https://go.microsoft.com/fwlink/?LinkId=389361.

Status: finished

Submission Time: 2021-06-24 16:03:45 +02:00

Clean

Comments

Details

Analysis ID:
439948
API (Web) ID:
807537
Analysis Started:

2021-06-24 16:03:46 +02:00
Analysis Finished:

2021-06-24 16:12:37 +02:00
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	clean Score: 2	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
185.94.180.125	Netherlands
18.197.127.76	United States
52.46.130.13	United States
Click to see the 20 hidden entries
52.210.44.111	United States
87.248.118.23	United Kingdom
151.101.1.108	United States
34.206.50.21	United States
141.226.228.48	Israel
142.250.74.193	United States
96.46.183.20	United States
172.217.23.98	United States
157.230.190.112	United States
18.195.177.11	United States
157.230.220.52	United States
3.127.92.82	United States
239.255.255.250	Reserved
76.223.111.131	United States
151.101.1.44	United States
18.195.155.181	United States
52.216.207.171	United States
104.20.184.68	United States
212.82.100.176	United Kingdom
2.18.160.23	European Union

Domains

Name	IP	Detection
match.adsrvr.org	0.0.0.0
bh.contextweb.com	0.0.0.0
s.yimg.com	0.0.0.0
Click to see the 97 hidden entries
t.ssl.ak.dynamic.tiles.virtualearth.net	0.0.0.0
aefd.nelreports.net	0.0.0.0
substrate.office.com	0.0.0.0
trc.taboola.com	0.0.0.0
ads.msn.com	0.0.0.0
c1.adform.net	0.0.0.0
pixel.rubiconproject.com	0.0.0.0
am-vid-events.taboola.com	0.0.0.0
vidstat.taboola.com	0.0.0.0
adx.adform.net	0.0.0.0
ssum-sec.casalemedia.com	0.0.0.0
imprammp.taboola.com	0.0.0.0
bisdr.vidazoo.com	0.0.0.0
dsum.casalemedia.com	0.0.0.0
token.rubiconproject.com	0.0.0.0
clients2.googleusercontent.com	0.0.0.0
ads.stickyadstv.com	0.0.0.0
outlook.live.com	0.0.0.0
secure.adnxs.com	0.0.0.0
img.img-taboola.com	0.0.0.0
px.owneriq.net	0.0.0.0
dev.virtualearth.net	0.0.0.0
deff.nelreports.net	0.0.0.0
apple-resources.s3.amazonaws.com	0.0.0.0
ad.360yield.com	0.0.0.0
ow2.res.office365.com	0.0.0.0
secure-assets.rubiconproject.com	0.0.0.0
ads.betweendigital.com	0.0.0.0
web.vortex.data.msn.com	0.0.0.0
images.taboola.com	0.0.0.0
wf.taboola.com	0.0.0.0
static.vidazoo.com	0.0.0.0
acctcdn.msauth.net	0.0.0.0
inventory.vidazoo.com	0.0.0.0
office.live.com	0.0.0.0
am-wf.taboola.com	0.0.0.0
outlook.office.com	0.0.0.0
srtb.msn.com	0.0.0.0
prebid-server.rubiconproject.com	0.0.0.0
logincdn.msauth.net	0.0.0.0
p.rfihub.com	0.0.0.0
dcdn.adnxs.com	0.0.0.0
sync-tm.everesttech.net	0.0.0.0
am-match.taboola.com	0.0.0.0
sync.mathtag.com	0.0.0.0
gu.dyntrk.com	0.0.0.0
rtb.mfadsrvr.com	0.0.0.0
ads-1460635594.eu-central-1.elb.amazonaws.com	18.194.215.242
us-u.openx.net	34.98.64.218
tools.applemediaservices.com	34.206.50.21
ssp.ads.betweendigital.com	96.46.183.20
match.prod.bidr.io	52.210.44.111
am-vip001.taboola.com	141.226.228.48
eu2-ice.360yield.com	52.57.38.160
eu-level1.dyntrk.com	51.178.20.139
id.rlcdn.com	35.244.174.68
cs1227.wpc.alphacdn.net	192.229.221.185
tag.1rx.io	213.19.147.42
ds-pr-bh.ybp.gysm.yahoodns.net	212.82.100.176
cm.g.doubleclick.net	172.217.23.98
alb-aws-fr-bswx-1-445786803.eu-central-1.elb.amazonaws.com	18.195.177.11
cm.smadex.com	13.225.87.111
vroku-widgets-ad-server.vidazoo.com	157.230.220.52
contextual.media.net	2.18.160.23
bttrack.com	192.132.33.46
ams01.search.spotxchange.com	185.94.180.124
vroku-bis-dr.shoofle.tv	157.230.190.112
alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com	52.57.142.16
sni1gl.wpc.alphacdn.net	152.199.21.175
a97adde81b00f2ca4.awsglobalaccelerator.com	76.223.111.131
lga-bh-bgp.contextweb.com	198.148.27.140
tls13.taboola.map.fastly.net	151.101.1.44
ib.anycast.adnxs.com	185.33.220.244
ssum.casalemedia.com	0.0.0.0
search.spotxchange.com	0.0.0.0
pm.w55c.net	0.0.0.0
a.volvelle.tech	0.0.0.0
www.office.com	0.0.0.0
eus.rubiconproject.com	0.0.0.0
api.taboola.com	0.0.0.0
optomaton.geo.iponweb.net	35.210.178.101
edge.gycpi.b.yahoodns.net	87.248.118.23
geolocation.onetrust.com	104.20.184.68
googlehosted.l.googleusercontent.com	142.250.74.193
FRA-efz.ms-acdc.office.com	40.101.80.18
pixel-origin.mathtag.com	185.29.133.58
prod.appnexus.map.fastly.net	151.101.1.108
lg3.media.net	2.18.160.23
hblg.media.net	2.18.160.23
cs.emxdgt.com	18.195.155.181
ams01.sync.search.spotxchange.com	185.94.180.125
outlook.com	40.97.164.146
s3-w.us-east-1.amazonaws.com	52.216.207.171
dxedge-prod-lb-404808087.eu-central-1.elb.amazonaws.com	3.127.92.82
HHN-efz.ms-acdc.office.com	52.98.151.242
elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com	18.197.127.76
s.amazon-adsystem.com	52.46.130.13

URLs

Name	Detection
https://monday.com/terms/tos
https://monday.com/privacy
http://react-dnd.github.io/react-dnd/docs/api/drag-source
Click to see the 97 hidden entries
https://www.mindmeister.com/privacy
http://bit.ly/2kdckMn
https://outlook.live.com/owa/prefetch.aspx
https://www.msn.com/de-ch/?ocid=BHEA000&inst=1
https://contextual.media.net&https=1&act=headerBid&prvReqId=296479778191814891624543520237&erTr=0&hl
https://onedrive.live.com/?id=root&qt=search&q=
https://github.com/microsoft/fluentui/wiki/Using-icons
https://eus.rubiconproject.com/usync.html?gdpr=0&p=15414&us_privacy=1---&endpoint=
https://office.live.com/start/Word.aspx?WT.mc_id=O16_BingHP
https://aefd.nelreports.net/api/report?cat=bingaot~
https://www.office.com/park/parkingApp
https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/ch/1202211223?mkt=en-GB&it=Z
http://g.co/ng/security#xss).
http://crl.godaddy.com/gdroot-g2.crl0F
https://aefd.nelreports.net/api/report?cat=bingth~
https://www.onenote.com
https://am-match.taboola.com
https://login.microsoftonline.com/savedusers?wreply=https://office.live.com/start/Excel.aspx?WT.mc_i
https://outlook.com/?WT.mc_id=O16_BingHP
https://www.msn.com/de-ch/?ocid=BHEA000MSN
https://www.msn.com/
https://certs.godaddy.com/repository/0
https://static.vidazoo.com/basev/stdlibs.js?jsonp=__vidazoo_stdlib_5f75c0622bf8460004da7166__
https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/scripttemplates/6.4.0/otBannerSdk
https://am-match.taboola.com/sync?dast=V7OYoCFgOp4EAQX99ACgSp4EAQX99ACgUAAAAGBvkHGznj7DacyYiz22xGk9VsuRsNB8vFaDJbDIEjZ5zdhjMZcXabzWiymi1ni8VotdwsFrPFFEaEZfb7DgrK6ekxuwySpu1lOciaJpffoBaIWJ6v6W94Q2Agmk6Hz3Wv1_1-d7Xnbtf43X6Ry60x-uUOj9Hy9BhNL7tf8Dc7TU-vX2-5OOxuzcdodro8n9Nb8tJ4VhKPx2t3GN0ut8jleSvspqdb7LOYHk-3zuV5ma4vz1vh-vwVlreCQea7jrT93uM0uSdEFoMwGMwBAAAA4AGgabwW4gcAACACAAAAQOIHAACAIqDi30LgAgAAAAADwICjTAPgmcNAX5enx-gPAICHAhAAAAEMEgAB9dUSAAyY-RMAAICDOpmnbZb_____GAA9qycZAI6rjB6ABx-AB6KC0yJGAAAAAFQRNAlHkzqhsqj6____twK4AgAI0POxoqcNAwAAKBCjiBdVoEmtWRtboIfF7zc77Bq_22X__________2b_ZwBoQj164WlBCFHsaj8AAABrv4AAAGzqBgDwFgAXcidoOh0-171e9_vd1Z67XeN3-0Uut8bo1-89TpN7QmQxCIPB5gDsAAAAAO7-____8SjiRRVoUmvW8gAAAHz2KNleq_HsUdb7RoRl9vsOCsrp6TG7DJKm7WU5yJoml9-gFohYnq_pb7jfhC1Gq8lksxzOlovJYDgajkb7E8DVACdisFxOJovJbjVajTbD3Wg2WKBADCY4IcPRZrIa7Va7yXI4GY1mm8kGKVq1mo02g-FqNpntdqvhYLgcjZCiNYvZZLKYjZa7zWA5GQ2Gk-EQYWLisDg8G4db4_J43KLlzLYWrmaTtci5nK1Gq83KsJi4Ra-P6bdxOWYL0xQP5uNy7msPLnbsRXCRTtSeu1tjdItcFrFEcLpIJ6KX8XRR_1EBR3PFbq6azJWrBAAAAAAAAACwhCnzJgAAAACnQSwXi9FuuQAPw63DILgcDkY203Ixm8xMy5FrubCNJpPlyDAZrUYex8TEILgcDkY203Ixm8xMy5FrubCNJpPlyDAZrUYex8TFjR8ntOfu1hjdIpebPRPEWq2WNQAAAAC3buQA!&excid=22&docw=0&cijs=1&nlb=true
https://monday.com/lp/ms-teams-app/?utm_source=Partner&utm_campaign=appsource_marketplace)
https://rubiconproject.com/
https://monday.com
https://contextual.media.net/rtbsmpubs.php?&gdpr=0&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HBI57XI
https://jaguarshark.azurewebsites.net
http://react-dnd.github.io/react-dnd/docs/api/drop-target
https://media.net/lC
https://jaguarshark.azurewebsites.net/
https://www.msn.com/de-ch/nachrichten/politik/orban-schliesst-r%c3%bccknahme-des-anti-lgbtqi-gesetze
https://static2.sharepointonline.com/files/fabric/office-ui-fabric-react-assets/persona-male.png
https://www.office.com/?WT.mc_id=O16_BingHP
https://aefd.nelreports.net/api/report?cat=bingth
https://www.msn.com/de-ch/nachrichten/politik/orban-schliesst-r%c3%bccknahme-des-anti-lgbtqi-gesetzes-aus/ar-AALouH6?ocid=BHEA000&li=BBqfZdU
https://www.office.com
https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/ch/1202210313?mkt=en-GB&it=Z
https://outlook.office.com/owa/?path=/group/
https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/ch/1202211220?mkt=en-GB&it=Z
https://lpcres.delve.office.com/lpc/versionless/
https://www.msn.com.https://www.msn.com/de-ch/?ocid=BHEA000&inst=1
https://www.mindmeister.com/legal
https://feedback.googleusercontent.com
https://aefd.nelreports.net/api/report?cat=bingaotp
https://static.vidazoo.com/basev/skins/milkshake_default/1.0.2/milkshake_default.js
https://static2.sharepointonline.com/files/fabric/office-ui-fabric-react-assets/images/emptyfolder/e
http://react-dnd.github.io/react-dnd/docs/api/drop-target-monitor
https://setup.office.com
https://collector.azure.microsoft.scloud/Collector/3.0/
http://react-dnd.github.io/react-dnd/docs/api/drag-layer
https://www.mindmeister.com
https://static2.sharepointonline.com/files/fabric/office-ui-fabric-react-assets/images/error/error
https://www.msn.comh
https://outlook.live.com/owa/?WT.mc_id=O16_BingHP
https://templates.office.com/
https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/ch/1202211222?mkt=en-GB&it=Z
https://static2.sharepointonline.com/files/fabric-cdn-prod_20200430.002/assets/brand-icons/product/p
https://ow2.res.office365.com/
https://deff.nelreports.net/api/report?cat=msn
http://g.co/ng/security#xss
https://ow2.res.office365.com/owalanding/2021.4.9.04/javascripts/dom-scripts.js
https://office.live.com/start/Excel.aspx?WT.mc_id=O16_BingHP
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%5Bpartner_user_id%5D%26orig%3Dvideo%26us_privacy%3D1---&gdpr=0&s=183756&us_privacy=1---&C=1
https://www.office.com/?WT.mc_id=O16_BingHPbd
https://www.msn.com/de-ch/?ocid=BHEA000
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fcasale-network%2
https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47
https://office.live.com/start/Word.aspx?WT.mc_id=O16_BingHP
https://login.microsoftonline.com/
https://spoprod-a.akamaihd.net/files/fabric/assets/icons/
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://www.msn.com/de-ch/?ocid=BHEA000FMSN
https://fb.me/react-async-component-lifecycle-hooks
https://outlook.live.com/owa/prefetch.aspx
https://products.office.com
https://substrate.office.com/ows/v2.0/ActivityFeed
http://certs.godaddy.com/repository/1301
https://redirecturl.monday.com/?url=my_week
https://outlook.com/?WT.mc_id=O16_BingHPK?_
https://github.com/indutny/elliptic/issues
https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/ch/1202211221?mkt=en-GB&it=Z
https://templates.office.com/en-US/Search/results?query=
https://www.msn.com/_h/9c38ab9f/webcore/externalscripts/oneTrustV2/scripttemplates/otSDKStub.jsaD
https://dns.google
https://www.office.com/
https://www.outlook.com/
https://portal.office.com/Commerce/Catalog.aspx?source=home
https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/MSAL-basics.
https://facebook.github.io/react/docs/more-about-refs.html#the-ref-callback-attribute
https://login.microsoftonline.com/savedusers?wreply=https://office.live.com/start/Word.aspx?WT.mc_id=O16_BingHP&appid=4b233688-031c-404b-9a80-a4f3f2351f90
https://am-match.taboola.com/sync?dast=V7OYoCFgOp4EAQX99ACgSp4EAQX99ACgUAAAAGBvkHGznj7DacyYiz22xGk9V
https://deff.nelreports.net/api/report?cat=msn~
https://live.com/
https://www.msn.com

Dropped files

No malicious files found. See full and IOC report for all dropped files.

Deep Malware Analysis

https://go.microsoft.com/fwlink/?LinkId=389361.

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

https://go.microsoft.com/fwlink/?LinkId=389361. Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

https://go.microsoft.com/fwlink/?LinkId=389361.