analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Pavón Molina Rosa María le invita a colaborar en Factura 41742.msg

Full analysis: https://app.any.run/tasks/8cd20278-9163-4e84-ab14-315f83dbfa09
Verdict: Malicious activity
Analysis date: February 22, 2020, 07:04:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/vnd.ms-outlook
File info: CDFV2 Microsoft Outlook Message
MD5:

379159D79F59B3BDB4D7BD0D3C0FBE92

SHA1:

6975467A27763ACF3B8B2CAA8B2A98A74BBF5B57

SHA256:

2BF3F64FF6E2A8823E6C88BE114E73631BDA72ED9CEF9F195A9223DB8AB4D6D0

SSDEEP:

1536:fwxeK/LU5c5dAektHfyqMbr+xAduektHfCWUW2WKW3A9qoaPCufW0sW/xq3DZ3on:adCd/M/ZdEdqgovcxqTZ3BRIvvfIS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Unusual execution from Microsoft Office

      • OUTLOOK.EXE (PID: 3000)
  • SUSPICIOUS

    • Reads Internet Cache Settings

      • OUTLOOK.EXE (PID: 3000)
    • Creates files in the user directory

      • OUTLOOK.EXE (PID: 3000)
  • INFO

    • Modifies the open verb of a shell class

      • chrome.exe (PID: 4008)
    • Manual execution by user

      • chrome.exe (PID: 4008)
    • Reads the hosts file

      • chrome.exe (PID: 3912)
      • chrome.exe (PID: 4008)
      • chrome.exe (PID: 2540)
      • chrome.exe (PID: 1516)
    • Application launched itself

      • chrome.exe (PID: 4008)
      • chrome.exe (PID: 1516)
    • Reads Microsoft Office registry keys

      • OUTLOOK.EXE (PID: 3000)
    • Reads settings of System Certificates

      • chrome.exe (PID: 3912)
      • chrome.exe (PID: 2540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msg | Outlook Message (58.9)
.oft | Outlook Form Template (34.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
76
Monitored processes
39
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3000"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Pavón Molina Rosa María le invita a colaborar en Factura 41742.msg"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Version:
14.0.6025.1000
4008"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
75.0.3770.100
3664"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6729a9d0,0x6729a9e0,0x6729a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
820"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2500 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3756"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,8783550115109116842,3910445713768905223,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15359388282637915747 --mojo-platform-channel-handle=1028 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3912"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,8783550115109116842,3910445713768905223,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=7972671265190704768 --mojo-platform-channel-handle=1616 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2412"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,8783550115109116842,3910445713768905223,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1909012727562455203 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3680"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,8783550115109116842,3910445713768905223,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12663689853408301957 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3524"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1020,8783550115109116842,3910445713768905223,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13958948995886426740 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3716"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1020,8783550115109116842,3910445713768905223,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=6566813516833376544 --mojo-platform-channel-handle=2816 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
2 223
Read events
1 505
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
37
Text files
325
Unknown types
10

Dropped files

PID
Process
Filename
Type
3000OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\CVR8536.tmp.cvr
MD5:
SHA256:
4008chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5E50D291-FA8.pma
MD5:
SHA256:
3000OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.logtext
MD5:D5A19EF4971F73F1252F0843BAECD202
SHA256:E1ADB6658DE5B3350BFFB3E6721725B1AAEBE0A7999494D5CF3645C620226637
3000OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmpgc
MD5:75E09493D3F79DE16DC107240BDC6A5D
SHA256:D1211451EB9867751E8601D90CFE491B66FBF621964790F9D1BC653B3833C9E2
4008chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:F69C20D5B552B8D973FB1CBA5FDD7D87
SHA256:48799968D50E2D74E625A0AB18E93C6792AF20010334C6BB4E935C8D26F7026A
3000OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_C71056DEF74B014BA1351B690B4A89AD.datxml
MD5:EEAA832C12F20DE6AAAA9C7B77626E72
SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16
3000OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_087D4F23055FBA43935E10E156950664.datxml
MD5:B21ED3BD946332FF6EBC41A87776C6BB
SHA256:B1AAC4E817CD10670B785EF8E5523C4A883F44138E50486987DC73054A46F6F4
4008chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RFa69da0.TMPtext
MD5:F69C20D5B552B8D973FB1CBA5FDD7D87
SHA256:48799968D50E2D74E625A0AB18E93C6792AF20010334C6BB4E935C8D26F7026A
3000OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2CB8BD39.datimage
MD5:1E13EE0ED09C4AF1ADFB6C0D280879B0
SHA256:E2395FBA25D3FB8A971345CA65D144F7D9C9D933F70409165446E63D18C0958D
3000OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_23B7503B17596E4E9C242C1C802E03C5.datxml
MD5:57F30B1BCA811C2FCB81F4C13F6A927B
SHA256:612BAD93621991CB09C347FF01EC600B46617247D5C041311FF459E247D8C2D3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
39
DNS requests
29
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3000
OUTLOOK.EXE
GET
64.4.26.155:80
http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig
US
whitelisted
2540
chrome.exe
GET
302
172.217.23.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
511 b
whitelisted
2540
chrome.exe
GET
200
84.15.65.12:80
http://r1---sn-cpux-gpme.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mip=85.206.166.82&mm=28&mn=sn-cpux-gpme&ms=nvh&mt=1582354829&mv=u&mvi=0&pl=23&shardbypass=yes
LT
crx
293 Kb
whitelisted
2540
chrome.exe
GET
302
172.217.23.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
532 b
whitelisted
2540
chrome.exe
GET
200
84.15.65.13:80
http://r2---sn-cpux-gpme.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=85.206.166.82&mm=28&mn=sn-cpux-gpme&ms=nvh&mt=1582354829&mv=u&mvi=1&pcm2cms=yes&pl=23&shardbypass=yes
LT
crx
862 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3000
OUTLOOK.EXE
64.4.26.155:80
config.messenger.msn.com
Microsoft Corporation
US
whitelisted
3912
chrome.exe
172.217.21.234:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3912
chrome.exe
172.217.21.237:443
accounts.google.com
Google Inc.
US
whitelisted
3912
chrome.exe
172.217.21.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3912
chrome.exe
216.58.210.14:443
apis.google.com
Google Inc.
US
whitelisted
3912
chrome.exe
216.58.207.46:443
clients2.google.com
Google Inc.
US
whitelisted
3912
chrome.exe
216.58.206.3:443
fonts.gstatic.com
Google Inc.
US
whitelisted
3912
chrome.exe
172.217.21.196:443
www.google.com
Google Inc.
US
whitelisted
3912
chrome.exe
216.58.205.238:443
ogs.google.com
Google Inc.
US
whitelisted
3912
chrome.exe
172.217.22.35:443
www.google.com.ua
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
config.messenger.msn.com
  • 64.4.26.155
whitelisted
clientservices.googleapis.com
  • 172.217.21.195
whitelisted
accounts.google.com
  • 172.217.21.237
shared
www.google.com.ua
  • 172.217.22.35
whitelisted
fonts.googleapis.com
  • 172.217.21.234
whitelisted
www.gstatic.com
  • 172.217.22.3
whitelisted
www.google.com
  • 172.217.21.196
whitelisted
fonts.gstatic.com
  • 216.58.206.3
whitelisted
apis.google.com
  • 216.58.210.14
whitelisted
ogs.google.com
  • 216.58.205.238
whitelisted

Threats

No threats detected
No debug info