File name: | TR Reminder Outstanding Debt.msg |
Full analysis: | https://app.any.run/tasks/03a30517-641b-41a4-a3dc-7b43a3891ab0 |
Verdict: | Malicious activity |
Analysis date: | February 21, 2020, 19:34:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 8AC4485B12A413F348EBAA3E51ECC8AF |
SHA1: | 6E0E99BCCBF18B89322FDC27B6CABEA08141C0EB |
SHA256: | 238BC58E8F6B8BAE62C28D6899583FC710CD926F3FEF714622E50FB1DAFC6764 |
SSDEEP: | 12288:FODdvfIpPUpYj0NjR2QQ9B94S5D1V8urJOKS:FmIpPpjv594EVy |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3100 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\TR Reminder Outstanding Debt.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
1456 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\7M0GPNJA\IVN2227202.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2712 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2508 | cmd /c C:\LibWinTasksProvider\WedpolicyDepSet\CalenderView.BAT | C:\Windows\system32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3032 | wscript C:\LibWinTasksProvider\CalenderView.JSE /nologo | C:\Windows\system32\wscript.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3100 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR6C01.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3100 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\7M0GPNJA\IVN2227202 (2).doc\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
1456 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR8516.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1456 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_4338E495-6ED0-4C85-B860-26CF4767FC8F.0\CE789F69.doc\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
3100 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:6DFCCEEFB32EAB3E28F3E77C7A70B9DB | SHA256:E37FB8E336B2CDE6E35BD6A642838B2AF6792A026FAC8083D78489A071D308AE | |||
3100 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:3DF39BE2BB0F0F4C64D99BB9C2762C4B | SHA256:6D79DF97E7A9034EDB594263C1A8B7FA8CA0B76A43A6552D39D7B9B98529E1F9 | |||
1456 | WINWORD.EXE | C:\LibWinTasksProvider\WedpolicyDepSet\CalenderView.BAT | text | |
MD5:61E8655CA1393B13C826953A9BBF13D3 | SHA256:7414E595C91D12BA7F4AABE2842B7743D5DEE264016DFB82BF5314F17F29EDDF | |||
1456 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_4338E495-6ED0-4C85-B860-26CF4767FC8F.0\CE789F69.doc | document | |
MD5:0162C640EF7F2B32485C970E44A2C5C4 | SHA256:8D531BA0C845179060CD6551AA1833AC65AD850BC8E12B7121BF83E63DC7B137 | |||
1456 | WINWORD.EXE | C:\LibWinTasksProvider\CalenderView.JSE | text | |
MD5:3573A33988C2C19F18D2DE07B87818FC | SHA256:3E76E0AAAC22C57A6928FA2B5864098CEB56B836E0B20F568CC476B99F82568A | |||
3100 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_2D8990340AE38E4F9C59AB7A9047656E.dat | xml | |
MD5:B21ED3BD946332FF6EBC41A87776C6BB | SHA256:B1AAC4E817CD10670B785EF8E5523C4A883F44138E50486987DC73054A46F6F4 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3100 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |