File name: | eml |
Full analysis: | https://app.any.run/tasks/f8803373-08a0-492d-bd18-72456c87846e |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 11:10:42 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators |
MD5: | B469CD2AE53DBB90C600BB49EF960D40 |
SHA1: | B25288BDF9DC42D3D00EAE18B317166B917D990C |
SHA256: | 1C39F41797B0F3B223BD90A99C5D011D1A26B0C8F2919639319A7E9C6C9AA48A |
SSDEEP: | 6144:CgMqr6KZj699P1bbeT1BpyyVwj1Tr9TP51Gpj:Cg9ljOB1bST1BpBwj1Trp54pj |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2984 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\eml.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 Modules
| |||||||||||||||
672 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | OUTLOOK.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Version: 14.0.6024.1000 Modules
| |||||||||||||||
704 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\F879RT6G\IAFA22 Agenda (1).docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | OUTLOOK.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 Modules
| |||||||||||||||
2492 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\F879RT6G\IAFA22 Agenda (1).docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | OUTLOOK.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 Modules
| |||||||||||||||
3184 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\F879RT6G\IAFA22 Agenda (1).docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | OUTLOOK.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 Modules
| |||||||||||||||
3588 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\F879RT6G\IAFA22 Agenda (1).docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | OUTLOOK.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 Modules
| |||||||||||||||
2056 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Version: 14.0.6024.1000 Modules
| |||||||||||||||
2484 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Version: 14.0.6024.1000 Modules
| |||||||||||||||
3188 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 Modules
| |||||||||||||||
1400 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Version: 14.0.6024.1000 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2984 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR46DE.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2984 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
2984 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:D08ECF6711A8E8EB2E02F31CC0B28FF2 | SHA256:77FE0014FFD83AFDABB0C546733FC0D6C379F8FF2A8135B709C4B1990A13DDB7 | |||
704 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA625.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2984 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:47A8C8EA26CB7CDA6E41128DC30B0B6D | SHA256:4F6FA6C2A34F419C79ACE9C7B58DFF5BEA9E564696E5C57F5C79356499D98BEC | |||
2984 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\tmp4857.tmp | binary | |
MD5:AD3438B8974FED7E79DFD971550908FF | SHA256:FB74B9871E56E52FC65A0A25D01BEFBE6D818B19D6C5B408F5B6090515082C76 | |||
2492 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA683.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3184 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA6D1.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3588 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA819.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2984 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\tmp4856.tmp | text | |
MD5:FB3BF6EE42394CC0443D51532A357C78 | SHA256:FAA615218F26A1A242E502300132BEBA6BD6DF078AB8BE6ECFE8DC1C569E6C06 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2984 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2984 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |