File name: | Still Time to Vote in SHRM's 2023 Board of Directors Election.msg |
Full analysis: | https://app.any.run/tasks/af644870-3f22-48a8-8c37-b434650e5598 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 06:54:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 014A849233CB8E1D0037E04FE3F9BBD9 |
SHA1: | D0D04FE78CB4299726B44FF7B141CB0963ACC84D |
SHA256: | 739E99416EF7CC31BCF33B737FAFC5AC312936404A55317C88BC4C3F4E06FDE9 |
SSDEEP: | 768:dxo8k3+QsKOQkmMSdss4G4IhSna6fYOqQLJ2GsKJsK4UunFn6n4L0uWtWHYfboZ6:Lo8e+QBMS6G4IgJLxjunFn6n4L07 |
.msg | | | Outlook Message (45.3) |
---|---|---|
.oft | | | Outlook Form Template (26.5) |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3492 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Still Time to Vote in SHRM's 2023 Board of Directors Election.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 Modules
| |||||||||||||||
1068 | "C:\Program Files\Internet Explorer\iexplore.exe" https://secure-web.cisco.com/16LEa4_f8dG4T2ZiU92PEwZEPRfuxc0gNhkIjg6kofYL0_BVZsdSHXhvRZdTKXDKXFmuAuyopjz6jmqTx-aNj_zQ9GkXq-PJqPl9Dvnr1VttVNM8Omx_psQBV43ahDlGCc5gN5V5TisEGaaru7v1r1swg1l6957HELqSwBqDrMIPCtVaJERXteCHFImF2JyOCZxXbL0oswNYUVHvDvakMC14f5YOLwYc2N7T68rZHJBt9xm3iPZralVZ1q_HBqUI_r3B9FLlVpR-zTUxADq00qQO_fxHl98k1Sa1zsorGIBFTIELbMkkU2wptIrNA_V5O/https%3A%2F%2Femail.mg.electionservicescorp.com%2Fc%2FeJwdjkGLgzAUhH9NchEkviSad8jB2pQeurBsD3tOYqyCscWkLf33qwsDHzMwwwRd1bVAIUEx2mvpHIOGTpobeZCq5QZRCQOmFcg6rCXnou1kp4hg5tp9_5oD0FEP0FjwAq10qvIoEZptL7hBeORN5eisx5wfifCWwGnT655DGZL_p7_HLUrjuqMPg33OubTpQfjpwgk_hminma462vVjl-UW4rRM5c1G22833kvaF2jW1_PPVwEMoDB7o6gYk7v9A83NQfk | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
368 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1068 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3492 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRDAA6.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3492 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
368 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\263821BCA2CBC5EA0B25012F05788322_41310C887E59D4EB5B8FD9D3DCA2C98D | binary | |
MD5:5F43C0DCF2FFD7FCA9ACE6E9B398BCC4 | SHA256:BBF1126D2017121B1754C3FB6671F3819C944F30284DDC7FC196E8F50EB654C6 | |||
3492 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:BF6207C0D460B1A374FDC198943D6CBA | SHA256:458612B6081F79EED2378142F70B9EA53543B090145AF288E043CADE92990153 | |||
368 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6CFED4E1A8866BE87BE17622BFB4D726_FBADB8F7FD7B56EE191ACF24A8989D94 | binary | |
MD5:B3FDE201BAC6E466FB245200E2ED17CA | SHA256:369C8AA7E1ED4CD3B1BF2C5BEAE565CFF9124776AE7DCC138E3141EE4C6581E4 | |||
368 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\263821BCA2CBC5EA0B25012F05788322_41310C887E59D4EB5B8FD9D3DCA2C98D | der | |
MD5:73EE0DD73E7D14D928A31A5364ACF59E | SHA256:42B0F5967CB61464EAAFF736B457FC3643D2512992E99FC5FAD2BCDF876EEF04 | |||
1068 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | binary | |
MD5:4BBD3FEA95776B424D7C3AB9D5803258 | SHA256:F3D6F2BEDF5CAACE326C81C28AC61895E79793AD8EE61D87C327C55E0CD369F3 | |||
1068 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:B8BDA0B382A7D056A4241B388338B778 | SHA256:7BAA967F6686CCE471826B20FFA5CB7FEB4BF3C5C0BF43F51F08E84EB5850DD2 | |||
3492 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:D074CC2695C2B8B81444DF17DC47269D | SHA256:7BC1BA4FD901CA6771DE1C8AA304D347CA91F6B1F249A9EBC505D898AF6F4E8F | |||
368 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6CFED4E1A8866BE87BE17622BFB4D726_FBADB8F7FD7B56EE191ACF24A8989D94 | der | |
MD5:9097C37DBB0EA77712342D24E8D4B887 | SHA256:5B6AC21CAD44EBBB58B971F460558BD87B6AF328A6540A4829926B32EDBBA336 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3492 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
368 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ea718f22e19009e4 | US | compressed | 60.9 Kb | whitelisted |
368 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?25375bf7f4064e9c | US | compressed | 60.9 Kb | whitelisted |
1068 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1068 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
368 | iexplore.exe | GET | 200 | 2.16.218.170:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOjqBB9JdBmeefTHtyNP0RSdQ%3D%3D | unknown | der | 503 b | shared |
368 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 2.18 Kb | whitelisted |
368 | iexplore.exe | GET | 200 | 172.64.155.188:80 | http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDjmTL5NIrO9%2B84JPrh00LV | US | der | 472 b | whitelisted |
368 | iexplore.exe | GET | 200 | 23.45.105.185:80 | http://x1.c.lencr.org/ | NL | der | 717 b | whitelisted |
368 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3492 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
368 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
1068 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
368 | iexplore.exe | 34.127.83.42:443 | email.mg.electionservicescorp.com | GOOGLE-CLOUD-PLATFORM | US | suspicious |
368 | iexplore.exe | 146.112.255.69:443 | secure-web.cisco.com | OPENDNS | US | suspicious |
1068 | iexplore.exe | 204.79.197.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1068 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
1068 | iexplore.exe | 13.107.21.200:443 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
368 | iexplore.exe | 192.35.177.23:80 | commercial.ocsp.identrust.com | SLC-IDENT-AS | US | unknown |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
secure-web.cisco.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
commercial.ocsp.identrust.com |
| whitelisted |
email.mg.electionservicescorp.com |
| suspicious |
ocsp.digicert.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |