File name: | FW Reminder from BT.msg |
Full analysis: | https://app.any.run/tasks/82378add-da55-42ac-9f65-aa58687c5391 |
Verdict: | Malicious activity |
Analysis date: | February 19, 2019, 11:39:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 158D6B6BAAD1C79930AF5C5D76B14DAE |
SHA1: | B4188EC05A87137D9B6A692140F9168CA58A26DF |
SHA256: | C10CDB92978496384DA8CDDBD7161BEA5F2D8CE82C312A43242A81E9793B1641 |
SSDEEP: | 768:24sxePnyY286PuIuhWfZ2RnpZ2Rn6vCDikhOU:uxePnyY2XPuIkWInmn6mLOU |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2972 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\FW Reminder from BT.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
2672 | "C:\Program Files\Internet Explorer\iexplore.exe" https://candidates.sonru.com/bt/invite/eoj3m27s/zkB1dDL2-hu_v6XdQ4Fo | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3352 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2672 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2972 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRE9F6.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2672 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2672 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3352 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\errorPageStrings[1] | text | |
MD5:1A0563F7FB85A678771450B131ED66FD | SHA256:EB5678DE9D8F29CA6893D4E6CA79BD5AB4F312813820FE4997B009A2B1A1654C | |||
2972 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:57C7B57DD54F4D4AF6D4AC8EA8F698F2 | SHA256:7E871F0C0F1DF845F61E22E8DC1232ECE62C9C963C9F5F75B5B4772F88DE3002 | |||
3352 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\httpErrorPagesScripts[1] | text | |
MD5:E7CA76A3C9EE0564471671D500E3F0F3 | SHA256:58268CA71A28973B756A48BBD7C9DC2F6B87B62AE343E582CE067C725275B63C | |||
2972 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_427373334EF782419DF508F45A4E32A6.dat | xml | |
MD5:807EF0FC900FEB3DA82927990083D6E7 | SHA256:4411E7DC978011222764943081500FFF0E43CBF7CCD44264BD1AB6306CA68913 | |||
2672 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF09E3F38DCE749BFF.TMP | — | |
MD5:— | SHA256:— | |||
2972 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\51935CDD.dat | image | |
MD5:71A50DBBA44C78128B221B7DF7BB51F1 | SHA256:3EB10792D1F0C7E07E7248273540F1952D9A5A2996F4B5DF70AB026CD9F05517 | |||
2672 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF46CB7377DD22E06D.TMP | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2972 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
2672 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3352 | iexplore.exe | 46.51.180.16:443 | candidates.sonru.com | Amazon.com, Inc. | IE | unknown |
2972 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
2672 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
candidates.sonru.com |
| unknown |
www.bing.com |
| whitelisted |
dns.msftncsi.com |
| shared |