File name: | asdfg.msg |
Full analysis: | https://app.any.run/tasks/543d6ca8-d13d-4dbb-a3a6-89a562ec151a |
Verdict: | Malicious activity |
Analysis date: | January 17, 2020, 19:25:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 495DEE2968E79EAB4A8C99353B5EA695 |
SHA1: | 5873B0987CC55D53589CCC5BBAA21C3627B3262E |
SHA256: | 4C8E8C3226B723D0A0E7D69EF2A1C4A08756DBA8D3E2D8A1C69B69DA143EFB58 |
SSDEEP: | 24576:k6g66xZ4fUtaqO4G6/eUmIbJ6C8YlJ1nejY:kuoZ4BqO49yS1ej |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3180 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\asdfg.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
408 | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3176 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\NEJDJEGB\text_2.txt | C:\Windows\system32\NOTEPAD.EXE | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRBBA9.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\NEJDJEGB\IMG_5472 (2).jpg\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\NEJDJEGB\IMG_5473 (2).jpg\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\NEJDJEGB\text_2 (2).txt\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:493B922C80D67B70DF7199A52913559A | SHA256:8823223B0B2F4C01F25D9704784D54DB6A9BAADDDFE034436658C760BD98D4E4 | |||
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:94CA35A58210C4EDB590F7F238A1CC43 | SHA256:DC3BC8AFD256F28E1B554472C927AA4C06AE8607BF0C98E4FCA20163AB89A13A | |||
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\NEJDJEGB\IMG_5473.jpg | image | |
MD5:93D650C58875020C24DE3501830D31C5 | SHA256:75CD798DD401C15B3E40EF62FDA2A9FE22C607D7D0CAA5426819BFDEE999D48B | |||
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf | text | |
MD5:48DD6CAE43CE26B992C35799FCD76898 | SHA256:7BFE1F3691E2B4FB4D61FBF5E9F7782FBE49DA1342DBD32201C2CC8E540DBD1A | |||
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\NEJDJEGB\IMG_5472.jpg | image | |
MD5:D0B54E5EB0DC3A0FF9A71DC3F4CE87EA | SHA256:246BC6A60F752CD9A0D28C1B464CF57C080E7DFC8E9DDD74B683F77A265DB038 | |||
3180 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\NEJDJEGB\IMG_5473 (2).jpg | image | |
MD5:93D650C58875020C24DE3501830D31C5 | SHA256:75CD798DD401C15B3E40EF62FDA2A9FE22C607D7D0CAA5426819BFDEE999D48B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3180 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3180 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |