File name: | Jessy from SJ Vet China (13.4 KB).msg |
Full analysis: | https://app.any.run/tasks/cb34418d-aae7-4201-a871-72614c204a8d |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 19:33:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | AE5EA07D1DD3A4F4F09E29847F472400 |
SHA1: | CA61D9682313E2BBC1987E1E0EB12F1B6840B8FE |
SHA256: | 607D5C050C77B8F588627F72BE626D67AF5A9E2F9CBB10AB07A31E68D5305185 |
SSDEEP: | 384:8OTbAcevtYLQoTd2tzGFFzYmAVlgFwfBNDNhYEUs9PbtEDToPkxlNwl7anKKuSWa:8OivmLPQBNDNhTUsFyZgl7ac3MYn70N |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3048 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\Desktop\Jessy from SJ Vet China (13.4 KB).msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.4760.1000 | ||||
2264 | "C:\Program Files\Internet Explorer\iexplore.exe" https://sxsuje.com/ | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1448 | "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:267521 /prefetch:2 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1396 | "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:267533 /prefetch:2 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1660 | C:\Windows\system32\Macromed\Flash\FlashUtil64_27_0_0_187_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil64_27_0_0_187_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe� Flash� Player Installer/Uninstaller 27.0 r0 Version: 27,0,0,187 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3048 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR63EA.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3048 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
3048 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:F3796F03BD19E11727EFA6ADDF327902 | SHA256:6F3344260824FA2ED3A7788D74CB2F82F6B746CDE7259DE5AC7514519FBFB2E7 | |||
3048 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:7B0D9E6D748C73D8FD78B00235D4A9F5 | SHA256:DBA7F7990973FD0F0FBF488FB3EA2F16C9543FA81D2F5B6968CC1E24D90B7689 | |||
1396 | IEXPLORE.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XLWA6BPE\default_9d77dce2[1].css | text | |
MD5:07FE852C4B8C75A090BA9020AD7B1A72 | SHA256:05F80F1B693CDBCB40DDBBAAFED1D09C4A0BDF854EB27C658B028EBD1B54C374 | |||
1396 | IEXPLORE.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\IF5NHPDD.txt | text | |
MD5:7D829177DDDB3B6F7280EA57A1690736 | SHA256:1384E7EDDE1E36220C50D3105FA4F9A85A94EDD9C153F79B80813AE3A59C135E | |||
3048 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_D161B0A728E1AA47B734315768DDF8AB.dat | xml | |
MD5:EC8CA8C4D9E4B21BF1DBC33B4FD27816 | SHA256:B1230E47FEE2A9F664C82C590C242F764D50C542F8F773254B6CEAC9145F50EF | |||
1396 | IEXPLORE.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UJFUX3OG\BANVPNYT.htm | html | |
MD5:50F6147ECCB7A1F28B2C7E853999667E | SHA256:BD340840C1B7762542D72DC9BA01A61E74B27C4EEF1EE99D2A167E469C790F2A | |||
1396 | IEXPLORE.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YKOMFGF.txt | text | |
MD5:EBBA2ED8876644D636AB2EFC6FE54A47 | SHA256:7C8E5745D5A51564385BF018E39D8CD96F94CD2C71D76C4292BC591913879E28 | |||
1396 | IEXPLORE.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HMWGQD5Z.txt | text | |
MD5:B062DB0E78FD889C6E7527A8E8D18F49 | SHA256:6A94C2DE53C3FF2F21A47AAD93E8242167A930CBB1BA8A80C2BC83BDCA64E526 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3048 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
1396 | IEXPLORE.EXE | GET | 200 | 2.16.106.186:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?428ce02c5e9a1523 | unknown | compressed | 59.9 Kb | whitelisted |
1396 | IEXPLORE.EXE | GET | 200 | 104.18.11.39:80 | http://cacerts.digicert.com/DigiCertGlobalRootG2.crt | US | der | 914 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2264 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1396 | IEXPLORE.EXE | 2.16.187.56:443 | stat.made-in-china.com | Akamai International B.V. | — | whitelisted |
3048 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
1396 | IEXPLORE.EXE | 2.16.186.131:443 | sxsuje.en.made-in-china.com | Akamai International B.V. | — | whitelisted |
2264 | iexplore.exe | 2.16.186.131:443 | sxsuje.en.made-in-china.com | Akamai International B.V. | — | whitelisted |
1396 | IEXPLORE.EXE | 2.16.186.195:443 | www.made-in-china.com | Akamai International B.V. | — | whitelisted |
1396 | IEXPLORE.EXE | 2.16.186.154:443 | www.micstatic.com | Akamai International B.V. | — | whitelisted |
1396 | IEXPLORE.EXE | 172.217.16.142:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
1396 | IEXPLORE.EXE | 172.217.16.136:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
1396 | IEXPLORE.EXE | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
sxsuje.com |
| unknown |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
sxsuje.en.made-in-china.com |
| suspicious |
www.micstatic.com |
| whitelisted |
stat.made-in-china.com |
| suspicious |
www.made-in-china.com |
| whitelisted |
pylon.micstatic.com |
| suspicious |
image.made-in-china.com |
| whitelisted |