 www.circuitovtr.com.br udp
US 8.8.8.8:53 www.circuitovtr.com.br udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 oblu.25bvnw8.ru udp
US 8.8.8.8:53 oblu.25bvnw8.ru udp
US 104.21.76.172:443 oblu.25bvnw8.ru tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 221.50.21.104.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 172.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 151.101.2.137:443 code.jquery.com tcp
US 104.17.2.184:443 challenges.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 104.17.2.184:443 challenges.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 104.17.3.184:443 challenges.cloudflare.com udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 184.2.17.104.in-addr.arpa udp
US 8.8.8.8:53 184.3.17.104.in-addr.arpa udp
NL 23.62.61.139:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 139.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.socket.io udp
US 8.8.8.8:53 cdn.socket.io udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
GB 3.162.20.55:443 cdn.socket.io tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 55.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 httpbin.org udp
US 8.8.8.8:53 httpbin.org udp
US 44.206.219.79:443 httpbin.org tcp
US 8.8.8.8:53 ipapi.co udp
US 8.8.8.8:53 ipapi.co udp
US 104.26.9.44:443 ipapi.co tcp
US 8.8.8.8:53 73h.ativens.com udp
US 8.8.8.8:53 73h.ativens.com udp
US 172.67.158.52:443 73h.ativens.com udp
US 8.8.8.8:53 52.158.67.172.in-addr.arpa udp
US 8.8.8.8:53 79.219.206.44.in-addr.arpa udp
US 8.8.8.8:53 44.9.26.104.in-addr.arpa udp
NL 23.62.61.139:443 www.bing.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 8.8.8.8:53 k1g.ticemi.com udp
US 172.67.167.161:443 k1g.ticemi.com udp
US 8.8.8.8:53 161.167.67.172.in-addr.arpa udp
BE 88.221.83.251:443 www.bing.com tcp
US 8.8.8.8:53 251.83.221.88.in-addr.arpa udp

Files

N/A