File name: | Grow your own fruits and vegetables at your own land.msg |
Full analysis: | https://app.any.run/tasks/e4920ccb-22bd-41f1-83a8-5c9f77549471 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 12:59:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 35DEC92F8DFD2A57666FA56CBCF14734 |
SHA1: | E1017A2F42A1140D9637D65B66ABB0343F102B0D |
SHA256: | A409C9E6AC7E9189F7B1F260448DAE10622B9B9FD3B4741DA56DDAE9BF8E1379 |
SSDEEP: | 1536:U4i/TWlWF9uNSYdTkC9Ths6WqWIaq/4luISTVPq/SN9c:Bi/9wdTTHUq//tq/SN |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
240 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Grow your own fruits and vegetables at your own land.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 Modules
| |||||||||||||||
2132 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=GfbVWy5rI4s | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3288 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2132 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
240 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR8F51.tmp.cvr | — | |
MD5:— | SHA256:— | |||
240 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
240 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:F6857B31B54A3628D33A2C2C93CD4A2A | SHA256:B7E6E42FAAAB39100D15E5D2C8F3CB99166932946D24200CB5BA92C34AF4DA11 | |||
3288 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | binary | |
MD5:AA4D3EAA06A2D275CC73D33B80FAEE5E | SHA256:3E3D8887CA382862AFB4DAC25B985FAD276C4B9AD6CDD9FB7B283475CFD46D15 | |||
3288 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_C668445AACCF7A560A7B569C97BA4550 | binary | |
MD5:7AF56EF0CD2A849DAD25C4D7C7B6B22B | SHA256:A25455F944EE6736FCC912A458C9D5952C32024542C91D796E99340831AA1F61 | |||
240 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:017D17569662DFA2E8369B7FDAD5C6D7 | SHA256:6CEDADE3DD3E32EDE19AA317929FC964CF33C9A108B64203F1FC8FFF3080D17C | |||
3288 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:61CBEC643F70753AA444AE2ABB3DA4D2 | SHA256:238FA8194DF91CA5120458EECFF3A14F9398FBCA0FBB239D7FBCFAF8CB02D537 | |||
3288 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:DCA14A16DEFC24D05E7856E008EF28B2 | SHA256:56E14527B9D23A422FB8348521750D804DFFBA916F9605CF30AE4D6339D44354 | |||
240 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_F79CB977A31C3E49AE6105AC64329246.dat | xml | |
MD5:EEAA832C12F20DE6AAAA9C7B77626E72 | SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16 | |||
3288 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\G1OSY3A3.txt | text | |
MD5:A310BD34145A8238EBC726FD6C17578F | SHA256:F152A47377D2B89864D0A6E364FA419C9BE5477A43411444266A36653D16FF11 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3288 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?914e09c5243539fb | US | compressed | 4.70 Kb | whitelisted |
3288 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCqm%2FLZVwk%2FcRLv5CtSZANu | US | der | 472 b | whitelisted |
3288 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
3288 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEFis5ZQLQXhkEp1TGjnLAGc%3D | US | der | 471 b | whitelisted |
3288 | iexplore.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?98e54bba644b3f82 | US | compressed | 4.70 Kb | whitelisted |
3288 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEAT%2FrubUb6nOEpcsoEFY3SI%3D | US | der | 471 b | whitelisted |
3288 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
3288 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCfB0sRdF8W%2FBIjdfpYeZPw | US | der | 472 b | whitelisted |
3288 | iexplore.exe | GET | 200 | 142.250.184.195:80 | http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEESz3%2FmlG2yGCtBzjzp1dVc%3D | US | der | 471 b | whitelisted |
2132 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3288 | iexplore.exe | 142.250.184.195:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3288 | iexplore.exe | 209.197.3.8:80 | ctldl.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
3288 | iexplore.exe | 142.251.36.106:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3288 | iexplore.exe | 142.250.185.238:443 | www.youtube.com | Google Inc. | US | whitelisted |
240 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
3288 | iexplore.exe | 142.250.186.163:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
2132 | iexplore.exe | 142.250.185.238:443 | www.youtube.com | Google Inc. | US | whitelisted |
3288 | iexplore.exe | 142.250.184.196:443 | www.google.com | Google Inc. | US | whitelisted |
3288 | iexplore.exe | 142.250.186.72:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
3288 | iexplore.exe | 172.217.16.142:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
www.youtube.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.google.com |
| whitelisted |