analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

79195cc577298634d2d1b48aa2187f592b5968b36aa6e0a73c5620565d2f3af0.eml.danger

Full analysis: https://app.any.run/tasks/dfa022ab-2639-469a-8cbe-4e90741a6e5f
Verdict: Malicious activity
Analysis date: August 12, 2022, 14:04:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: message/rfc822
File info: SMTP mail, ASCII text, with very long lines, with CRLF line terminators
MD5:

194BEF7976776CD7C7DD2215AD5BD5F3

SHA1:

E727AEE9AE069F36AAB8713F6AC254BDAF1761A4

SHA256:

79195CC577298634D2D1B48AA2187F592B5968B36AA6E0A73C5620565D2F3AF0

SSDEEP:

6144:M/RAkyw3ME8j5SQlyjjhZH9hRrjzoPmw1:yS7WME8FfujhZVrbw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Checks supported languages

      • OUTLOOK.EXE (PID: 3324)
      • AdobeARM.exe (PID: 2864)
      • Reader_sl.exe (PID: 2268)

    • Reads the computer name

      • OUTLOOK.EXE (PID: 3324)
      • AdobeARM.exe (PID: 2864)

    • Searches for installed software

      • OUTLOOK.EXE (PID: 3324)

    • Executed via COM

      • prevhost.exe (PID: 4028)

    • Application launched itself

      • WINWORD.EXE (PID: 3580)

    • Executable content was dropped or overwritten

      • AdobeARM.exe (PID: 2864)

    • Creates files in the program directory

      • AdobeARM.exe (PID: 2864)

  • INFO

    • Checks supported languages

      • AcroRd32.exe (PID: 1328)
      • prevhost.exe (PID: 4028)
      • AcroRd32.exe (PID: 2292)
      • AcroRd32.exe (PID: 3524)
      • RdrCEF.exe (PID: 1500)
      • AcroRd32.exe (PID: 3724)
      • RdrCEF.exe (PID: 1532)
      • WINWORD.EXE (PID: 3580)
      • RdrCEF.exe (PID: 3440)
      • RdrCEF.exe (PID: 3116)
      • RdrCEF.exe (PID: 2056)
      • WINWORD.EXE (PID: 1236)
      • RdrCEF.exe (PID: 1808)
      • RdrCEF.exe (PID: 2444)
      • RdrCEF.exe (PID: 3468)

    • Reads the computer name

      • prevhost.exe (PID: 4028)
      • AcroRd32.exe (PID: 1328)
      • AcroRd32.exe (PID: 2292)
      • AcroRd32.exe (PID: 3724)
      • RdrCEF.exe (PID: 1500)
      • AcroRd32.exe (PID: 3524)
      • WINWORD.EXE (PID: 3580)
      • WINWORD.EXE (PID: 1236)

    • Reads CPU info

      • AcroRd32.exe (PID: 2292)
      • AcroRd32.exe (PID: 3724)

    • Searches for installed software

      • AcroRd32.exe (PID: 1328)
      • AcroRd32.exe (PID: 2292)
      • AcroRd32.exe (PID: 3524)
      • AcroRd32.exe (PID: 3724)

    • Application launched itself

      • AcroRd32.exe (PID: 1328)
      • AcroRd32.exe (PID: 3524)
      • RdrCEF.exe (PID: 1500)

    • Manual execution by user

      • AcroRd32.exe (PID: 3524)

    • Reads Microsoft Office registry keys

      • OUTLOOK.EXE (PID: 3324)
      • AcroRd32.exe (PID: 3724)
      • AcroRd32.exe (PID: 3524)
      • WINWORD.EXE (PID: 1236)
      • WINWORD.EXE (PID: 3580)

    • Reads settings of System Certificates

      • AcroRd32.exe (PID: 3524)
      • RdrCEF.exe (PID: 1500)
      • AdobeARM.exe (PID: 2864)

    • Checks Windows Trust Settings

      • AcroRd32.exe (PID: 3524)
      • AdobeARM.exe (PID: 2864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 1) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
60
Monitored processes
18
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe prevhost.exe no specs acrord32.exe no specs acrord32.exe no specs acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs winword.exe winword.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs adobearm.exe reader_sl.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3324"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\79195cc577298634d2d1b48aa2187f592b5968b36aa6e0a73c5620565d2f3af0.eml.danger.eml"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Version:
14.0.6025.1000
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft office\office14\outlook.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
4028C:\Windows\system32\prevhost.exe {DC6EFB56-9CFA-464D-8880-44885D7DC193} -EmbeddingC:\Windows\system32\prevhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Preview Handler Surrogate Host
Version:
6.1.7601.17562 (win7sp1_gdr.110217-1504)
Modules
Images
c:\windows\system32\prevhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
1328"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /b /id 4028_1293088567 /if pdfshell_prevf258fb8c-763a-47f7-82ff-b1e298f251c4C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeprevhost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2292"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /b /id 4028_1293088567 /if pdfshell_prevf258fb8c-763a-47f7-82ff-b1e298f251c4C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3524"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\Desktop\BANK SLIP.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Explorer.EXE
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3724"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\Desktop\BANK SLIP.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1500"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
1532"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1072,17037485413862934246,1696119802163570653,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1568017958623079636 --renderer-client-id=2 --mojo-platform-channel-handle=1192 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
3116"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1072,17037485413862934246,1696119802163570653,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=15171155138954557964 --mojo-platform-channel-handle=1212 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\windows\system32\kernel32.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2056"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1072,17037485413862934246,1696119802163570653,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=3752961725070742662 --mojo-platform-channel-handle=1404 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
Total events
28 422
Read events
26 953
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
159
Text files
22
Unknown types
11

Dropped files

PID
Process
Filename
Type
3324OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\CVR4464.tmp.cvr
MD5:
SHA256:
3324OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
MD5:
SHA256:
3324OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.logtext
MD5:2C726EC8A2F6D54DB1C8698C9D344B7A
SHA256:E5B50D34629ECCA6672CDD6487AD01FE0BB6D84B08C975709E0275A697058906
3324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\UD76XLWL\BANK SLIP.pdfpdf
MD5:D0D4B5A1ED023A194D478676D9846112
SHA256:6A06FD6CF886814AFEC199027A9E6A18B44F97273219A7C273F09BB9C11F3CE9
3324OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\tmp45CC.tmpbinary
MD5:C372DD2B7BAD73E416C958E56F967A7D
SHA256:AF7F18A20A21AAD3BED4D2B12779DECF937637A4F456465397150678B5A95E7A
1500RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0binary
MD5:C1225C2FB6C7E8D742E8EF95BC1DC915
SHA256:1B5BD13CC4A754CFDB6CF3C5352B8FD692A8E1210DAA9EBF301D174B5F1B3146
3324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\UD76XLWL\BANK SLIP (2).pdfpdf
MD5:D0D4B5A1ED023A194D478676D9846112
SHA256:6A06FD6CF886814AFEC199027A9E6A18B44F97273219A7C273F09BB9C11F3CE9
3324OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmpgc
MD5:57423799AAC9BDF0B574C74284799438
SHA256:B910E542E8E20F0288D332455B1C4283EB6A78F9B81D17E6C052C1806168DFF5
3724AcroRd32.exeC:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R130my6t_fx61ga_2vg.tmp\has been verified. However PDF, IMG, xls, .docxdocument
MD5:A1500D8F5588BC9BA3952C99276B657D
SHA256:6C21FB87A14EB312683C6026392B61C791C6E2643D4E80162D7326511105E4A3
1500RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0binary
MD5:DAB35CC59F7F0A97D21C71F30A36DA19
SHA256:19E28BC42716B56590AE415B040EA8FF4C8C4C53E8A4420E2E9D226AE7B0703D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3580
WINWORD.EXE
HEAD
301
52.222.236.89:80
http://aws3.link/XLxFAp
US
malicious
3580
WINWORD.EXE
OPTIONS
403
52.222.236.89:80
http://aws3.link/
US
html
1.03 Kb
malicious
3524
AcroRd32.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
3524
AcroRd32.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?27f0a60c6ef682c0
US
compressed
4.70 Kb
whitelisted
3524
AcroRd32.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d950300507103ff0
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3324
OUTLOOK.EXE
64.4.26.155:80
config.messenger.msn.com
Microsoft Corporation
US
whitelisted
1500
RdrCEF.exe
2.18.233.74:443
armmf.adobe.com
Akamai International B.V.
whitelisted
3580
WINWORD.EXE
52.222.236.89:443
aws3.link
Amazon.com, Inc.
US
suspicious
3580
WINWORD.EXE
52.222.236.89:80
aws3.link
Amazon.com, Inc.
US
suspicious
1500
RdrCEF.exe
23.35.236.137:443
geo2.adobe.com
Zayo Bandwidth Inc
US
suspicious
3524
AcroRd32.exe
23.48.23.54:443
acroipm2.adobe.com
TRUE INTERNET Co.,Ltd.
US
suspicious
1500
RdrCEF.exe
52.5.13.197:443
p13n.adobe.io
Amazon.com, Inc.
US
suspicious
892
svchost.exe
2.18.233.74:443
armmf.adobe.com
Akamai International B.V.
whitelisted
3524
AcroRd32.exe
93.184.221.240:80
ctldl.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2864
AdobeARM.exe
23.48.23.39:443
ardownload3.adobe.com
TRUE INTERNET Co.,Ltd.
US
suspicious

DNS requests

Domain
IP
Reputation
config.messenger.msn.com
  • 64.4.26.155
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared
aws3.link
  • 52.222.236.89
  • 52.222.236.124
  • 52.222.236.23
  • 52.222.236.78
malicious
geo2.adobe.com
  • 23.35.236.137
whitelisted
p13n.adobe.io
  • 52.5.13.197
  • 54.227.187.23
  • 52.202.204.11
  • 23.22.254.206
whitelisted
armmf.adobe.com
  • 2.18.233.74
whitelisted
acroipm2.adobe.com
  • 23.48.23.54
  • 23.48.23.34
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
ardownload3.adobe.com
  • 23.48.23.39
  • 23.48.23.25
whitelisted

Threats

PID
Process
Class
Message
3580
WINWORD.EXE
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3580
WINWORD.EXE
Generic Protocol Command Decode
SURICATA Applayer Detect protocol only one direction
3580
WINWORD.EXE
Potentially Bad Traffic
ET INFO TLS Handshake Failure
3580
WINWORD.EXE
Generic Protocol Command Decode
SURICATA Applayer Detect protocol only one direction
892
svchost.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
79195cc577298634d2d1b48aa2187f592b5968b36aa6e0a73c5620565d2f3af0.eml.danger