File name: | Welcome to MyAnalytics.msg |
Full analysis: | https://app.any.run/tasks/51e2f1e5-0380-461b-93f4-0999f82be816 |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 08:46:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 5BBD1247165850F49CEC81D963A4C90B |
SHA1: | DE65CEBC827F576300BA22DA1C9DDAD04D98B02E |
SHA256: | 2A9BC801559A9C3F879293925C99D6B292719B2A043B34E853E4B751C5BC49D9 |
SSDEEP: | 3072:dfVB6gN94xRnAxykadFQcUGaa8r6yQKFsla53T/mqpYC/S:XB6gV8X4G/HXe37mORS |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2384 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Welcome to MyAnalytics.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
944 | "C:\Program Files\Internet Explorer\iexplore.exe" https://myanalytics.microsoft.com/?v=home&w=showfre&s=Welcome_e61a6db4-0f90-468a-8cf5-7c3f107e37bf | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3848 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:944 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3028 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:944 CREDAT:6403 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRA89E.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:AF57BB14144C217767FD9F682364BBA1 | SHA256:BD33CD088682EA28F4A995ECB0472BE882DC7430904BD5BD7B41AAF0383DF2BC | |||
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:BD789AF0CABC64128BEAD28026128A43 | SHA256:5BAB4B742ABCD99F3C348DA6EFFC991456881EAD07EB4CF349C6D65C4149CE9A | |||
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\59CD48A6.dat | image | |
MD5:099A4EE058ABA840274ADCE07F2D18CD | SHA256:E672BCE95758914822B3C64AEE7EA01C4341BEAC921579079C89CF7588123388 | |||
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7294D46F.dat | image | |
MD5:F32883C33166977C59CF27D618B1E2CE | SHA256:BC6B6A5A9C350E1AD65F9F2747A78586EBC8FF0A6B91013B77F338B5FE8D8E50 | |||
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\480E492B.dat | image | |
MD5:752755D9541CBB4ECE6F74DF664D2ECE | SHA256:EBECF5EC9B6CB5CE402E0B48742E101AB2319A2015715DF89204D80DFB0F0C1C | |||
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DE167CBA.dat | image | |
MD5:01C2DAAA1E1A817AEE1511ED3FBCDA8D | SHA256:F14BCB229C4AD54414030EAC4D841AB5BE149021384972C9445412522C96D848 | |||
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\520D925D.dat | image | |
MD5:8DB6F62816FD0C94C288F93224BC803A | SHA256:B87974726F8B720D48A32F3C95E8D1C742A9B32AE146611006352526C22B597E | |||
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\923B2771.dat | image | |
MD5:9451572A6EEC66EDE571C13ADD250D88 | SHA256:F18BDA162C12EC867DFF1064C84594A0ED5FC40B8FE12B574E60F23F47D858A4 | |||
2384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DD0A03A4.dat | image | |
MD5:959AAAAE545A756A0B708BF6DB81D88C | SHA256:B29ADEACD7BE785E467E82F288710B511212FEF68157E5CC7BB9532B128B7230 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2384 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
944 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
944 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2384 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
3028 | iexplore.exe | 40.86.224.81:443 | myanalytics.microsoft.com | Microsoft Corporation | CA | unknown |
3848 | iexplore.exe | 40.86.224.81:443 | myanalytics.microsoft.com | Microsoft Corporation | CA | unknown |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
myanalytics.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |