Windows Analysis Report
https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D

Overview

General Information

Sample URL: https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D
Analysis ID: 1561213
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Suricata IDS alerts with low severity for network traffic

Classification

Source: https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D HTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\scoped_dir2404_1712740879 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\chrome_BITS_2404_1292937130 Jump to behavior
Source: unknown HTTPS traffic detected: 40.126.24.146:443 -> 192.168.11.30:49872 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.203:443 -> 192.168.11.30:49876 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.200.88.32:443 -> 192.168.11.30:49882 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.111.229.48:443 -> 192.168.11.30:49886 version: TLS 1.2
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49894 -> 23.200.88.32:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49882 -> 23.200.88.32:443
Source: unknown TCP traffic detected without corresponding DNS query: 23.44.203.78
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: global traffic HTTP traffic detected: GET /v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=64fead2f-cf30-4503-8c3b-6e44b93fffc7&ocid=windows-windowsShell-feeds&user=m-6f13cd610b9c44e8a823b2ce1fa9b567&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/1.1X-Search-Account: NoneAccept-Encoding: gzip, deflateX-Device-MachineId: {9A18632D-0E0D-4CA4-9A0A-9577C1FFEAFA}X-UserAgeClass: UnknownX-BM-Market: GBX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -300X-DeviceID: 0100A45C09002403X-BM-WindowsFlights: RS:B4BC,FX:117B9872,FX:119E26AD,FX:11A8C293,FX:11A8C2FE,FX:11C0E96C,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122B3A5C,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1240931B,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12EC0B54,FX:12F0AC91,FX:12FF5D3C,FX:13143E2F,FX:13214552,FX:13283A3B,FX:133A07C7,FX:133BFFE3,FX:13404069,FX:134128A5,FX:1342B470,FX:13499FAFSiteName: www.msn.comX-BM-Theme: 000000;0078d7MUID: 154AF170121F69FC0F92E5871341684FX-Agent-DeviceId: 0100A45C09002403X-BM-CBT: 1732311692User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19042.1165) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042X-Device-isOptin: falseAccept-language: en-US, enX-Device-Touch: falseX-Device-ClientSession: D9E6E754985F43C495D91D912368C894Host: api.msn.comConnection: Keep-AliveCookie: sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=673f608c270e4f55a1aa2b8fcb0e17ed.RefC=2024-11-21T16:32:12Z; MUIDB=154AF170121F69FC0F92E5871341684F; MUID=154AF170121F69FC0F92E5871341684F
Source: global traffic HTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/LightRainV3.svg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: assets.msn.comConnection: Keep-AliveCookie: _EDGE_V=1; MUID=26949C2B84536EAE0949892685346FA5; _C_ETH=1; _EDGE_S=SID=11182F5D50D36A6107453A6351876BDE
Source: global traffic HTTP traffic detected: GET /nexus/rules?Application=officeclicktorun.exe&Version=16.0.14326.20384&ClientId=%7bB0D7ECDF-3EEF-4767-BB67-27861CCFA721%7d&OSEnvironment=10&MsoAppId=37&AudienceName=Production&AudienceGroup=Production&AppVersion=16.0.14326.20384& HTTP/1.1Connection: Keep-AliveAccept: application/vnd.ms-nexus-rules-v16+xmlAccept-Encoding: gzipIf-Modified-Since: Fri, 22 Nov 2024 04:40:06 GMTUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.14326; Pro)X-MS-Collection-Policy: ExternalRestrictive, HeartbeatX-MS-Process-Session-Id: {5278D691-2859-4EB1-AD08-4FFB6415F452}Host: nexusrules.officeapps.live.com
Source: global traffic HTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/temprise1.svg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: assets.msn.comConnection: Keep-AliveCookie: _EDGE_V=1; MUID=26949C2B84536EAE0949892685346FA5; _C_ETH=1; _EDGE_S=SID=11182F5D50D36A6107453A6351876BDE
Source: global traffic DNS traffic detected: DNS query: cascade.madmimi.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19042.0.0; IDCRL-cfg 16.000.29143.3; App svchost.exe, 10.0.19041.546, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4823Host: login.live.com
Source: global traffic TCP traffic: 192.168.11.30:52648 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.30:52648 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.30:52648 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.30:52648 -> 239.255.255.250:1900
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown HTTPS traffic detected: 40.126.24.146:443 -> 192.168.11.30:49872 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.203:443 -> 192.168.11.30:49876 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.200.88.32:443 -> 192.168.11.30:49882 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.111.229.48:443 -> 192.168.11.30:49886 version: TLS 1.2
Source: classification engine Classification label: clean0.win@16/4@4/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\scoped_dir2404_1712740879 Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2204,i,14655741775568264328,5919031891176483562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240910-180202.367000 --mojo-platform-channel-handle=2216 /prefetch:3
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2204,i,14655741775568264328,5919031891176483562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240910-180202.367000 --mojo-platform-channel-handle=2216 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\scoped_dir2404_1712740879 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\chrome_BITS_2404_1292937130 Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1561213 URL: https://cascade.madmimi.com... Startdate: 22/11/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 2 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.11.30, 1900, 443, 49649 unknown unknown 5->13 15 239.255.255.250, 1900 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.251.40.196, 443, 49885, 49893 GOOGLEUS United States 10->17 19 d5opi5c8vzaan.cloudfront.net 13.35.93.88, 443, 49877, 49878 AMAZON-02US United States 10->19 21 cascade.madmimi.com 10->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
13.35.93.88
 d5opi5c8vzaan.cloudfront.net United States
16509 AMAZON-02US false
142.251.40.196
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.11.30

Contacted Domains

Name IP Active
d5opi5c8vzaan.cloudfront.net 13.35.93.88 true
www.google.com 142.251.40.196 true
cascade.madmimi.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D false
    		high
    https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/LightRainV3.svg false
      		high
      https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/temprise1.svg false
        		high