Loading ...

Play interactive tourEdit tour

Analysis Report https://aka.ms/blhgte

Overview

General Information

Sample URL:https://aka.ms/blhgte

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Found iframes

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 1820 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 2520 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1820 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Source: https://www.microsoft.com/en-us/p/mail-and-calendar/9wzdncrfhvqm?activetab=pivot:overviewtabHTTP Parser: Iframe src: //www.microsoft.com/store/buy/cartcount
Source: https://www.microsoft.com/en-us/p/mail-and-calendar/9wzdncrfhvqm?activetab=pivot:overviewtabHTTP Parser: Iframe src: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=4e8c150f-9924-4703-8d5d-a1984589579f&partnerId=retailstore2
Source: https://www.microsoft.com/en-us/p/mail-and-calendar/9wzdncrfhvqm?activetab=pivot:overviewtabHTTP Parser: No <meta name="author".. found
Source: https://www.microsoft.com/en-us/p/mail-and-calendar/9wzdncrfhvqm?activetab=pivot:overviewtabHTTP Parser: No <meta name="copyright".. found

Source: privacystatement[1].htm.2.drString found in binary or memory: <ul><li>Sources of personal data: Interactions with users</li><li>Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; product improvement; product development; customer support; and help, secure, and troubleshoot</li><li>Recipients: Service providers and user-directed entities</li></ul></li></ul><p>While the bulleted list above contains the primary sources and purposes of processing for each category of personal data, we also collect personal data from the sources listed in the <a target="_blank" class="mscom-link" href="#mainpersonaldatawecollect">Personal data we collect</a> section, such as developers who create experiences through or for Microsoft products. Similarly, we process all categories of personal data for the purposes described in the <a target="_blank" class="mscom-link" href="#mainhowweusepersonaldatamodule">How we use personal data</a> section, such as meeting our legal obligations, developing our workforce, and doing research.</p><p><strong>Disclosures of personal data for business or commercial purposes</strong>. As indicated in the <a target="_blank" class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section, we share personal data with third parties for various business and commercial purposes. The primary business and commercial purposes for which we share personal data are the purposes of processing listed in the table above. However, we share all categories of personal data for the business and commercial purposes in the <a class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section.</p></span></div><div class="divModuleDescription"><span id="Header">Advertising</span><span id="navigationHeader">Advertising</span><span id="moduleName">mainadvertisingmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription"><p>Advertising allows us to provide, support, and improve some of our products. Microsoft does not use what you say in email, chat, video calls or voice mail, or your documents, photos, or other personal files to target ads to you. We use other data, detailed below, for advertising in our products and on third-party properties. For example:</p><ul><li>Microsoft may use data we collect to select and deliver some of the ads you see on Microsoft web properties, such as <a target="_blank" class="mscom-link" href="https://www.microsoft.com">Microsoft.com</a>, MSN, and Bing.</li><li>When the advertising ID is enabled in Windows 10 as part of your privacy settings, third parties can access and use the advertising ID (much the same way that websites can access and use a unique identifier stored in a cookie) to select and deliver ads in such apps.</li><li>We may share data we collect with partners, such as Verizon Media, AppNexus, or Facebook (see below), so that the ads you see in our products and their products are more r
Source: so[1].htm.2.drString found in binary or memory: ,[36,"YouTube","0 -1311px","https://www.youtube.com/?gl\u003dGB\u0026tab\u003d81","_blank",false,null,""] equals www.youtube.com (Youtube)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x8bf94400,0x01d6354b</date><accdate>0x8bf94400,0x01d6354b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x8bf94400,0x01d6354b</date><accdate>0x8bfbde21,0x01d6354b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8c138f77,0x01d6354b</date><accdate>0x8c138f77,0x01d6354b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8c138f77,0x01d6354b</date><accdate>0x8c14281e,0x01d6354b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x8c1a0acd,0x01d6354b</date><accdate>0x8c1a0acd,0x01d6354b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x8c1a0acd,0x01d6354b</date><accdate>0x8c1b3c5b,0x01d6354b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: privacystatement[1].htm.2.drString found in binary or memory: s <a target="_blank" class="mscom-link" href="https://www.linkedin.com/legal/privacy-policy">Privacy Policy</a>.</p></span></div><div class="divModuleDescription"><span id="Header">Search, Microsoft Edge, and artificial intelligence</span><span id="navigationHeader">Search, Microsoft Edge, and artificial intelligence</span><span id="moduleName">mainsearchaimodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription" aria-expanded="false"><p>Search and artificial intelligence products connect you with information and intelligently sense, process, and act on information equals www.linkedin.com (Linkedin)
Source: unknownDNS traffic detected: queries for: aka.ms
Source: cb=gapi[1].js.2.drString found in binary or memory: http://csi.gstatic.com/csi
Source: details[1].htm.2.drString found in binary or memory: http://developer.android.com/index.html
Source: 27-934839[1].js.2.drString found in binary or memory: http://dimsemenov.com/plugins/magnific-popup/
Source: react.min[1].js.2.dr, react-dom.min[1].js.2.drString found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant
Source: icons[1].eot.2.drString found in binary or memory: http://fontello.com
Source: icons[1].eot.2.drString found in binary or memory: http://fontello.comiconsRegulariconsiconsVersion
Source: bootstrap.min[1].css.2.drString found in binary or memory: http://getbootstrap.com)
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: http://github.com/aFarkas/lazysizes
Source: 4d-6e4c52[1].js0.2.drString found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: http://github.com/requirejs/domReady
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: http://github.com/requirejs/requirejs/LICENSE
Source: 6c-d650af[1].css.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1LLAb
Source: 27-934839[1].js.2.drString found in binary or memory: http://jedwatson.github.io/classnames
Source: jquery.validate.min[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: http://products.office.com
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: http://schema.org/AggregateRating
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: http://schema.org/Offer
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: http://schema.org/Organization
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: http://schema.org/Product
Source: details[1].htm.2.drString found in binary or memory: http://support.google.com/googleplay/?hl
Source: details[1].htm.2.drString found in binary or memory: http://taps.io/outlookprivacy
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: 2RZDIVCO.js.2.dr, tag[1].js.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: privacystatement[1].htm.2.dr, privacy-in-our-products[1].htm.2.drString found in binary or memory: http://www.asp.net/ajaxlibrary/CDN.ashx.
Source: details[1].htm.2.drString found in binary or memory: http://www.broofa.com
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: http://www.esrb.org/ratings/ratings_guide.aspx
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: servicesagreement[1].htm0.2.drString found in binary or memory: http://www.mpegla.com
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: details[1].htm.2.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service
Source: cb=gapi[1].js.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: cb=gapi[1].js.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: rs=AA2YrTu3mj_zTSQapbVvMVdhLdsRXYDq5g[1].js.2.drString found in binary or memory: https://accounts.google.com/signin/collaboratoraccount
Source: servicesagreement[1].htm0.2.drString found in binary or memory: https://aka.ms/redeemrewards
Source: servicesagreement[1].htm0.2.drString found in binary or memory: https://aka.ms/taxservice
Source: analytics[1].js.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: rs=AA2YrTu3mj_zTSQapbVvMVdhLdsRXYDq5g[1].js.2.dr, cb=gapi[1].js.2.dr, so[1].htm.2.dr, details[1].htm.2.drString found in binary or memory: https://apis.google.com
Source: so[1].htm.2.dr, details[1].htm.2.dr, m=_b,_tp[1].js.2.drString found in binary or memory: https://apis.google.com/js/api.js
Source: mobile[1].htm.2.drString found in binary or memory: https://app.adjust.com/1nzh8g_vj0ppf
Source: mobile[1].htm.2.drString found in binary or memory: https://app.adjust.com/vj0ppf_1nzh8g
Source: so[1].htm.2.drString found in binary or memory: https://artsandculture.google.com/?hl
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: https://assets.onestore.ms
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: https://assets.onestore.ms/cdnfiles/sfw-service-web-onestore-onerf-2020-5-19-2/store/common/images/1
Source: mobile[1].htm.2.drString found in binary or memory: https://assets.outlook.com/qrprod/2068194301.png
Source: so[1].htm.2.drString found in binary or memory: https://books.google.co.uk/bkshp?hl
Source: 9wzdncrfhvqm[1].htm.2.drString found in binary or memory: https://channel9.msdn.com/
Source: m=A4UTCb,ApIzg,BCm2ob,BfdUQc,CxPp1d,DeWHJf,JpEzfb,KyP8jd,MivOyb,NHqEnf,R6xS0b,RIHuTe,UfnShf,VFlrye,VXdfxd,WXw8B,Xm05Cc,aqLWcd,bDt8Bf,chfSwc,end4Ge,gCNtGd,lEK3dc,nxXerc,pal88,qAKInc,vK[1].js.2.drString found in binary or memory: https://clients2.google.com/gr/gr_sync.js
Source: cb=gapi[1].js.2.drString found in binary or memory: https://clients6.google.com
Source: so[1].htm.2.drString found in binary or memory: https://contacts.google.com/?hl
Source: cb=gapi[1].js.2.drString found in binary or memory: https://content.googleapis.com
Source: cb=gapi[1].js.2.drString found in binary or memory: https://csi.gstatic.com/csi
Source: details[1].htm.2.drString found in binary or memory: https://debug-settings.corp.google.com/play
Source: privacystatement[1].htm.2.drString found in binary or memory: https://developer.yahoo.com/flurry/end-user-opt-out/
Source: so[1].htm.2.drString found in binary or memory: https://docs.google.com/document/?usp
Source: rs=AA2YrTu3mj_zTSQapbVvMVdhLdsRXYDq5g[1].js.2.drString found in binary or memory: https://docs.google.com/picker
Source: so[1].htm.2.drString found in binary or memory: https://docs.google.com/presentation/?usp
Source: so[1].htm.2.drString found in binary or memory: https://docs.google.com/spreadsheets/?usp
Source: cb=gapi[1].js.2.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: so[1].htm.2.drString found in binary or memory: https://drive.google.com/?tab
Source: so[1].htm.2.drString found in binary or memory: https://duo.google.com/?usp
Source: so[1].htm.2.drString found in binary or memory: https://earth.google.com/web/