File name: | 5 Incontro giuriaNotaio Mariconda per definizione ultima short list (rosa di 3 nomi) - prima del.msg |
Full analysis: | https://app.any.run/tasks/7175a52a-1c31-4b28-8354-22e271edaaae |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 08:16:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | FB78F2278FE793B947B31E5B5B25BCA2 |
SHA1: | 09F0C2E09756A890D4FDAEABCF4ED9245440CAAD |
SHA256: | 7795AE7F14DECB1F62D12D4BAFA8A67FB42895B12023BFE1961F469FA8912420 |
SSDEEP: | 3072:vFxjPmHRaTjkSU7khyGhy8ccH+mDARoPTlEq1yAgfNvYZ1an:phyGhy47 |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2956 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\5 Incontro giuriaNotaio Mariconda per definizione ultima short list (rosa di 3 nomi) - prima del.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 | ||||
1780 | "C:\Program Files\Internet Explorer\iexplore.exe" https://teams.microsoft.com/l/meetup-join/19%3ameeting_MjYwYWQ1OGItYTNmNy00NzFlLTgxNDUtZjkyZDYwYjZhMzI5%40thread.v2/0?context=%7b%22Tid%22%3a%22d2a717e0-5630-4111-9863-be69529bd704%22%2c%22Oid%22%3a%229ca432ec-5aeb-42db-8094-924c6a0a2d6e%22%7d | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
328 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1780 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1836 | "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/JoinTeamsMeeting | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2308 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1836 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3504 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2956 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRD0E3.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2956 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
2956 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:DC1299CC8FC2421D13E9DC0E53B07373 | SHA256:DB043BCAC88D83D5A2713FEFD6EA8995029D481FB764E11C0FAE7743D91F069F | |||
328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:1E59DA967E5251FB6363E91677C70153 | SHA256:CA59967EDB1115006D498632F34F0B7082C5A17DC5BBE98293CD4708E21BFE88 | |||
328 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBP1FLK9.txt | text | |
MD5:F095770F8D34A55BAF1708CC5806F735 | SHA256:1C5245E3DF71C910248B2659BC7A5E30A787D1359CA3C5A1B6EF442C3DE96415 | |||
328 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\launcher[1].htm | html | |
MD5:07A0055AF2D02B2DC9E13C15BE841745 | SHA256:645B54944302604486806705360DCA659C93E9701E0F4D1E40AD95E85B4578E2 | |||
328 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\JMPLCWCC.txt | text | |
MD5:7FEFD6508F0252D80096EA62C3FEC70C | SHA256:55683AD8549544C8AAB095A4E3C797F0A30B09752F05D862D4ED516B28CD02AA | |||
2956 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_D0E501DCAC934943B006ED33BD648FD2.dat | xml | |
MD5:EEAA832C12F20DE6AAAA9C7B77626E72 | SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16 | |||
328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:3335C25B08EC75374EC203CF6BBA12DE | SHA256:7FEC2FC70B801F2725313B1DE2C772AD934D2D1C6FB47BF4EE4E619C732086E5 | |||
2956 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_FC72BBC758D349499BD296AD73C2A45C.dat | xml | |
MD5:F194B1FA12F9B6F46A47391FAE8BEEC2 | SHA256:FCD8D7E030BE6EA7588E5C6CB568E3F1BDFC263942074B693942A27DF9521A74 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2956 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
2308 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
1780 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/Omniroot2025.crl | US | der | 7.78 Kb | whitelisted |
2308 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2308 | iexplore.exe | GET | 200 | 104.18.25.243:80 | http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSjA8CoiHvUecQnjrXXWH08EsBNpAQU%2Fy9%2F4Qb0OPMt7SWNmML%2BDvZs%2FPoCEy0ALY0AlzE8ptxT6YwAAAAtjQA%3D | US | der | 1.70 Kb | whitelisted |
328 | iexplore.exe | GET | 200 | 23.216.77.80:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b75d0ed168bcb374 | US | compressed | 4.70 Kb | whitelisted |
328 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2308 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
2308 | iexplore.exe | GET | 200 | 104.18.25.243:80 | http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRSHuNsR4EZqcsD%2BrdOV%2BEZevGBiwQUtXYMMBHOx5JCTUzHXCzIqQzoC2QCExIAGiYjg1TzdHbEebAAAAAaJiM%3D | US | der | 1.70 Kb | whitelisted |
2308 | iexplore.exe | GET | 200 | 104.18.25.243:80 | http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSjA8CoiHvUecQnjrXXWH08EsBNpAQU%2Fy9%2F4Qb0OPMt7SWNmML%2BDvZs%2FPoCE38AFQsnzSkNiNTIkrwAAAAVCyc%3D | US | der | 1.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2956 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
1780 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1780 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
328 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
328 | iexplore.exe | 40.79.150.121:443 | browser.pipe.aria.microsoft.com | Microsoft Corporation | FR | suspicious |
328 | iexplore.exe | 23.216.77.80:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
328 | iexplore.exe | 52.113.194.132:443 | teams.microsoft.com | Microsoft Corporation | US | suspicious |
2308 | iexplore.exe | 23.72.109.242:443 | aka.ms | Akamai International B.V. | US | malicious |
2308 | iexplore.exe | 23.205.226.107:443 | support.office.com | GTT Communications Inc. | NL | unknown |
2308 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
teams.microsoft.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
statics.teams.cdn.office.net |
| whitelisted |
crl3.digicert.com |
| whitelisted |
browser.pipe.aria.microsoft.com |
| whitelisted |
aka.ms |
| whitelisted |