File name: | TT_SWIFTCOPY_SAMOO75212-190-PDF.eml |
Full analysis: | https://app.any.run/tasks/07efeb84-dbe6-4612-84d8-c48f68df7a2d |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 14:04:25 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators |
MD5: | C7F94D17EA68B1D7A01967441C876D63 |
SHA1: | 65C8C8E2CC9C55D88E95AB14DE6DF8266FEB3B0D |
SHA256: | 9812AB8C9252AE3195E068043328BC3D65EEBA706EA855B96644D96A08DB82A4 |
SSDEEP: | 384:TnCMSxk8f4RBVqWyoaBI/r7HAIQsqteCbhb4kNs:TnCJsqWyot71C9sN |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3400 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\TT_SWIFTCOPY_SAMOO75212-190-PDF.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3400 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRD6AE.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3400 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
3400 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:B61A3DB44927DD905841547CDBE32B2E | SHA256:9F784326D8CC327B2C3BEDF63B9E87E1B1BEAD471B9AD14D803CA4C0697B3579 | |||
3400 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:B70AA289A8CCAF1CA06C253C4E0DF9F1 | SHA256:B3611A375CE9745B609F80F53A6A3EEE4B77FD8B0CA96332550FA32D5C4707AA | |||
3400 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD014847-7DB0-44A1-8954-55213E2B48FE}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png | image | |
MD5:4C61C12EDBC453D7AE184976E95258E1 | SHA256:296526F9A716C1AA91BA5D6F69F0EB92FDF79C2CB2CFCF0CEB22B7CCBC27035F | |||
3400 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_5A79946D2E0FF84991891EE86D7E58D9.dat | xml | |
MD5:BBCF400BD7AE536EB03054021D6A6398 | SHA256:383020065C1F31F4FB09F448599A6D5E532C390AF4E5B8AF0771FE17A23222AD | |||
3400 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_4E00D4669920914C9733ACB6A33AC45F.dat | xml | |
MD5:F194B1FA12F9B6F46A47391FAE8BEEC2 | SHA256:FCD8D7E030BE6EA7588E5C6CB568E3F1BDFC263942074B693942A27DF9521A74 | |||
3400 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 | |||
3400 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_AF27D92DCFCAF2488BAEEE0EE07894B0.dat | xml | |
MD5:D8B37ED0410FB241C283F72B76987F18 | SHA256:31E68049F6B7F21511E70CD7F2D95B9CF1354CF54603E8F47C1FC40F40B7A114 | |||
3400 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_02A0E0B59816AC47BA76D036506EAFD9.dat | xml | |
MD5:B21ED3BD946332FF6EBC41A87776C6BB | SHA256:B1AAC4E817CD10670B785EF8E5523C4A883F44138E50486987DC73054A46F6F4 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3400 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |