File name: | phish_alert_sp2_2.0.0.0.eml |
Full analysis: | https://app.any.run/tasks/2debefe0-4522-4496-bba2-6cb52496dd71 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 17:06:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with CRLF line terminators |
MD5: | AFA64A06E10B06B02A90FBF4A0F8C290 |
SHA1: | B97E23AB5EA7BA63A223FFB8B23904E8F4E3F5A3 |
SHA256: | 6ECF8FF6074DEFF578ED823AC058218E8BC41DC5EBDD09FCDDB7F70729A29D04 |
SSDEEP: | 24576:hi/PkKtmICsbLEm6eLRuUHDvKC6KC37pVBKA2tk5KBpXKiB1bA74ocQ27XlRauGv:jWRu12AWBVQjGjaUSeu/Hh |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2944 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
3768 | "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\LXDIXIQ0\audio.mp3" | C:\Program Files\VideoLAN\VLC\vlc.exe | OUTLOOK.EXE | |
User: admin Company: VideoLAN Integrity Level: MEDIUM Description: VLC media player Exit code: 0 Version: 3.0.11 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2944 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRDA3A.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2944 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
2944 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:25AA296942565D1C59B685A081AFB367 | SHA256:683172FE2E6A8DDC484152FC3A20AF05CD56179F345941E9E4D9B77FC845E46A | |||
2944 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\tmpDBC1.tmp | binary | |
MD5:6B452C27C644605E727DE9C86B92D5B7 | SHA256:D2183DC899D91784BB8DD3D0C3C1DE8267FDC52B71F9C13BFF5CFC11D865B37B | |||
2944 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\LXDIXIQ0\audio.mp3 | mp3 | |
MD5:845E4D01F02EABBD7AE368786C3CBBF4 | SHA256:AD6815E5122B208CAE4CD7450A39B2AB6F5276BE05DC68F65A2A22C994F1D367 | |||
3768 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\ml.xspf | — | |
MD5:— | SHA256:— | |||
3768 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Hp3768 | ini | |
MD5:EEFD29F781ACDB1BEFD6B98B576B8CE5 | SHA256:740D5CB34C2C92432D5FFCA3E2C5FC6B0F7D276844F6CD8CD46D2914A0497BAF | |||
2944 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:FB82572AAF9C4A7CD2D6563920D36505 | SHA256:FEFFEE33B34650810EA491F7D8188A978AF09A99E9960809814899B8F43D8D40 | |||
2944 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\LXDIXIQ0\audio (2).mp3 | mp3 | |
MD5:845E4D01F02EABBD7AE368786C3CBBF4 | SHA256:AD6815E5122B208CAE4CD7450A39B2AB6F5276BE05DC68F65A2A22C994F1D367 | |||
3768 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini | ini | |
MD5:EEFD29F781ACDB1BEFD6B98B576B8CE5 | SHA256:740D5CB34C2C92432D5FFCA3E2C5FC6B0F7D276844F6CD8CD46D2914A0497BAF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2944 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2944 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
Process | Message |
---|---|
vlc.exe | main libvlc debug: VLC media player - 3.0.11 Vetinari
|
vlc.exe | main libvlc debug: Copyright © 1996-2020 the VideoLAN team
|
vlc.exe | main libvlc debug: revision 3.0.11-0-gdc0c5ced72
|
vlc.exe | main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=i686-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x86/contrib/i686-w64-mingw32/lib/pkgconfig'
|
vlc.exe | main libvlc debug: using multimedia timers as clock source
|
vlc.exe | main libvlc debug: min period: 1 ms, max period: 1000000 ms
|
vlc.exe | main libvlc debug: searching plug-in modules
|
vlc.exe | main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
|
vlc.exe | main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
|
vlc.exe | main libvlc error: stale plugins cache: modified C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll
|