File name: | EXTERNAL New voice message from wireless caller +1-231-384-0498.msg |
Full analysis: | https://app.any.run/tasks/ee723bf6-fe87-4d32-b0b8-495d841cc1d8 |
Verdict: | Malicious activity |
Analysis date: | December 18, 2018, 15:49:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 7DF1417B56E1EE7998198B6AB11AF937 |
SHA1: | 08DB0E485386E411F151720DD1EEB65C46702750 |
SHA256: | 8E17A3BCE496FD93E86795B504F73C354CF8545FA634AAC4FCF63C5AB370ECCE |
SSDEEP: | 6144:owKL9cW6ZK2u3JELaBPaNpNF3vmrObvaRf83HD5l+6S7Khdd5NBPmg:owKpD6ZKz3JEL0Pmjmlf8T586XhdvWg |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3072 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\Desktop\EXTERNAL New voice message from wireless caller +1-231-384-0498.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
3988 | "C:\Program Files\Internet Explorer\iexplore.exe" https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.sakengua.org%2F%3Fsecuressl%3Dtrue&data=02%7C01%7Csharonhardy%40abpipeliners.com%7C08513cde0d494e2c822708d66464be06%7C78d5360854ca4a748beb8a1399c1189c%7C0%7C1%7C636806781206697261&sdata=ooAdNSgSdjfnLjVg8KHyNP7qFnsn%2F%2FGpytdKbhmZrA4%3D&reserved=0 | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2632 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3988 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3072 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR6727.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3988 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3988 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\sakengua_org[1].txt | — | |
MD5:— | SHA256:— | |||
3072 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:7B76BE0B273966ED182EE7620A85AA78 | SHA256:D6B13FFE78D04922D5335214D68C7CCAEECD7E88C099CE19248A83C1F58916E5 | |||
3072 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E8582FFB.dat | image | |
MD5:F99424CAE28E8232CD13C3127DBD017C | SHA256:627556C5CCDEC14E4C8B0C04D8A0B38103A03EBC7FA509A6C2AFAA094C738094 | |||
3072 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9F1B71C0.dat | image | |
MD5:EE8DF2AB556B80ED13C9797576328F4B | SHA256:05AC15C5355A57D06B31CFF83F545CD5EEFAC585958F10DA9EC21BAE874F3ED4 | |||
3072 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf | text | |
MD5:48DD6CAE43CE26B992C35799FCD76898 | SHA256:7BFE1F3691E2B4FB4D61FBF5E9F7782FBE49DA1342DBD32201C2CC8E540DBD1A | |||
3988 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018121820181219\index.dat | dat | |
MD5:A06F12F1CDDFEDC5674C9C38D326A712 | SHA256:ACD28B8638FB3F19F3A8FB5A2B8306ECD106FCF28A7825E3AA44256FAAC1E5EC | |||
2632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\sakengua_org[1].htm | html | |
MD5:54F52CBE66D8D767C95F7D6FF73C54D2 | SHA256:D17F9BED7FE017A4E7F95FB0142B07DE962CE9BBFA46E3CF3A8056F352FB6664 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3072 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
3988 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3988 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2632 | iexplore.exe | 65.55.169.46:443 | na01.safelinks.protection.outlook.com | Microsoft Corporation | US | whitelisted |
3988 | iexplore.exe | 200.85.157.73:443 | www.sakengua.org | X-Host SRL | AR | unknown |
2632 | iexplore.exe | 104.47.40.28:443 | nam03.safelinks.protection.outlook.com | Microsoft Corporation | US | whitelisted |
2632 | iexplore.exe | 200.85.157.73:443 | www.sakengua.org | X-Host SRL | AR | unknown |
3072 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
na01.safelinks.protection.outlook.com |
| whitelisted |
www.bing.com |
| whitelisted |
nam03.safelinks.protection.outlook.com |
| whitelisted |
www.sakengua.org |
| unknown |
dns.msftncsi.com |
| shared |