File name: | phish_alert_sp2_2.0.0.0.eml |
Full analysis: | https://app.any.run/tasks/775cbe09-eff2-442f-abd3-ef8549beed51 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 16:34:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 3EC6466038BC031F2BB763C1F5CA2677 |
SHA1: | 277DCC5654D652B77737DAE573BA921E45488576 |
SHA256: | BF225BE8CA3BC2845E134D06F59AF1D8ECABD694C1E414D3DF724D67A61A5915 |
SSDEEP: | 384:+nlZEt5csxrS1EyPfYM4WA//u0QxZjIEiOTNR:+nlZEtysxOey4MFAeb3Vvv |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1252 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
272 | "C:\Program Files\Internet Explorer\iexplore.exe" https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbit.ly%2F3Ks00Ek&data=04%7C01%7Cctr-fleetequipment%40cantire.com%7Cafd492787482409c942d08d9dcf04ae4%7Cbd6704ff1437477c9ac9c30d6f5133c5%7C0%7C0%7C637783747402171616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=bV9GevGcSdDbryz8nBSUsBJ96ZalsCeAHe4O0tS%2BQ9Q%3D&reserved=0 | C:\Program Files\Internet Explorer\iexplore.exe | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2996 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:272 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1033 |
Value: Off | |||
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1041 |
Value: Off | |||
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1046 |
Value: Off | |||
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1036 |
Value: Off | |||
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1031 |
Value: Off | |||
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1040 |
Value: Off | |||
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1049 |
Value: Off | |||
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 3082 |
Value: Off | |||
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1042 |
Value: Off | |||
(PID) Process: | (1252) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1055 |
Value: Off |
PID | Process | Filename | Type | |
---|---|---|---|---|
1252 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRE8EC.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1252 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
1252 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:8408D9D735A240B9D81F8FAFC82C468D | SHA256:42EDD9F73E40DC61D7D2AD63672827CD2795B36043506811C54DAE6B478F6971 | |||
272 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{8EAF51C6-7D33-11EC-A20C-12A9866C77DE}.dat | binary | |
MD5:E85589F5AABAE780A15A40703B17478B | SHA256:580D08189663929BCBD31C581F477CFE6DB190BD20967EF56B9C8BDF65EF4907 | |||
1252 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_B3CF828A6882A4458110DA93CBBC310B.dat | xml | |
MD5:57F30B1BCA811C2FCB81F4C13F6A927B | SHA256:612BAD93621991CB09C347FF01EC600B46617247D5C041311FF459E247D8C2D3 | |||
1252 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:A6EC923ACAA57C7943270F7EFE1691B7 | SHA256:CD220E56147640FCBA1D4A87B208E6C0D6780CF80E4D1180A22FA00E9F3078E2 | |||
272 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFD04A349296F1BFB4.TMP | gmc | |
MD5:D0E0D513AEFD4D6DD6A615E5760F333A | SHA256:C20ACB82B929C346E351F6CF9B2CE68696EE907A336771E8401676E920619823 | |||
272 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{8EAF51C5-7D33-11EC-A20C-12A9866C77DE}.dat | binary | |
MD5:4408380539FACCB4F69EFF81AC5136E2 | SHA256:2502D1C4EB54A8A89E934AE95E8D322D683A2DB3C4D1B9E414BB22536633442C | |||
272 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.dat | binary | |
MD5:03DB738961D7F094B50387F84C2D0E4C | SHA256:C5872369AA91763D132B727D77AC86B2D40B3CBC360E9083B057B0B5939A253B | |||
1252 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5A108769-22B8-46E6-8C0B-143CEAFDDF28}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png | image | |
MD5:4C61C12EDBC453D7AE184976E95258E1 | SHA256:296526F9A716C1AA91BA5D6F69F0EB92FDF79C2CB2CFCF0CEB22B7CCBC27035F |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1252 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
2996 | iexplore.exe | 104.47.61.28:443 | can01.safelinks.protection.outlook.com | Microsoft Corporation | CA | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
can01.safelinks.protection.outlook.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |