File name: | Attachment.eml.rar |
Full analysis: | https://app.any.run/tasks/cf270164-a155-440c-b203-968af1491a54 |
Verdict: | Malicious activity |
Analysis date: | March 30, 2020, 14:55:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | AB2F520654FBE5475F58F4E7574E9103 |
SHA1: | 62B113BA54BD250F3888E5D8192B762B4627C6E0 |
SHA256: | 85275D94B227A1EBA5070716CE800FDAA50850DEE2AA47207DFD1F225D455CE4 |
SSDEEP: | 6144:C9E6y5Y36k65OHqfaTyGWwX8GPvuqqpks48JicaFwVVjlNbZAXl:C9+Y3v65OKfaRRZ924HHqVlM |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2952 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Attachment.eml.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2868 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Rar$DIb2952.49882\Attachment.eml.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
3928 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\9GGNTI05\pdf.iso" | C:\Program Files\WinRAR\WinRAR.exe | — | OUTLOOK.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2868 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR22ED.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2868 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\9GGNTI05\pdf (2).iso\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
2868 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:6A94F93742006FF3162B1EF2B181B569 | SHA256:37002E62BE4B5C057AA00D1BDDC914003C4CEBB9DCD403241E0BAC3415D3D422 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb2952.49882\Attachment.eml.msg | msg | |
MD5:E3D30567608AE6F30FF125178B01B085 | SHA256:098A4A25A0FF56E3CFCD5CEA167428B432725DD873E27BB252D148C221FD84C1 | |||
2868 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\9GGNTI05\pdf.iso | compressed | |
MD5:EAF9064591FBC41EA4F761C0FB0BD5C1 | SHA256:5A36AC00BD4DA98CDA282CE51A3ECC070A5E37C03154F415016B64735BE11A8B | |||
2868 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:54E554DA1A6988AA3B450942690BB78B | SHA256:19E928C462605315D7F35F59B98B5A1627A44D937A9A804C32CCBA97A035BB09 | |||
2868 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E5BA2E52.dat | image | |
MD5:4C3C78777AAEA7D0478023ED23DACE43 | SHA256:6C186159E829A0BB0B91F990DB1662E9787DF79B3E60A5B21E81CA62B74B425B | |||
2868 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5EEB062B.dat | image | |
MD5:8CB436747EFBE45A26ECD353A360BE0F | SHA256:2F48DD8AFB5D0BD6C6DC74C4CC32166CD8F7383CDC2B362946F108C15CCAC656 | |||
2868 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\9GGNTI05\pdf (2).iso | compressed | |
MD5:EAF9064591FBC41EA4F761C0FB0BD5C1 | SHA256:5A36AC00BD4DA98CDA282CE51A3ECC070A5E37C03154F415016B64735BE11A8B | |||
2868 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FCF0DBDC-FAD5-4788-9BC6-FFCF59496E53}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png | image | |
MD5:4C61C12EDBC453D7AE184976E95258E1 | SHA256:296526F9A716C1AA91BA5D6F69F0EB92FDF79C2CB2CFCF0CEB22B7CCBC27035F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2868 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2868 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |