File name: | cyndie.eml |
Full analysis: | https://app.any.run/tasks/1e73cc86-26ff-46b4-99fd-d5463610644d |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 21:07:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 62CA98988ABE61139EA731F8AD0358F9 |
SHA1: | AB4E7C8A529C72FB74EB5330B66B9FF11FE9DF4F |
SHA256: | 1F2337B5B5D7F8D96F6629F2413F5A1815FE1887A33612C99D5742EB06B39420 |
SSDEEP: | 768:TXsYVZVHoAaP4YlvTQO9GmkCKum41j5jxdefN:TlrVba79GMKum41j53M |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1536 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\cyndie.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
1408 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.canva.com/design/DAE1cxgabQ8/zPjfvX_gVIXMHLGVP59uYw/view?utm_content=DAE1cxgabQ8&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2708 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1408 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1536 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRE5EE.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1536 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
1536 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:73E7EAE3057E883F70B1B72932C8D1B5 | SHA256:0E0AF2D0E0C653E1D5DB24F028FED29CCA1C2C67BF9E67CFA4D5EBE7F9503710 | |||
2708 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:BD037F4FCED6F64FCC677DAED90462E8 | SHA256:2F342412FEFA3C1E16BE81FB552101B0226393D20EE519939AF6C7358B117600 | |||
2708 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\AYYQZ51C.txt | text | |
MD5:7256607E22F0C68341AA4854ACFE0D7F | SHA256:421FC15322078EF2277F8A1904F3EFB2EEB10C2BDC27C81E5F12BCA151C81F70 | |||
2708 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLFFW11U.txt | text | |
MD5:781BAFE91922DBE08EA364CFC13D2480 | SHA256:3E7B9DED8A767F57CE74668CFD91BBFFA77EC87A2999FE69CDAB4FD3FE50E1BD | |||
2708 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | binary | |
MD5:E04CF2ABADCBA0E44D98A7AB4868A21A | SHA256:6FFC9D24BB895CFBD61953AF630FFBE301EB8576BB48B093BCBB126A4132C50B | |||
1536 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:4F6C205B20AB45A430B2654DA1CB9DE8 | SHA256:B565894884AE1BAE867E5D4E2EA75B17B7FE684C979EBAC1221B435A25FA600C | |||
2708 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27 | der | |
MD5:3A9132FB193502EF5E73B14A1CF53955 | SHA256:D8960D8C731B72AC75CCB4E9680234A9A7B085AEC9B5F446478B62F0C2438456 | |||
2708 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZPQHYG0.txt | text | |
MD5:F2FFE974A771830DC45FC40738BA0339 | SHA256:405A1AAEB5FA59A64BC6431997AC85EE7ABE7C3743ED218B5C177EDF3E56072F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1408 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1408 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D | US | der | 471 b | whitelisted |
2708 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
2708 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEG9FXshPqpwWCgAAAAEn3MY%3D | US | der | 471 b | whitelisted |
2708 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
1408 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2708 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
2708 | iexplore.exe | GET | 200 | 142.250.185.163:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D | US | der | 471 b | whitelisted |
2708 | iexplore.exe | GET | 200 | 8.241.122.126:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e95783f9af4dc9c6 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1536 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
2708 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2708 | iexplore.exe | 142.250.185.163:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
2708 | iexplore.exe | 142.250.185.234:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2708 | iexplore.exe | 104.17.114.17:443 | www.canva.com | Cloudflare Inc | US | unknown |
2708 | iexplore.exe | 104.16.94.65:443 | static.cloudflareinsights.com | Cloudflare Inc | US | shared |
2708 | iexplore.exe | 104.17.115.17:443 | www.canva.com | Cloudflare Inc | US | unknown |
2708 | iexplore.exe | 8.241.122.126:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | suspicious |
1408 | iexplore.exe | 104.17.115.17:443 | www.canva.com | Cloudflare Inc | US | unknown |
1408 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
www.canva.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
static.canva.com |
| whitelisted |
document-export.canva.com |
| suspicious |
static.cloudflareinsights.com |
| whitelisted |