analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

phish_alert_sp2_2.0.0.0.eml

Full analysis: https://app.any.run/tasks/73d1d417-9fce-4267-9c48-dbad5feebfa1
Verdict: Malicious activity
Analysis date: August 12, 2022, 16:56:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: message/rfc822
File info: RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators
MD5:

D58AE978AD0562995113EE96B0E7A02D

SHA1:

1E682DA700B26A528E64FDD27A8327F3E0D0E2A0

SHA256:

1654A114726B421486B31BD3F23F7806046A58247DB275B78CA66B10E7D2A9B9

SSDEEP:

384:A0Q/nXIhg88WdufWZSC6PQ+5z9bsdDWXoIxMRyt:wIeWdzZLX+5RbsdDWXo7Ryt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Checks supported languages

      • OUTLOOK.EXE (PID: 2544)

    • Reads the computer name

      • OUTLOOK.EXE (PID: 2544)

    • Searches for installed software

      • OUTLOOK.EXE (PID: 2544)

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 1520)
      • iexplore.exe (PID: 3400)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2984)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 1708)
      • iexplore.exe (PID: 1520)
      • iexplore.exe (PID: 1572)
      • iexplore.exe (PID: 3400)
      • chrome.exe (PID: 2984)
      • chrome.exe (PID: 2880)
      • chrome.exe (PID: 2728)
      • chrome.exe (PID: 828)
      • chrome.exe (PID: 3924)
      • chrome.exe (PID: 3396)

    • Checks supported languages

      • iexplore.exe (PID: 1520)
      • iexplore.exe (PID: 1708)
      • iexplore.exe (PID: 1572)
      • iexplore.exe (PID: 3400)
      • chrome.exe (PID: 440)
      • chrome.exe (PID: 3464)
      • chrome.exe (PID: 2984)
      • chrome.exe (PID: 3832)
      • chrome.exe (PID: 2728)
      • chrome.exe (PID: 2880)
      • chrome.exe (PID: 2700)
      • chrome.exe (PID: 3276)
      • chrome.exe (PID: 1540)
      • chrome.exe (PID: 828)
      • chrome.exe (PID: 4028)
      • chrome.exe (PID: 3504)
      • chrome.exe (PID: 696)
      • chrome.exe (PID: 3924)
      • chrome.exe (PID: 2940)
      • chrome.exe (PID: 3584)
      • chrome.exe (PID: 3396)
      • chrome.exe (PID: 2596)
      • chrome.exe (PID: 2840)
      • chrome.exe (PID: 1120)
      • chrome.exe (PID: 2704)

    • Changes internet zones settings

      • iexplore.exe (PID: 1708)
      • iexplore.exe (PID: 1572)

    • Application launched itself

      • iexplore.exe (PID: 1708)
      • iexplore.exe (PID: 1572)
      • chrome.exe (PID: 2984)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1520)
      • iexplore.exe (PID: 1708)
      • iexplore.exe (PID: 1572)
      • chrome.exe (PID: 2728)

    • Reads the date of Windows installation

      • iexplore.exe (PID: 1708)

    • Changes settings of System certificates

      • iexplore.exe (PID: 1708)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 1520)
      • iexplore.exe (PID: 1708)
      • iexplore.exe (PID: 1572)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1708)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1520)
      • iexplore.exe (PID: 3400)

    • Reads Microsoft Office registry keys

      • OUTLOOK.EXE (PID: 2544)

    • Manual execution by user

      • chrome.exe (PID: 2984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 5) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
65
Monitored processes
26
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2544"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Version:
14.0.6025.1000
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft office\office14\outlook.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1708"C:\Program Files\Internet Explorer\iexplore.exe" http://url9719.goicsi.co/ls/click?upn=jzTSFpa3izh8c0opdUgrLWqQBBwhTd6aooAridhS25Va8kN5eHUPFWhNwQH6JtKA74b-2FiGOQyjlKWFvbnNCe8HPHZ5HfEkfwwVu-2BCR-2FRqWY-3DIcmT_62i4ZQidJAut2vx9TYnJ86vRZt2riAS8bWxQdi-2FOrCjKEBUdFJdEoXhzxWuyr4s1l8N-2FYWbaE7gS9FEFYs4jR7m9W53vCJHuY4g7026pKValZNBqu3vP1JwAxEPVb9ygNM8HyJJmE8DhHDs6cr6BJKSIgy5T7yLlejf9QK4or54zUpELD6ZXPdm9-2FgYd-2FtB-2F-2B3oroDHM-2BaOD6NOOXGac-2BEU25Y-2BgrqLfMK0FbPYXP9KU4G6ubb95Z-2FZYiCeXEgsy-2FtTjIZgmcyxW5vnkX1yJ6pXqObV6tSxTIx-2FACR5t0io9GRM2HwfTL5fJePm44lOCEhg80L0UMGcngltLGAtmqViPiZIH1-2B9yXoMMS2bOSGICla11tSJ9FQ91olmUAUL4ntUEtRxru7wCRsn7WdOpvNrLUVB49oq-2Ba7Tp-2Bgww4LCNXuIREQCLlXQXxWpwQrShC:\Program Files\Internet Explorer\iexplore.exe
OUTLOOK.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
1520"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1708 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
1572"C:\Program Files\Internet Explorer\iexplore.exe" http://www.integrated-controls.co/C:\Program Files\Internet Explorer\iexplore.exe
OUTLOOK.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3400"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1572 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2984"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
440"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x67e2d988,0x67e2d998,0x67e2d9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2880"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,15862119321351132588,2861766345130604034,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=988 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2728"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,15862119321351132588,2861766345130604034,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1336 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
3464"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,15862119321351132588,2861766345130604034,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1912 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
36 298
Read events
35 389
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
157
Text files
126
Unknown types
16

Dropped files

PID
Process
Filename
Type
2544OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\CVR5C40.tmp.cvr
MD5:
SHA256:
2544OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
MD5:
SHA256:
2544OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.logtext
MD5:757F163195D3C8BEC6A9A1417F1D23E8
SHA256:9A162894A4D1FD6F73A5E3283D446CB6273C00C5E4952A91924C9FB16AA6A0DD
1520iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarA010.tmpcat
MD5:7EE994C83F2744D702CBA18693ED1758
SHA256:5DB917AB6DC8A42A43617850DFBE2C7F26A7F810B229B349E9DD2A2D615671D2
2544OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmpgc
MD5:A64A5C436F578BDEE3BAE015BA60809B
SHA256:2F699340BB652778BAFE13183BD3C4C12E15E8CB20D19AFBAC1E627D676DBC01
1520iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:E3BDDC988C10E32F9039BB38FFEFA0BF
SHA256:222A3A629F54B1FAF4BD8D4A39CBA5FE9BF51BB447E6F75A30619B859F2C72F9
1520iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:589C442FC7A0C70DCA927115A700D41E
SHA256:2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A
2544OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inftext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
2544OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_EB7375E47345BB4FA6C8B59D07466625.datxml
MD5:807EF0FC900FEB3DA82927990083D6E7
SHA256:4411E7DC978011222764943081500FFF0E43CBF7CCD44264BD1AB6306CA68913
1520iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\m[1].txttext
MD5:FFC3D8050DC59961EF5E11E05192138F
SHA256:FE4030E2EE82D81120BBF932D3262954A25EA51A1E61B5F49716757BA9898498
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
63
DNS requests
48
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2544
OUTLOOK.EXE
GET
64.4.26.155:80
http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig
US
whitelisted
1520
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b7df5e784415a40e
US
compressed
60.2 Kb
whitelisted
1520
iexplore.exe
GET
200
2.16.186.19:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNUrtaAdpqYQo3ahNQJaw6Ilw%3D%3D
unknown
der
503 b
shared
1708
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
1708
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
1520
iexplore.exe
GET
302
167.89.118.83:80
http://url9719.goicsi.co/ls/click?upn=jzTSFpa3izh8c0opdUgrLWqQBBwhTd6aooAridhS25Va8kN5eHUPFWhNwQH6JtKA74b-2FiGOQyjlKWFvbnNCe8HPHZ5HfEkfwwVu-2BCR-2FRqWY-3DIcmT_62i4ZQidJAut2vx9TYnJ86vRZt2riAS8bWxQdi-2FOrCjKEBUdFJdEoXhzxWuyr4s1l8N-2FYWbaE7gS9FEFYs4jR7m9W53vCJHuY4g7026pKValZNBqu3vP1JwAxEPVb9ygNM8HyJJmE8DhHDs6cr6BJKSIgy5T7yLlejf9QK4or54zUpELD6ZXPdm9-2FgYd-2FtB-2F-2B3oroDHM-2BaOD6NOOXGac-2BEU25Y-2BgrqLfMK0FbPYXP9KU4G6ubb95Z-2FZYiCeXEgsy-2FtTjIZgmcyxW5vnkX1yJ6pXqObV6tSxTIx-2FACR5t0io9GRM2HwfTL5fJePm44lOCEhg80L0UMGcngltLGAtmqViPiZIH1-2B9yXoMMS2bOSGICla11tSJ9FQ91olmUAUL4ntUEtRxru7wCRsn7WdOpvNrLUVB49oq-2Ba7Tp-2Bgww4LCNXuIREQCLlXQXxWpwQrSh
US
html
79 b
suspicious
2728
chrome.exe
GET
301
198.12.227.3:80
http://www.integrated-controls.com/
US
unknown
1520
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?84f6925c03c96cc7
US
compressed
4.70 Kb
whitelisted
1520
iexplore.exe
GET
200
96.16.145.230:80
http://x1.c.lencr.org/
US
der
717 b
whitelisted
2728
chrome.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
crx
242 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2544
OUTLOOK.EXE
64.4.26.155:80
config.messenger.msn.com
Microsoft Corporation
US
whitelisted
1520
iexplore.exe
96.16.145.230:80
x1.c.lencr.org
Akamai Technologies, Inc.
US
suspicious
1708
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1708
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1708
iexplore.exe
34.122.213.224:443
apollo.fagdct.com
US
suspicious
1520
iexplore.exe
34.122.213.224:443
apollo.fagdct.com
US
suspicious
1520
iexplore.exe
2.16.186.19:80
r3.o.lencr.org
Akamai International B.V.
whitelisted
1520
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
1520
iexplore.exe
167.89.118.83:80
url9719.goicsi.co
SendGrid, Inc.
US
suspicious
2728
chrome.exe
142.250.185.138:443
fonts.googleapis.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
config.messenger.msn.com
  • 64.4.26.155
whitelisted
url9719.goicsi.co
  • 167.89.118.83
  • 167.89.118.52
  • 167.89.123.124
  • 167.89.123.54
suspicious
apollo.fagdct.com
  • 34.122.213.224
suspicious
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
  • 131.253.33.200
  • 13.107.22.200
whitelisted
x1.c.lencr.org
  • 96.16.145.230
whitelisted
r3.o.lencr.org
  • 2.16.186.19
  • 2.16.186.27
  • 2.16.186.8
  • 2.16.186.33
  • 2.16.186.25
shared
ocsp.digicert.com
  • 93.184.220.29
whitelisted
www.integrated-controls.co
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
phish_alert_sp2_2.0.0.0.eml