File name: | message - 2022-10-05T095259.698.eml |
Full analysis: | https://app.any.run/tasks/8e9f0c14-e11b-4785-ad11-e810e22a0c12 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 07:53:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 65033C373FBB1690C4A2358D27E2EBC7 |
SHA1: | 8F0C3313CD335A527FC9FE68713989EB407EF7D8 |
SHA256: | 59EC9AEC9DA299A9907FAC095BA8B4EE51858C7AA329E0204368E4A7608208BE |
SSDEEP: | 192:xJlQCQT/jZId+l0YaQun+4MuPJWWhjLnkN:7wjHdazB9jhcN |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3612 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\message - 2022-10-05T095259.698.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
3536 | C:\Windows\system32\prevhost.exe {1531D583-8375-4D3F-B5FB-D23BBD169F22} -Embedding | C:\Windows\system32\prevhost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Preview Handler Surrogate Host Version: 6.1.7601.17562 (win7sp1_gdr.110217-1504) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3612 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRBD18.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3612 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
3612 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\8LZWESUU\text_0 (2).txt | text | |
MD5:BF8E890CD6D2BF2928289F184F68F156 | SHA256:6419A2A155273CB51D4C8ABB7185DFFF114F4045E7585053B3EE5F6B2B2E0D9C | |||
3612 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:218C686E0FE0DB3D8C0631E8FA984F86 | SHA256:0E249444CC55DB559C64AE56FE6D0506ADF2789CB418962BB111F241FD871ACC | |||
3612 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:7C8E075182E4DB674CE4B861A9933164 | SHA256:E995EAE898B6A2D4664BFCC89C2A720EB85881C662C386A558A5627A2D3C99BC | |||
3612 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\8LZWESUU\text_0.txt | text | |
MD5:BF8E890CD6D2BF2928289F184F68F156 | SHA256:6419A2A155273CB51D4C8ABB7185DFFF114F4045E7585053B3EE5F6B2B2E0D9C | |||
3612 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_67DE19D4A61F7948A4C1C3BAE7C2CC23.dat | xml | |
MD5:B21ED3BD946332FF6EBC41A87776C6BB | SHA256:B1AAC4E817CD10670B785EF8E5523C4A883F44138E50486987DC73054A46F6F4 | |||
3612 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\8LZWESUU\text_0.txt:Zone.Identifier | text | |
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B | SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 | |||
3612 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_C7C875626B87004A8C8CC69E9174A390.dat | xml | |
MD5:807EF0FC900FEB3DA82927990083D6E7 | SHA256:4411E7DC978011222764943081500FFF0E43CBF7CCD44264BD1AB6306CA68913 | |||
3612 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_8832640BE6107F40895BABCBC207F629.dat | xml | |
MD5:EEAA832C12F20DE6AAAA9C7B77626E72 | SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3612 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3612 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |