File name: | FW ACH Ref 61028374 MT103 Customer Ref.msg |
Full analysis: | https://app.any.run/tasks/da444e2e-5337-4c40-92b8-f6e39dfbc4e5 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 22:22:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 4BD7DF6EF44AC39071F0FA8E69503B17 |
SHA1: | 395CC3D228362BE917A1A2921D125CE761E7506B |
SHA256: | 81BA327A0C7919D26CFEDBAAE92560810D1C8CF516174E61AC8182A6F9440C4D |
SSDEEP: | 1536:iJ6pKDEahIp/WeWIWJdWeWoWgpjG5ZhWXsWUq2QA/VSmD5ZqtJN/IW5f03PCjgzE:UEa2p09ppcqMpDrqqW5KCj6ejASv |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2840 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\FW ACH Ref 61028374 MT103 Customer Ref.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
2376 | "C:\Program Files\Internet Explorer\iexplore.exe" http://bit.ly/2YCREMIT | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2816 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2376 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVREABC.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3EA8CB5E.dat | image | |
MD5:54EE72AABDA42241EE0662DAF4B33495 | SHA256:E9E017D87093F3A37FC8839626E014A28394962F927997E1111C83B2605B2DA2 | |||
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4BC7C7C7.dat | image | |
MD5:A5F0BC7076564213803E743477AA7127 | SHA256:7507B6D29695D3B64E8D9C1B6F7C43C44EFA9699F1323D538290329719557D1E | |||
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\11F8BCD0.dat | image | |
MD5:49080D1763E7D884883B82BB3642D47B | SHA256:F75C8C915675D345F224EB58E3CDC003078F9F5CA5CBB53A7D74A82412706C59 | |||
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\64168603.dat | image | |
MD5:66520B0BF0B2426768524C209EE0E3CF | SHA256:E650C94ACF8FF197FE63674E4358E7AAC26EF71FBA038DC252BCB969610B461D | |||
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:FC7A452123D92826657D84A4DB282B99 | SHA256:CDF0498165FDFE45E5F1B71B3C50CB6285DC02EB1962A9F17C7BE89FF48125B5 | |||
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\752C7691.dat | image | |
MD5:AB3B81178D7CC5ED29BA56442C2EF9D5 | SHA256:F19E3F1E13E53DD2099FDBF7E8988C20FA7E127F8DFA4EA4E996C46F46F2670E | |||
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F52D6F1C.dat | image | |
MD5:84AF984A7589AA5312F26D02F4982918 | SHA256:6169DC87F54888B26863A088D3C9FF3CEA47D4F2DDEE84329B67F407B0811DDE | |||
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\674FCC6D.dat | image | |
MD5:3E9B2C2F3B0640DFE1BB82E6B3779E48 | SHA256:445A72992078A4E729BC4A73A4775182E2A6F6A43B53C21D92009569D665206D | |||
2840 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\24D50028.dat | image | |
MD5:B067C4F9847185A4C56EAC50FE36FC8F | SHA256:5149902F4830E22AE874E1904C75EBA06C8820286B2529AAD89492B79B628767 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2840 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
2816 | iexplore.exe | GET | 301 | 67.199.248.10:80 | http://bit.ly/2YCREMIT | US | html | 218 b | shared |
2376 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2376 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2816 | iexplore.exe | 67.199.248.10:80 | bit.ly | Bitly Inc | US | shared |
2816 | iexplore.exe | 13.107.136.9:443 | agzagope-my.sharepoint.com | Microsoft Corporation | US | whitelisted |
2376 | iexplore.exe | 13.107.136.9:443 | agzagope-my.sharepoint.com | Microsoft Corporation | US | whitelisted |
2840 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
2816 | iexplore.exe | 2.19.34.64:443 | static.sharepointonline.com | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
bit.ly |
| shared |
www.bing.com |
| whitelisted |
agzagope-my.sharepoint.com |
| suspicious |
static.sharepointonline.com |
| whitelisted |