File name: | Jenny Adams sent you some files.msg |
Full analysis: | https://app.any.run/tasks/3f523c0d-d102-4092-b920-f9f3bd623f6f |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 08:23:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | F2FED41207FF39C7DF20435D10F80E53 |
SHA1: | E6404E8688B35B643F2A4F4128CBB3B3E50BC565 |
SHA256: | 4088259CC4ACA278BC917E3020ABEABC63F9EF51307D45D2E809C40FBC301387 |
SSDEEP: | 1536:3PvpGHeolOReUUfoSoaWQB1hbBv/WmU1o6mathEWuWrW27xjsWxCDmvZ1:3PvpGHegOZz8DNZOBqapxj7CDmh1 |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2536 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Jenny Adams sent you some files.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
4016 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.dropbox.com/l/AACiRjXaqhcQdVZaodB80wugzDqyJC5hwOI | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2980 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4016 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2536 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR4105.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2980 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab7091.tmp | — | |
MD5:— | SHA256:— | |||
2980 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar7092.tmp | — | |
MD5:— | SHA256:— | |||
2980 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EQ3IF9OZ.txt | — | |
MD5:— | SHA256:— | |||
2980 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\W3YW2VUI.txt | — | |
MD5:— | SHA256:— | |||
2980 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\CBX01M78.txt | — | |
MD5:— | SHA256:— | |||
2536 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:74161084A0BABF43B83819076CAD2DF1 | SHA256:8E901341408D1DBF9705B94FE0748C110AA88D79BB7702AD92071B14F444DAA3 | |||
2536 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:EA0210FF6A37E399104973755292BDCF | SHA256:BFD8C35FE4105E3431994C3AA03797B2BC8B93FE43CE9A36BEC17DA24497DC5F | |||
2980 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5887976EDAA817EEF5159B09F6FCD000_4A5A3BC526AB2D47B3B6ADE97F7B2901 | der | |
MD5:74BB31D1BA5F5EECBEC6CCBF8E0F9AEF | SHA256:564D564AC5EB50500F4D5DBF863DAE74C14F155DAF38E89EF142990FB46E5B7C | |||
2980 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 | der | |
MD5:C05380DA094A5F65B2A51198091C979F | SHA256:CF3DE44127733E8C95DCE92EABF31E5FA3E356F7FCA5A0F6612D49FB57425204 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2980 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
4016 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2980 | iexplore.exe | GET | 304 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAbodu2PI7ugI0Gl5Yvo7%2B0%3D | US | der | 471 b | whitelisted |
2980 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAblg20XjDYvMdklb%2BSFKGs%3D | US | der | 471 b | whitelisted |
2980 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
4016 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2980 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
4016 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2980 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAbodu2PI7ugI0Gl5Yvo7%2B0%3D | US | der | 471 b | whitelisted |
4016 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2536 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
4016 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2980 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2980 | iexplore.exe | 162.125.66.1:443 | www.dropbox.com | Dropbox, Inc. | DE | shared |
2980 | iexplore.exe | 162.125.248.1:443 | dropbox.com | Dropbox, Inc. | US | shared |
4016 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
4016 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2980 | iexplore.exe | 104.16.100.29:443 | cfl.dropboxstatic.com | Cloudflare Inc | US | shared |
4016 | iexplore.exe | 104.16.100.29:443 | cfl.dropboxstatic.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
www.dropbox.com |
| shared |
ocsp.digicert.com |
| whitelisted |
cfl.dropboxstatic.com |
| shared |
dropbox.com |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |