File name: | Sua fatura NET MAURIZIO BILLI.msg |
Full analysis: | https://app.any.run/tasks/0733d394-3de2-4360-b4f2-93220d5e1aa7 |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 11:48:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 5E35DBD9B2E58D0602E7B534D98BB351 |
SHA1: | DEB43049691E8A5E15EA7B46DA6F208C3411541F |
SHA256: | B1B41CCD4FF7741609091D4DFEBA10C96A2BC30A5FE6EABE0809BDA023B41857 |
SSDEEP: | 1536:Y8UfDzKhhWkWQ9gtAuNtNBqOhbuzIw3IW7m:zUfDzKctNBhbWIw3IW7m |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3512 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Sua fatura NET MAURIZIO BILLI.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
2056 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.instagram.com/netoficial | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2868 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2056 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2276 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/NEToficial | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3312 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2276 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2788 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/NEToficial | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3464 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2788 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1024 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 3221225547 Version: 75.0.3770.100 | ||||
2504 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x722aa9d0,0x722aa9e0,0x722aa9ec | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
3960 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1224 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRCF17.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:F328C43E2864795DD4C08E70F3AF2257 | SHA256:88030A9D376522F16DA0446BCAD1644EAE48AE0E8BA29318C79261357286ABCE | |||
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:7C5EEE003DDDB37E82B14C8E2F60A875 | SHA256:DE85171B94D602C18B57B797C6C97B8E123A71F1CFB81781E87A545742A15EAB | |||
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\topo[1].jpg | image | |
MD5:F5AAA0D35ABC5A9383D470244F34C372 | SHA256:BE627EB57F98580F33FAF1BB07D284268CDA4EE87B06A0830BF294A6C6F11B76 | |||
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\social-4[1].gif | image | |
MD5:2527362DEDE0EC63F5A46B7DECCD3F94 | SHA256:93469C22CECFE17440D67F5EE90BE156775B9ED235BED660DAEF813E3CB9C5B1 | |||
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\social-2[1].gif | image | |
MD5:A80E1F4F543096530610842F8F111970 | SHA256:3E6920E2E3BCC690C96E15EE4398E44EFD79F2465BE3B4326379A8928B5A33B8 | |||
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\social-5[1].gif | image | |
MD5:FA40C2907E23E952A209E05D7C3490B3 | SHA256:B2F61234797725E72D4C00C69376626E687710EE89B24954B8787229849DF76E | |||
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\banner[1].jpg | image | |
MD5:4F0717F4E3359EE12CFFED1CCAD407C8 | SHA256:44AFDE8AFE7D804267AB7AB83B482D71819B527DE7AA39FF9EA8771BD1FEFB2A | |||
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\siga[1].gif | image | |
MD5:5CC69F81DA215931F08B6D5F0B621509 | SHA256:D2907A5DB95BF533B2538D8F416E998893B449CFD081A40902F62185F654FA19 | |||
3512 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt | text | |
MD5:B10B0FE1947E4F5C992EE06B971919D5 | SHA256:B6B7E161E37592D0DC4ED2BA3BB8457C9EE0678D8BE4A1FE2C5E35FB17C57D95 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3512 | OUTLOOK.EXE | GET | 301 | 152.195.52.2:80 | http://www.netcombo.com.br/static/email/20161118120507/images/logo.jpg | US | — | — | whitelisted |
3512 | OUTLOOK.EXE | GET | 301 | 152.195.52.2:80 | http://www.netcombo.com.br/static/email/20161118120507/images/social-4.gif | US | — | — | whitelisted |
3512 | OUTLOOK.EXE | GET | 301 | 152.195.52.2:80 | http://www.netcombo.com.br/static/email/20161118120507/images/siga.gif | US | — | — | whitelisted |
3512 | OUTLOOK.EXE | GET | 301 | 152.195.52.2:80 | http://www.netcombo.com.br/static/email/20161118120507/images/social-5.gif | US | — | — | whitelisted |
3512 | OUTLOOK.EXE | GET | 301 | 152.195.52.2:80 | http://www.netcombo.com.br/static/email/20161118120507/images/social-2.gif | US | — | — | whitelisted |
3512 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
3512 | OUTLOOK.EXE | GET | 301 | 152.195.52.2:80 | http://www.netcombo.com.br/static/email/20161118120507/images/social-3.gif | US | — | — | whitelisted |
3512 | OUTLOOK.EXE | GET | 301 | 152.195.52.2:80 | http://www.netcombo.com.br/static/email/20161118120507/images/social-1.gif | US | — | — | whitelisted |
3692 | chrome.exe | GET | 204 | 172.217.25.131:80 | http://csi.gstatic.com/csi?v=3&s=gapi_module&action=gapi_iframes__googleapis_cli12&it=mli.188,mei.17&srt=16&tbsrt=2321&tran=15&e=abc_l0,abc_m0,abc_pgapi_iframes__googleapis_cli12,abc_u0&rt= | US | — | — | whitelisted |
3512 | OUTLOOK.EXE | GET | 301 | 152.195.52.2:80 | http://www.netcombo.com.br/static/email/20161118120507/images/banner.jpg | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3312 | iexplore.exe | 31.13.92.36:443 | m.facebook.com | Facebook, Inc. | IE | whitelisted |
2276 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2056 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3312 | iexplore.exe | 185.60.216.35:443 | www.facebook.com | Facebook, Inc. | IE | whitelisted |
3312 | iexplore.exe | 157.240.20.19:443 | static.xx.fbcdn.net | Facebook, Inc. | US | whitelisted |
3312 | iexplore.exe | 31.13.64.21:443 | scontent-amt2-1.xx.fbcdn.net | Facebook, Inc. | IE | whitelisted |
3512 | OUTLOOK.EXE | 152.195.52.2:80 | www.netcombo.com.br | MCI Communications Services, Inc. d/b/a Verizon Business | US | unknown |
2868 | iexplore.exe | 31.13.92.174:443 | www.instagram.com | Facebook, Inc. | IE | malicious |
3512 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
2056 | iexplore.exe | 31.13.92.174:443 | www.instagram.com | Facebook, Inc. | IE | malicious |
Domain | IP | Reputation |
---|---|---|
www.netcombo.com.br |
| whitelisted |
config.messenger.msn.com |
| whitelisted |
www.instagram.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.facebook.com |
| whitelisted |
m.facebook.com |
| whitelisted |
static.xx.fbcdn.net |
| whitelisted |
scontent-amt2-1.xx.fbcdn.net |
| whitelisted |
facebook.com |
| whitelisted |
fbcdn.net |
| whitelisted |