File name: | -6460681921515331216.eml |
Full analysis: | https://app.any.run/tasks/b33b1088-fc7d-4191-9a34-4d26d106476e |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 20:02:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with CRLF line terminators |
MD5: | 6A00D18C70155873E5E73CFFC4715EE7 |
SHA1: | 90390C4774A800431366E77708FE58C5BD1EFD3A |
SHA256: | 9848410F84FF2A394662B6220B1D27FC530336A8FEB75B57B56D8367968ABC88 |
SSDEEP: | 384:mY0L0ozjo5+2zBAcZhwwxvfsZHRWselw0sMsmlYuq1B/xssVxy9RBk+mvS0FsTyQ:mL0qkmcY6sZHLLrnEqv/OsVeB1mvQcar |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
296 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\-6460681921515331216.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
296 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRDF80.tmp.cvr | — | |
MD5:— | SHA256:— | |||
296 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
296 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:B6FEF988B351DB527E3C509676DF6629 | SHA256:68AA88E60063BD395D0C1C30BF72FC9FF2FDC06DB07D027D6555A741ADE67FA8 | |||
296 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:ED7189E27841F13B2C8AFFC77EFFC228 | SHA256:2CC0A23A4F4BD098B8B22ECA54383428600C0FC93E7725482F796004484FBBC2 | |||
296 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_598C49E6C3A2B643A1D554E0D5791B2C.dat | xml | |
MD5:EEAA832C12F20DE6AAAA9C7B77626E72 | SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16 | |||
296 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B301625A-3448-4B18-A6C6-887D2ADD1BA8}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png | image | |
MD5:4C61C12EDBC453D7AE184976E95258E1 | SHA256:296526F9A716C1AA91BA5D6F69F0EB92FDF79C2CB2CFCF0CEB22B7CCBC27035F | |||
296 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_3CDAECFFC195C34CA5AF2B084BB5339F.dat | xml | |
MD5:D8B37ED0410FB241C283F72B76987F18 | SHA256:31E68049F6B7F21511E70CD7F2D95B9CF1354CF54603E8F47C1FC40F40B7A114 | |||
296 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_8B2FF26F300FEF459046790D1E9CEE3D.dat | xml | |
MD5:57F30B1BCA811C2FCB81F4C13F6A927B | SHA256:612BAD93621991CB09C347FF01EC600B46617247D5C041311FF459E247D8C2D3 | |||
296 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\80C4B806.dat | image | |
MD5:4C6EF8A624DB4770843AB09AA78FA248 | SHA256:4DA3299E3ADF36C6AC26345EA476573F2058790317770E9237B01A5501A08D13 | |||
296 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B10353D9.dat | image | |
MD5:71B489BDCF0E0B51DB7BD75716DDF547 | SHA256:656A4F0589DBA0B5F4606F6AA73D970D5D108F8A09A91EEFB5E0ABD7881510E6 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
296 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |