File name: | phish_alert_gcep_0.1.90-0.eml |
Full analysis: | https://app.any.run/tasks/f9933367-e592-4ff2-b329-4e1fe2d252a1 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 07:25:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | message/rfc822 |
File info: | SMTP mail, ASCII text, with very long lines, with CRLF line terminators |
MD5: | D57BD6840847EB32FA218718802DD8D6 |
SHA1: | CF4119809099A1F8F210AAFC5BECFB51ACF46F5A |
SHA256: | C9DD8DBE91A2B8F90134D58349C7EEE838D89A848FBE544C931CC637A68DB100 |
SSDEEP: | 384:R54/ZOX9AymZ876pwF5FIN0N2FjowbiyMTkj22U9zs6f4Lt8jTb:R5oOXiy97a0NKjowbVdj2Jf0Eb |
.eml | | | E-Mail message (Var. 7) (100) |
---|
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2492 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\phish_alert_gcep_0.1.90-0.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 Modules
| |||||||||||||||
2328 | "C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/photo/?fbid=1062443231071878&set=g.1055452531206265 | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2780 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2328 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2492 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR476B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2492 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
2492 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:B321CE6F46B9E0F188D7EC178429ED3A | SHA256:0D4BF2B8BBDE06FA29FC7C6DB69A583D3ED4EE007EDD49147C3995E70C736692 | |||
2780 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\photo[1].htm | html | |
MD5:2FDAAA57E2CC656ED22EF8211A7B0803 | SHA256:69E4654E56EC0D59112638B0DEC1B2AE52CA391C6261104EFF37C75C6E235D0A | |||
2780 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | der | |
MD5:6D676CF8CC0E0E8C814461805E761CCA | SHA256:EFDFEA3D85CEA32051FDE431C7C5CAD519C0FD4803ECB466BD6282ADA744381F | |||
2328 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:F828053404D9D38B9FB525996562F990 | SHA256:A36CAD36DC334EEA4FB2CD57700EE400EE78B7B5E212870D4AEEC798106297EE | |||
2492 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_4491A36C3AF23045A61E0EB4A9028B5C.dat | xml | |
MD5:57F30B1BCA811C2FCB81F4C13F6A927B | SHA256:612BAD93621991CB09C347FF01EC600B46617247D5C041311FF459E247D8C2D3 | |||
2780 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_F6AEED575576AAB1C000564B4EAAB5C7 | der | |
MD5:F8E35BD685C0A1A70D9F970633E71325 | SHA256:BB94BD7D98D4D1EFC83A4EB1958B1308ABDB66A1839DD157732E6EEDB356C7C8 | |||
2492 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:E3491555A4CB3B42E7C2A7DB79205AAD | SHA256:0665F4E2DD8D15874C0E92B6FB00E11107782F604EC17AC42E8150EE758CF0F9 | |||
2780 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB | binary | |
MD5:917D240665C68B9E95D31F3F2343AE38 | SHA256:EE7B2E58933A32BBEF75FD14F18119411E167A74BFD29DBA12CEB943365D8000 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2492 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
2328 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2780 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D | US | der | 471 b | whitelisted |
2780 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEASPosIu%2FtdLiD6lffGYfhc%3D | US | der | 471 b | whitelisted |
2780 | iexplore.exe | GET | 200 | 67.26.137.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b1f94239ca983852 | US | compressed | 4.70 Kb | whitelisted |
2780 | iexplore.exe | GET | 200 | 67.26.137.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bdc8767eb3ecc5e8 | US | compressed | 4.70 Kb | whitelisted |
2780 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAjrhrQ1V0klR24V03mvDoM%3D | US | der | 471 b | whitelisted |
2328 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
2328 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2780 | iexplore.exe | 31.13.92.36:443 | www.facebook.com | Facebook, Inc. | IE | whitelisted |
2780 | iexplore.exe | 67.26.137.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | malicious |
2492 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
2780 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2328 | iexplore.exe | 13.107.22.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2780 | iexplore.exe | 157.240.236.35:443 | m.facebook.com | — | US | malicious |
2328 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2780 | iexplore.exe | 185.60.216.35:443 | facebook.com | Facebook, Inc. | IE | whitelisted |
2328 | iexplore.exe | 31.13.92.14:443 | static.xx.fbcdn.net | Facebook, Inc. | IE | whitelisted |
2328 | iexplore.exe | 204.79.197.200:443 | ieonline.microsoft.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
www.facebook.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
m.facebook.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
static.xx.fbcdn.net |
| whitelisted |
facebook.com |
| whitelisted |
fbcdn.net |
| whitelisted |