File name: | External Email Account Suspended.msg |
Full analysis: | https://app.any.run/tasks/9a4050c8-0dec-41ec-af51-2b083bab172e |
Verdict: | Malicious activity |
Analysis date: | October 19, 2020, 21:38:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 3D749FEB17B9B0B0DD9CA3D301F04A78 |
SHA1: | F3425696B496E467F50290DA8571EA171DA8EA23 |
SHA256: | 41EDBF9C5C211C30E95FAE68C6BD0F321CCEE1F755F35757FC0BAE103FBCCFB7 |
SSDEEP: | 1536:evz/MF/MswMYgNkEGWDWQ/YL9WCOQqcq3wOWbHY1:ebY9wb7ExYL21LQHY1 |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3068 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\External Email Account Suspended.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
3488 | "C:\Program Files\Internet Explorer\iexplore.exe" https://urldefense.com/v3/__http:/login.mailcenter-alert.com/test_ffd563d352?l=64__;!!CjcC7IQ!emB6UfMrfeUvceQ4qQfp-RIwdu7MhJQLjhh-EdZEPUB5MaMrATg9WC3UIoy2_hyUlcs$ | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3180 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3488 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3068 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR5028.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3180 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9915FBCE5ECE56452A09FB65EDE2FAD2_18932885610B5B91D0B9280DC39653E2 | — | |
MD5:— | SHA256:— | |||
3068 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:8F7ABCFA032ED2C257E579924E605353 | SHA256:7D78DD7947C7A5C473F30106693F4F13559371AFA5FA934A06527B97E4A26662 | |||
3068 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:9732BF9111D5B3CD17C340EAC7C9D540 | SHA256:71FF4073BE7BA1377551EF7752A5713691456039A776FCE1AA61509810F39F64 | |||
3180 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarEC79.tmp | — | |
MD5:— | SHA256:— | |||
3180 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9915FBCE5ECE56452A09FB65EDE2FAD2_18932885610B5B91D0B9280DC39653E2 | der | |
MD5:7703A942BD2368F6386EE00658BDD6E1 | SHA256:A465B24E9D94B2CCC53B87273D8BAD863D5DA5B3DCA2B96F1B34BDFFB8EF32DE | |||
3068 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf | text | |
MD5:48DD6CAE43CE26B992C35799FCD76898 | SHA256:7BFE1F3691E2B4FB4D61FBF5E9F7782FBE49DA1342DBD32201C2CC8E540DBD1A | |||
3180 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1 | der | |
MD5:C2E141686C173076D591CFA9628B3E2B | SHA256:E5A0B0826CDE2AAF551F24647C0BC6638C51277FEB9B72805E56788CFE513B4E | |||
3180 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D93C575AD9E9AF9B95268A3CB953B5A1 | binary | |
MD5:A7A4B48FAEF4CF35C05B2C0E41C11451 | SHA256:1575385FE9366429AEAB20E312B72DB9BFA4024F667AB1D6433DBA415798231F | |||
3180 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231 | der | |
MD5:E356DB3F801304807A3F406E52E876EF | SHA256:FAD64279E584B00211F710053DB32E40FE67548335F9A5FE4AAADA18EB7173ED |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3180 | iexplore.exe | GET | 304 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D | US | der | 471 b | whitelisted |
3180 | iexplore.exe | GET | 200 | 23.37.43.27:80 | http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D | NL | der | 1.71 Kb | shared |
3180 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://status.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFvn094QJ%2BcWGTwWWEy%2BBXPZkW8AQUo8heZVTlMHjBBeoHCmpZzLn%2B3loCEA53cAOejRmtccb8jN4MVZM%3D | US | der | 471 b | whitelisted |
3180 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJaiu8Zb34NbCEEshrmcCs%3D | US | der | 471 b | whitelisted |
3180 | iexplore.exe | GET | 200 | 23.37.43.27:80 | http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D | NL | der | 1.71 Kb | shared |
3180 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA9bw6F2y3ieICDHiTyBZ7Q%3D | US | der | 1.47 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJaiu8Zb34NbCEEshrmcCs%3D | US | der | 471 b | whitelisted |
3180 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D | US | der | 471 b | whitelisted |
3180 | iexplore.exe | GET | 410 | 34.238.141.30:80 | http://login.mailcenter-alert.com/test_ffd563d352?l=64 | US | html | 1.61 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://status.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSFvn094QJ%2BcWGTwWWEy%2BBXPZkW8AQUo8heZVTlMHjBBeoHCmpZzLn%2B3loCEA53cAOejRmtccb8jN4MVZM%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 23.37.43.27:80 | s.symcd.com | Akamai Technologies, Inc. | NL | whitelisted |
3180 | iexplore.exe | 173.194.76.157:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
3180 | iexplore.exe | 13.35.253.17:443 | d25q7gseii1o1q.cloudfront.net | — | US | suspicious |
— | — | 34.238.141.30:80 | login.mailcenter-alert.com | Amazon.com, Inc. | US | unknown |
3068 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
3180 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3180 | iexplore.exe | 172.217.21.206:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
— | — | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3180 | iexplore.exe | 216.58.210.4:443 | www.google.com | Google Inc. | US | whitelisted |
3180 | iexplore.exe | 216.58.206.3:443 | www.google.fi | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
urldefense.com |
| shared |
ocsp.digicert.com |
| whitelisted |
status.thawte.com |
| whitelisted |
login.mailcenter-alert.com |
| unknown |
d25q7gseii1o1q.cloudfront.net |
| shared |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
s.symcd.com |
| shared |
www.google-analytics.com |
| whitelisted |