File name: | message (32).eml |
Full analysis: | https://app.any.run/tasks/314c6966-29b8-427a-a894-83168d748653 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 16:24:52 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators |
MD5: | EF21F3FA6F64FC478A76E0CF8A1F7E2D |
SHA1: | B1A64FB66770B5E10D661933EE94699ED7AF6B6F |
SHA256: | 86A89A85B23C8D43C2535030CCF6CD3B276FA463BC7AEC639B1080198A09F09F |
SSDEEP: | 3072:pzcM6W8I4WM8TcV8nSW1Tw/4DN5ICoAG8k8q1u:pzcM6ANTm4DzoJ84u |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3476 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\message (32).eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
1432 | "C:\Program Files\Internet Explorer\iexplore.exe" https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.dropbox.com%2Fscl%2Ffi%2Fwg2u64p9gg53bcda16gzd%2FYou-have-been-invited-you-to-view-the-folder-%25E2%2580%259CPO48993_49110%2522.paper%3Fdl%3D0%26rlkey%3Drls1740uy7srqs62ao8k12usp&data=05%7C01%7Cabigail.vanek%40assaabloy.com%7Ca9d0992d46dd4690db7a08da7c7aa88c%7Cf0bdc1c951484f86ac40edd976e1814c%7C0%7C0%7C637959163500127851%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3tmBFSe%2FdSVuMMPRNEZXXEZBVIS79HEA6iqXhE6X9m8%3D&reserved=0 | C:\Program Files\Internet Explorer\iexplore.exe | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3228 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1432 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3476 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRD576.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3476 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
3476 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:2C096D1B1197BB2B80EC8FBCC82C9A61 | SHA256:77E6680A567EC4923AB4917F463C0E373A254B71212C48DE4729EE132E5134E9 | |||
1432 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{5ABEFACC-1A5B-11ED-8C90-12A9866C77DE}.dat | binary | |
MD5:FDC5A8930107A6E91ADE23179CD7D500 | SHA256:98F97FECACA7379F59013E85BA9CD2A2B91455C4A205E23314C992DF256BC2CC | |||
3476 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_0F4E5D4D2EC63D499377E8DDECBB22EB.dat | xml | |
MD5:B21ED3BD946332FF6EBC41A87776C6BB | SHA256:B1AAC4E817CD10670B785EF8E5523C4A883F44138E50486987DC73054A46F6F4 | |||
1432 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF02429B0953C8E6BE.TMP | gmc | |
MD5:9F40BD0B054E107DFE6A331D3D050C6C | SHA256:95BD445237E42ED04D53817C786131149B5097F2C69AE2BC545DFF1C0181198A | |||
3476 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:3ACEFE4A931AC8B5860474451757BF15 | SHA256:906794B9B500E37E1754D465EFB8C1C1BE167FCD901ABB22B91BFAC8A0ECDF83 | |||
1432 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{5ABEFACB-1A5B-11ED-8C90-12A9866C77DE}.dat | binary | |
MD5:C88FC288C089177A2A36AA29FC70CD36 | SHA256:46877117CC254040AF402A045F6B3AAC9D6904781C6027E57F26228D5DB70242 | |||
1432 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.dat | binary | |
MD5:A20EA53095CAF3CC82DB817EEFCBBEC3 | SHA256:3BE49E16CCD07476C2F192231342FC30509C3FF8156E54D681A09FCE43A773BE | |||
1432 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFC7CCC565641CAAB5.TMP | gmc | |
MD5:E8E91B440F068D9A4C2C03F306254D37 | SHA256:96B1708BE93854BF82B7F904C4E9FA4C01E59F213DED244CF8B7291294FDFF68 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3476 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
3228 | iexplore.exe | 104.47.56.28:443 | nam02.safelinks.protection.outlook.com | Microsoft Corporation | US | suspicious |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
nam02.safelinks.protection.outlook.com |
| whitelisted |