Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/42yHClYLVRS2w4VJi9IQ7c?domain=account.microsoft.com

Overview

General Information

Sample URL:	https://url.us.m.mimecastprotect.com/s/42yHClYLVRS2w4VJi9IQ7c?domain=account.microsoft.com
Analysis ID:	1427117
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/42yHClYLVRS2w4VJi9IQ7c?domain=account.microsoft.com HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/KDxoMIB4l1vx_8_NpGqtqb6O2hriW-QHsFr8mbVsVbx-GQ7mbW5UtmOvcl7YzkUgKL6Vni9Raemkhm4H_PlxDkSyw61qojOS3Rc_VLdqFUpFAq30cE-zp4U9HRTkKlcJPHIE7DRnbyjW41H1MXqQ25cXWs5O16AbclEvSk26SlEwvcm03Q7BDUM8NKOxLddIvJkHZL58LPIWamdyMmk59QHm0LlSOWymcjJ8ITnCZQoWBRcZNT7tvSJtVmmImmLvyR7Efk0krRtEY2pOm__SWcfNo7ix1T9D888x_AKuNbH_RKFQu6f8cntuKqA_zfsMq65y6qVnu_G57hUUd1lx3Wiyhe2IKq9QwAOytSTP7r8IHTjXWAfmWREgu48M9cdWSvsm4bVeS1BXAh60yGzRqL4GyJ7CSNAAiVR7ahDCsiWcNRadkDf5IeBtoWU_d3Gx9J2Yzyhor4ccRaDaehHXqTl8ypfq1TYlAHmk2fAqVjDRo5r5WPdqBfeOUWsZJqsRZ3z2XfaCc2undGm8IxnCsNZWPlu2eVfAlWkNSoazoOu5OxmAppwMXi7YGIk6g3cQw8gXEg4GSgjb0rvIX-7uQegOccfQrHt8gA7n6PmT8xDTYTtDxhaoOP9J9-khHcaQbR523sRqiTB1_OmGxhB-8U2mhsQ_x8LVqqLte0msSQ09egUT0LwVzkLTKpBVXcMKuQThsoF5d42r9RaWa_lRMi4sRH02byLsUcayLWOlfbHUH1LShSOil4lbfP3l4bqty2aCr8SmgRAGDZrxf8QgHbLiIDkuZSEoMY_o61Ukh72fkfAfElOd6pdsl3YyYXghWfq3dyzZeo_f1SW7q17YWx_fkp-QZZkxocSsO-8k9QKHvscPf8_OrU90ZyG1Mt7YEkomO4Tpa_cby5WKdq5TB-_dVAmNJhsGWuLS69RgNblSfeReNAwa7qNophLVDW3SB98OdR9kaYIldMlgevukcehMqn-MITCFyN_SzbWrE6xKorSS62BbqCKW4rZprtqTf_udY00cTn2HIBRrLavWUnxIGIF-SYvD4P5GbddJg-owljQxRZeZDCTV-ExXyUtZDS0dEFOL5OqnwIDI6RnPg1u6WY4n1RaV-Zf8g_p_WeXEvXUGnyWFBywYq90-lycWsql3GbA3O-6pkz0IdEzSZiPemdgDWX3jKWpgQKOYy8X1r5lsWJVnUmgrEG2ecM4QZydM1YcE7fn7RribrnvJ0bmCciJIAffkOKbBaSDi2fwKwuPktW1Afr7WO8Pm5asVHvX0gS-PQU3yQWMSPgu05tPxl9QUbcww_MmkfnjBmPcI1y_jwaABMZ1dDMnGi7CRS6JF6kxCreCOpiGAbYFHTx2WmqnNknBW1qeM-wyUo3dxJTxEB-M70ZxZhE-QFoaVoPkFoOtqEzMVG1QtSMmq5tmktXtz2mqpcbU9uFTFjcmayzBw9P44QA2SVw7tKF5vph8h13605Ir-JsZbNRbCCHUI25K6ahlWkK2Fj16rux_Tkb9ng7qhfERuIL9vSUjd8EgYvnhmcAs0f0WSeOYxMTMaaAEaW6ge_BUAYXi2hQZZfEsnncKPHCM8RYcS13xUeY-IJ1hUwOfPed3SOidexJMRN35uZoQGJxBsgJXBo2bjxt0khMNubJfjTal6uloEYDWF0pNWCJHYGWgQ612dLf3qwx82Fr5olt9ayq_XSFamo-VghnHqgAyDljj4Gy5xk2uLIvJJ1CChZpYZsGXxMZXSFbek3tff-VxBrHsgMN-uTpH3aMTgkA1PncjMGc-XWiWIhH9zsOXjvmndwTrl9H-R4VxeuQm0z8sUu7tOjwt2KH-N90u1aHpT_GOxU6YdtZx7JSC52IbhgXwl48jIOifsh_Z-IGHkrumSh3u5X0EhtnFlmWA9MUxTWQZmYewJdVTPTuBT2dZ61GlRUZT3-w HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: url.us.m.mimecastprotect.com

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/0@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2032,i,15412986535914611237,7787564829042672520,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/42yHClYLVRS2w4VJi9IQ7c?domain=account.microsoft.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2032,i,15412986535914611237,7787564829042672520,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.177.103	www.google.com	United States	15169	GOOGLEUS	false
207.211.31.106	url.us.m.mimecastprotect.com	United States	14135	NAVISITE-EAST-2US	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
url.us.m.mimecastprotect.com	207.211.31.106	true
www.google.com	64.233.177.103	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://url.us.m.mimecastprotect.com/r/KDxoMIB4l1vx_8_NpGqtqb6O2hriW-QHsFr8mbVsVbx-GQ7mbW5UtmOvcl7YzkUgKL6Vni9Raemkhm4H_PlxDkSyw61qojOS3Rc_VLdqFUpFAq30cE-zp4U9HRTkKlcJPHIE7DRnbyjW41H1MXqQ25cXWs5O16AbclEvSk26SlEwvcm03Q7BDUM8NKOxLddIvJkHZL58LPIWamdyMmk59QHm0LlSOWymcjJ8ITnCZQoWBRcZNT7tvSJtVmmImmLvyR7Efk0krRtEY2pOm__SWcfNo7ix1T9D888x_AKuNbH_RKFQu6f8cntuKqA_zfsMq65y6qVnu_G57hUUd1lx3Wiyhe2IKq9QwAOytSTP7r8IHTjXWAfmWREgu48M9cdWSvsm4bVeS1BXAh60yGzRqL4GyJ7CSNAAiVR7ahDCsiWcNRadkDf5IeBtoWU_d3Gx9J2Yzyhor4ccRaDaehHXqTl8ypfq1TYlAHmk2fAqVjDRo5r5WPdqBfeOUWsZJqsRZ3z2XfaCc2undGm8IxnCsNZWPlu2eVfAlWkNSoazoOu5OxmAppwMXi7YGIk6g3cQw8gXEg4GSgjb0rvIX-7uQegOccfQrHt8gA7n6PmT8xDTYTtDxhaoOP9J9-khHcaQbR523sRqiTB1_OmGxhB-8U2mhsQ_x8LVqqLte0msSQ09egUT0LwVzkLTKpBVXcMKuQThsoF5d42r9RaWa_lRMi4sRH02byLsUcayLWOlfbHUH1LShSOil4lbfP3l4bqty2aCr8SmgRAGDZrxf8QgHbLiIDkuZSEoMY_o61Ukh72fkfAfElOd6pdsl3YyYXghWfq3dyzZeo_f1SW7q17YWx_fkp-QZZkxocSsO-8k9QKHvscPf8_OrU90ZyG1Mt7YEkomO4Tpa_cby5WKdq5TB-_dVAmNJhsGWuLS69RgNblSfeReNAwa7qNophLVDW3SB98OdR9kaYIldMlgevukcehMqn-MITCFyN_SzbWrE6xKorSS62BbqCKW4rZprtqTf_udY00cTn2HIBRrLavWUnxIGIF-SYvD4P5GbddJg-owljQxRZeZDCTV-ExXyUtZDS0dEFOL5OqnwIDI6RnPg1u6WY4n1RaV-Zf8g_p_WeXEvXUGnyWFBywYq90-lycWsql3GbA3O-6pkz0IdEzSZiPemdgDWX3jKWpgQKOYy8X1r5lsWJVnUmgrEG2ecM4QZydM1YcE7fn7RribrnvJ0bmCciJIAffkOKbBaSDi2fwKwuPktW1Afr7WO8Pm5asVHvX0gS-PQU3yQWMSPgu05tPxl9QUbcww_MmkfnjBmPcI1y_jwaABMZ1dDMnGi7CRS6JF6kxCreCOpiGAbYFHTx2WmqnNknBW1qeM-wyUo3dxJTxEB-M70ZxZhE-QFoaVoPkFoOtqEzMVG1QtSMmq5tmktXtz2mqpcbU9uFTFjcmayzBw9P44QA2SVw7tKF5vph8h13605Ir-JsZbNRbCCHUI25K6ahlWkK2Fj16rux_Tkb9ng7qhfERuIL9vSUjd8EgYvnhmcAs0f0WSeOYxMTMaaAEaW6ge_BUAYXi2hQZZfEsnncKPHCM8RYcS13xUeY-IJ1hUwOfPed3SOidexJMRN35uZoQGJxBsgJXBo2bjxt0khMNubJfjTal6uloEYDWF0pNWCJHYGWgQ612dLf3qwx82Fr5olt9ayq_XSFamo-VghnHqgAyDljj4Gy5xk2uLIvJJ1CChZpYZsGXxMZXSFbek3tff-VxBrHsgMN-uTpH3aMTgkA1PncjMGc-XWiWIhH9zsOXjvmndwTrl9H-R4VxeuQm0z8sUu7tOjwt2KH-N90u1aHpT_GOxU6YdtZx7JSC52IbhgXwl48jIOifsh_Z-IGHkrumSh3u5X0EhtnFlmWA9MUxTWQZmYewJdVTPTuBT2dZ61GlRUZT3-w	false		unknown

ID:	1427117
Product:	CloudBasic
Start time:	02:29:30
Start date:	17.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/42yHClYLVRS2w4VJi9IQ7c?domain=account.microsoft.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://url.us.m.mimecastprotect.com/s/42yHClYLVRS2w4VJi9IQ7c?domain=account.microsoft.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/42yHClYLVRS2w4VJi9IQ7c?domain=account.microsoft.com