File name: | _Phish Alert_ Eveling Steverson.msg |
Full analysis: | https://app.any.run/tasks/f6e0102e-bff0-483b-98c0-c75f05b161a9 |
Verdict: | Malicious activity |
Analysis date: | January 18, 2020, 09:04:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 097639EF73DE559BD29543D98AE26F0F |
SHA1: | 4F4E1AA88CF115647428E49BE79F54B6D87D4A72 |
SHA256: | B1A0CD5CAB6852116EFB64B69FDAB45C2AE9DC6374D9C86ECC5BB314251D6F23 |
SSDEEP: | 1536:aQgWcWrWPB/yFWKW+WizlHmy5bd2dwFm+iL:aQ4BKdzlHj5bd2dx+u |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2800 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\_Phish Alert_ Eveling Steverson.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
4072 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\MVXALTFN\Malware Alert Text.txt | C:\Windows\system32\NOTEPAD.EXE | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1908 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\MVXALTFN\source.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 | ||||
3984 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\MVXALTFN\Malware Alert Text (3).txt | C:\Windows\system32\NOTEPAD.EXE | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2800 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRAAA2.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2800 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\MVXALTFN\Malware Alert Text (2).txt\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
2800 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\MVXALTFN\source (2).eml\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
1908 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRE0E5.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2800 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\MVXALTFN\Malware Alert Text (4).txt\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
2800 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:65C6A347CF4BF9CCD1E8C787C30AB699 | SHA256:B1157035AECCF357DC9E9F19542AB6D4BA15D8C398ACEACCADD456D633C23AE2 | |||
2800 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:B73F3761C0E10D21394F31871675CCAD | SHA256:96F240D64939F21D8CF41F6A969179BBB8271C46A0462B71F1A4C5E2B227A29B | |||
2800 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\MVXALTFN\Malware Alert Text (3).txt | text | |
MD5:BAA227EC6DE876594A159624231B0A78 | SHA256:A19720ACE8AA36689708BD9AE42EBD7220891588680AB7BA5241A95EE3DF36CD | |||
2800 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\MVXALTFN\source.eml | eml | |
MD5:80000A26BC3CF3109BDC8068AD23BC3D | SHA256:DBBC33B667AC3D7452557DC7C6AFF521E3EC9B51C2E1413239026FC177725B0C | |||
2800 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\MVXALTFN\source (2).eml | eml | |
MD5:80000A26BC3CF3109BDC8068AD23BC3D | SHA256:DBBC33B667AC3D7452557DC7C6AFF521E3EC9B51C2E1413239026FC177725B0C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2800 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2800 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |