File name: | phish_alert_sp2_2.0.0.0 (18).eml |
Full analysis: | https://app.any.run/tasks/0180b929-596d-40b6-a283-4ffe8b269862 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 18:51:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 5483BA0379A3C896100730A561BF0D3A |
SHA1: | 93EF67EF6BAE3B8AD1E26D9863F7D241309077ED |
SHA256: | 96B28F545491199E47FA840A4E44627D7875716D0F5FAF508926CA0592F8442F |
SSDEEP: | 1536:TsqqPKgz5GD8SJxc2EmZ1pmmstSZZg+z66J:iiCbSfOmU+1 |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3148 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 (18).eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
3472 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3148 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRE8CD.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3148 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
3472 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRBE5.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3148 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:8B5EB846593234CBBD41E984B7789683 | SHA256:EC936CC871F9E8486EF3389C34B5E32B538825B47D7CBF2BB5B7F36A7305E2E3 | |||
3148 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:C695D9E72234414A914B5A8AA2F85AE9 | SHA256:4EE6BDB7777890CFF482FAC75CFE637C58F20C68A966DA0DF1907C5F14FFD9DC | |||
3148 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\94954A8.dat | image | |
MD5:F7141E8297EF09B24A2543C4B5852B34 | SHA256:898ABCC86C2BF46C06B75163630A37215588AA3BC9816F5C61B69D87F9463945 | |||
3148 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_CFEF02B37C20724E916CB3E7D0997470.dat | xml | |
MD5:B21ED3BD946332FF6EBC41A87776C6BB | SHA256:B1AAC4E817CD10670B785EF8E5523C4A883F44138E50486987DC73054A46F6F4 | |||
3148 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1FEF5874.dat | image | |
MD5:F7141E8297EF09B24A2543C4B5852B34 | SHA256:898ABCC86C2BF46C06B75163630A37215588AA3BC9816F5C61B69D87F9463945 | |||
3148 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_6CF295D2BADE744AA4C133547BBBF6DC.dat | xml | |
MD5:EEAA832C12F20DE6AAAA9C7B77626E72 | SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16 | |||
3148 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9FB9B5E5.dat | image | |
MD5:5B803241712D3ACCFCC7F549CD00A7BC | SHA256:C0D934A4ED60ACD93F0B82AE59B059D4E9BCFB028C9CF31926068F61E4A76633 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3148 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3148 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |