File name: | FW E Document studio-insite.msg |
Full analysis: | https://app.any.run/tasks/2c5d6a27-46c1-4deb-b207-48f242d82851 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 15:14:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 32A0AA0F1C5AF96A4D15CC4362D3BB48 |
SHA1: | 81B027E6E875FE2E5F8E2BAB975BD8477695417C |
SHA256: | 5FA1A6E222E0A9A7461B6F75B370D7614FE91AC9653A7B59F06EC639A9EDA76A |
SSDEEP: | 3072:iK3ytIpAl15Se6oD9PsP3lVl3vSbsN/6a6HIiE:i/IxVlIswbBE |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3384 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\FW E Document studio-insite.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
1968 | "C:\Program Files\Internet Explorer\iexplore.exe" https://paloduro.sharepoint.com/:b:/s/studio-insite/ER5tsUR0HDVMoaR8X4AiD5IBVKHRF4-nV69yyUdE-Bb8Qw?e=9vryex | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3480 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1968 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRDF2.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\47F03189.dat | image | |
MD5:12DFFF1D4B3FC09564D733CF5B1FDC09 | SHA256:4541C4D363AF1B7C46F731BBF4F8ABD63D2433BD3968247D50359C4F16C8C662 | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1F1EF174.dat | image | |
MD5:A6EA09613EB06BE95D320BB0A52BE71B | SHA256:C3AC3FC677F8C9CAF970F79463BF3D2C6EC9B214583FFBE7D55D55B34F1A98D5 | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\86D53C00.dat | image | |
MD5:66520B0BF0B2426768524C209EE0E3CF | SHA256:E650C94ACF8FF197FE63674E4358E7AAC26EF71FBA038DC252BCB969610B461D | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\315019F6.dat | image | |
MD5:B942CB495873961DA6DBBF40BF8F3344 | SHA256:391195A4397DB0BB190067CBE4D8739C793BB5CE0B91E72D06162A5FC0A9281E | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7D1A7AE5.dat | image | |
MD5:84AF984A7589AA5312F26D02F4982918 | SHA256:6169DC87F54888B26863A088D3C9FF3CEA47D4F2DDEE84329B67F407B0811DDE | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf | text | |
MD5:48DD6CAE43CE26B992C35799FCD76898 | SHA256:7BFE1F3691E2B4FB4D61FBF5E9F7782FBE49DA1342DBD32201C2CC8E540DBD1A | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F46F557F.dat | image | |
MD5:54EE72AABDA42241EE0662DAF4B33495 | SHA256:E9E017D87093F3A37FC8839626E014A28394962F927997E1111C83B2605B2DA2 | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8FD6D33B.dat | image | |
MD5:2744BAA8F1285BEA0DD6E0E183DF9945 | SHA256:994E69276C618F53B604DC80A7B7C001E9D60865891DE40702B5FE542A895C12 | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E7AC7BA2.dat | image | |
MD5:3E9B2C2F3B0640DFE1BB82E6B3779E48 | SHA256:445A72992078A4E729BC4A73A4775182E2A6F6A43B53C21D92009569D665206D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3384 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
1968 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1968 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3384 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
3480 | iexplore.exe | 13.107.136.9:443 | paloduro.sharepoint.com | Microsoft Corporation | US | whitelisted |
1968 | iexplore.exe | 13.107.136.9:443 | paloduro.sharepoint.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
paloduro.sharepoint.com |
| suspicious |
www.bing.com |
| whitelisted |