File name: | Presentation - Monica.eml |
Full analysis: | https://app.any.run/tasks/1f5d4fe2-e6c9-4014-9417-5f20a799d0d9 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 13:00:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with CRLF line terminators |
MD5: | 79FE4F0AEC6D304DD82291F180E7CB46 |
SHA1: | 9F54770629879530A7ABA7C4B315C6A908DC3EFF |
SHA256: | C15D00F23EC3EF0B734DD18F06F14DB3937E3DAB51641C34CA73AF15A9216AB1 |
SSDEEP: | 49152:lafEOztUzWIvBoSLtp31m+Nkd+6HTQy1+ZM+fb1sDZ2IJBfOwmHXN1G8fs+sccyd:b |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
980 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\Presentation - Monica.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
980 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR70E1.tmp.cvr | — | |
MD5:— | SHA256:— | |||
980 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
980 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\tmp7343.tmp | — | |
MD5:— | SHA256:— | |||
980 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:8988780D0176416181BB4F40593CA125 | SHA256:D162629129F21577AB87C3D3C1BA1E4D4E3F42496A78C9A2EF7E3D4BCD0AD0D8 | |||
980 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5CFC7C2B.dat | image | |
MD5:F69FFC85322A5C1D971C18465642648C | SHA256:CEC5BF187641E4EDF39B235C88F3929C2885A5AA6E0308CD0EBA3CCAE2849204 | |||
980 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A9B9FC52.dat | image | |
MD5:DBB42BA8675EF06B81C7EB49BE2F3530 | SHA256:E816F9CB2DD3C2F7B3802BB0BE9082743B2FBF6E8DC204AA405912DD0DF826FC | |||
980 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AFBB0255.dat | image | |
MD5:E7DCFCAFAE0D2725603AD19995C7CAF1 | SHA256:09675F26E9D6951B1AB9152A431CDC961A782D6B46C64F5BCDDEB289AA5CFFE8 | |||
980 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:79B6CA629EA7E6640A8735BCE4009216 | SHA256:8FE25A027DED8B81BB5E3542E7D646C431D0D83CB14BFE6AC285DD86D75FDFAD | |||
980 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_7A0376D5E8E713409A8975AE18231867.dat | xml | |
MD5:EEAA832C12F20DE6AAAA9C7B77626E72 | SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16 | |||
980 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_CB070ECFE3B6434FB9D8C431ACF96B3F.dat | xml | |
MD5:807EF0FC900FEB3DA82927990083D6E7 | SHA256:4411E7DC978011222764943081500FFF0E43CBF7CCD44264BD1AB6306CA68913 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
980 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
980 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |