File name: | New Audio Message from 6065608003 TO louie.lapa. Length 0 44 seconds. Date Tuesday, October 8, 2019. .eml |
Full analysis: | https://app.any.run/tasks/4244760d-14cc-433a-aac2-3e0009f1cbc2 |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 14:05:59 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | message/rfc822 |
File info: | RFC 822 mail, ASCII text, with CRLF line terminators |
MD5: | 6E045AEAFC7D9A23E574903BA3EE3069 |
SHA1: | 8E8AC80469A53031B24B6C9116EBBD2B3706ED61 |
SHA256: | D71ECD06BD292178577E8D0DB2261B2118EE2EA7AEE5A4FA31258B17346D1C47 |
SSDEEP: | 384:wGtrFc7vtdsqPxitRFchpAbtEDToC9A7cnfxBLbubfINa:bUV6qPMc6K1ucnpJbW2a |
.eml | | | E-Mail message (Var. 5) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2960 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\9f8e1448-f3ea-4485-aec2-57a02ff34c20.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
3676 | C:\Windows\system32\prevhost.exe {F8B8412B-DEA3-4130-B36C-5E8BE73106AC} -Embedding | C:\Windows\system32\prevhost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Preview Handler Surrogate Host Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2824 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\4VLR25MM\VM Tues_Oct_8_2019_8327446.html | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3596 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2824 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3328 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2824 CREDAT:6403 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2960 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR4E3C.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2960 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\4VLR25MM\VM Tues_Oct_8_2019_8327446 (2).html\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
2960 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019092020190921\index.dat | — | |
MD5:— | SHA256:— | |||
2960 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:2C849367F0D93BFF30CF0FD8D85DF354 | SHA256:22D5EFB7D3AF9A2D0F5B78F647469AB514E1C0C9156CF37B5F21354B7FCBA738 | |||
2960 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\4VLR25MM\VM Tues_Oct_8_2019_8327446.html | html | |
MD5:94EC4CC48DF2E7A0FD1BF3227334FA3D | SHA256:1F1C23F1ECA017F3A8FF0F85E709C23063C5BF863E06D1795038F4629F87867E | |||
2960 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019100920191010\index.dat | dat | |
MD5:455F65C6F1B54973D00DF1F580014564 | SHA256:E82FBBF3EC84FCE40BD91D0DF101E3AB100DD374FF094986DCF452C098D10EA3 | |||
2960 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_38F9715809B843478E9042467B8F9931.dat | xml | |
MD5:B21ED3BD946332FF6EBC41A87776C6BB | SHA256:B1AAC4E817CD10670B785EF8E5523C4A883F44138E50486987DC73054A46F6F4 | |||
2960 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A40AB625-AB36-4CF4-B5CD-908E86103D5E}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png | image | |
MD5:7D80C0A7E3849818695EAF4989186A3C | SHA256:72DC527D78A8E99331409803811CC2D287E812C008A1C869A6AEA69D7A44B597 | |||
2960 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_E22763A296EC634F9A4241ADC947CC24.dat | xml | |
MD5:57F30B1BCA811C2FCB81F4C13F6A927B | SHA256:612BAD93621991CB09C347FF01EC600B46617247D5C041311FF459E247D8C2D3 | |||
3676 | prevhost.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\wbk8EF0.tmp | html | |
MD5:94EC4CC48DF2E7A0FD1BF3227334FA3D | SHA256:1F1C23F1ECA017F3A8FF0F85E709C23063C5BF863E06D1795038F4629F87867E |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2824 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2960 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
3596 | iexplore.exe | 96.8.118.121:443 | voice-app.audioservice.club | ColoCrossing | US | malicious |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
dns.msftncsi.com |
| shared |
www.bing.com |
| whitelisted |
voice-app.audioservice.club |
| malicious |