File name: | Rabies Tag Order form.eml |
Full analysis: | https://app.any.run/tasks/906c551e-f9d4-48e6-803f-3a0d9ed6d988 |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 21:07:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with CRLF line terminators |
MD5: | FF02F39357CE2D4480218D28944FA36C |
SHA1: | 9FB3048E4F05E50B3DDEE4A7AFF70EA5BED649B8 |
SHA256: | 8B2BF9A03AD8DA301AF46F52D04C050A45C397B0E240A55BE6E0BE40A5EAAFE8 |
SSDEEP: | 96:7+R8g+BR8hkU3jUJ5CUe20Dn0wvuTR+fwehzsc4+QYIPYIkIe+8PD4YAuX1b:u5t9vuTRybhzsc9IUL4rQ1b |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1704 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\Rabies Tag Order form.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1704 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRE2F1.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1704 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
1704 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:D50D3129A6A628703645316DC923B9B0 | SHA256:9657839F70A5DC06A88F6245A280EE77A1DCB593BA51BD08513C808A16F03B82 | |||
1704 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_6CF295D2BADE744AA4C133547BBBF6DC.dat | xml | |
MD5:D8B37ED0410FB241C283F72B76987F18 | SHA256:31E68049F6B7F21511E70CD7F2D95B9CF1354CF54603E8F47C1FC40F40B7A114 | |||
1704 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:C909914635888942989B9694ECE42916 | SHA256:4461341A55623440CCA0086B62BDA10375C3A0971BFE4A0E3AE3B94CF9180787 | |||
1704 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF7CCE3B-723F-43D0-A81C-753D6259A2F7}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png | image | |
MD5:4C61C12EDBC453D7AE184976E95258E1 | SHA256:296526F9A716C1AA91BA5D6F69F0EB92FDF79C2CB2CFCF0CEB22B7CCBC27035F | |||
1704 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_80CC8EFDF11D5049B4340799CED6216B.dat | xml | |
MD5:EEAA832C12F20DE6AAAA9C7B77626E72 | SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16 | |||
1704 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_62EF35BE61DD934AA5B39079C482A83C.dat | xml | |
MD5:807EF0FC900FEB3DA82927990083D6E7 | SHA256:4411E7DC978011222764943081500FFF0E43CBF7CCD44264BD1AB6306CA68913 | |||
1704 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_9371FA280FF8EC4A83582C1F07625905.dat | xml | |
MD5:BBCF400BD7AE536EB03054021D6A6398 | SHA256:383020065C1F31F4FB09F448599A6D5E532C390AF4E5B8AF0771FE17A23222AD | |||
1704 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_E940C3D858184743A5211B71AA4E1310.dat | xml | |
MD5:57F30B1BCA811C2FCB81F4C13F6A927B | SHA256:612BAD93621991CB09C347FF01EC600B46617247D5C041311FF459E247D8C2D3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1704 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1704 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |