File name: | FW E Document studio-insite.msg |
Full analysis: | https://app.any.run/tasks/86cd4b1a-87f9-4e85-8ccf-a40786b0c38c |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 15:08:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 32A0AA0F1C5AF96A4D15CC4362D3BB48 |
SHA1: | 81B027E6E875FE2E5F8E2BAB975BD8477695417C |
SHA256: | 5FA1A6E222E0A9A7461B6F75B370D7614FE91AC9653A7B59F06EC639A9EDA76A |
SSDEEP: | 3072:iK3ytIpAl15Se6oD9PsP3lVl3vSbsN/6a6HIiE:i/IxVlIswbBE |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1892 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\FW E Document studio-insite.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
3816 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 | ||||
2480 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1892 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR3E93.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3816 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR6FA5.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2480 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRBBB2.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1892 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:DC66986D820E0297A8EF7BE561F0B5F7 | SHA256:2F3613480555595D9ACF244BDD36AB4712F07AEFA61F6E28C25CA53E145EBF59 | |||
1892 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8C9556BF.dat | image | |
MD5:B942CB495873961DA6DBBF40BF8F3344 | SHA256:391195A4397DB0BB190067CBE4D8739C793BB5CE0B91E72D06162A5FC0A9281E | |||
1892 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DFBE487B.dat | image | |
MD5:3E9B2C2F3B0640DFE1BB82E6B3779E48 | SHA256:445A72992078A4E729BC4A73A4775182E2A6F6A43B53C21D92009569D665206D | |||
1892 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EEFD1036.dat | image | |
MD5:12DFFF1D4B3FC09564D733CF5B1FDC09 | SHA256:4541C4D363AF1B7C46F731BBF4F8ABD63D2433BD3968247D50359C4F16C8C662 | |||
1892 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1CCC81B4.dat | image | |
MD5:54EE72AABDA42241EE0662DAF4B33495 | SHA256:E9E017D87093F3A37FC8839626E014A28394962F927997E1111C83B2605B2DA2 | |||
1892 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9CA44E25.dat | image | |
MD5:A6EA09613EB06BE95D320BB0A52BE71B | SHA256:C3AC3FC677F8C9CAF970F79463BF3D2C6EC9B214583FFBE7D55D55B34F1A98D5 | |||
1892 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\418DB040.dat | image | |
MD5:2744BAA8F1285BEA0DD6E0E183DF9945 | SHA256:994E69276C618F53B604DC80A7B7C001E9D60865891DE40702B5FE542A895C12 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1892 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1892 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |