File name: | RV IMPORTANTE LA FISCALIA GENERAL DE LA NACION LE HACE EL ULTIMO LLAMADO A INTERROGATORIO.msg |
Full analysis: | https://app.any.run/tasks/96d1e868-35b0-43ad-8fcc-8cf5800e6ec5 |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 19:40:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 0A454452DCBD5E58AC5C33A2106693DC |
SHA1: | E0D9A916EAE66CD750E74EF0343C8EB2F228BB2C |
SHA256: | 511ED8C5EAF4E7567827D3994FA4B194E34EF4B7BAA4E6CEF524D95BF8786D03 |
SSDEEP: | 3072:wIOdNVMZnybfkb4Xaa46W7p2mtxqoHmjwtEytYOvKgy7BT12F:ienp4X5462dBGjwtDYelAM |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3184 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\RV IMPORTANTE LA FISCALIA GENERAL DE LA NACION LE HACE EL ULTIMO LLAMADO A INTERROGATORIO.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
2964 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\88TKN8O3\Citacion Fiscalia general de la Nacion Proceso 305351T.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | OUTLOOK.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2856 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Rar$DIb2964.13820\Citacion Fiscalia general de la Nacion Proceso 305351T.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3352 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3184 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRD02.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3184 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\88TKN8O3\Citacion Fiscalia general de la Nacion Proceso 305351T (2).rar\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
2856 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9671.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2856 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_80B98C90-FF24-488F-AEB6-5CB4F5159163.0\75D1AED1.doc\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
3352 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_80B98C90-FF24-488F-AEB6-5CB4F5159163.0\D83CFA48.png | — | |
MD5:— | SHA256:— | |||
3352 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_80B98C90-FF24-488F-AEB6-5CB4F5159163.0\E20C7F96.png | — | |
MD5:— | SHA256:— | |||
3184 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:6F4CD09FF95BC7F487D4CEDE30B67D5D | SHA256:67047AE95C025F22748ED423386EB53C922033A1155F7C1EDA1E5E5A9C5606B7 | |||
2964 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb2964.13820\Citacion Fiscalia general de la Nacion Proceso 305351T.doc | text | |
MD5:E3050E63631CCDF69322DC89BF715667 | SHA256:BB513C3AD2340E8A4A395453273C72041C070FAFD31427ACEAA1A6538D9F0E91 | |||
2856 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\99B6269E.png | — | |
MD5:— | SHA256:— | |||
2856 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Rar$DIb2964.13820\~$tacion Fiscalia general de la Nacion Proceso 305351T.doc | pgc | |
MD5:376F21D208857241C310E062E789A88E | SHA256:78F50ED60608CEA11FD2EE1CD91247379126F02F02966E7F83E76D9722C85292 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3184 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
dns.msftncsi.com |
| shared |
ismaboli.com |
| malicious |