File name:

RV ACTA REFERENTE Y DETALLES DE LA DEMANDA..msg

Full analysis: https://app.any.run/tasks/1e2818a9-8b34-4a9b-af6a-5e861b12a491
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: July 17, 2024, 16:07:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
rat
asyncrat
remote
Indicators:
MIME: application/vnd.ms-outlook
File info: CDFV2 Microsoft Outlook Message
MD5:

DFF3D0BFA2644F32B31E6D551AC6ECFC

SHA1:

14F54DFDFE0A1A0548F5311A168AFD74AE8CF5EF

SHA256:

DD4DF2885B12CB84FB7B448DA4E0C3A9D6177F27740317FEB402E258EF930CD1

SSDEEP:

1536:iWsXmusONOkicJZCq4v8QtwGugsHObVjmYGh6WbWHfna3UaiQWSWbWjcy9AW/d9f:iWcmujJTqwGJfJavd9nIQxrt4i

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • EXPEDIENTE DEL PROCESO N° 4528-2932-22.exe (PID: 7524)
      • EXPEDIENTE DEL PROCESO N° 4528-2932-22.exe (PID: 7640)

    • Starts Visual C# compiler

      • EXPEDIENTE DEL PROCESO N° 4528-2932-22.exe (PID: 7524)
      • EXPEDIENTE DEL PROCESO N° 4528-2932-22.exe (PID: 7640)

    • ASYNCRAT has been detected (SURICATA)

      • csc.exe (PID: 7660)

    • ASYNCRAT has been detected (YARA)

      • csc.exe (PID: 7660)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 7832)
      • ShellExperienceHost.exe (PID: 7040)

    • Connects to unusual port

      • csc.exe (PID: 7660)

    • Contacting a server suspected of hosting an CnC

      • csc.exe (PID: 7660)

  • INFO

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 7008)

    • Checks supported languages

      • identity_helper.exe (PID: 7360)
      • csc.exe (PID: 7660)
      • EXPEDIENTE DEL PROCESO N° 4528-2932-22.exe (PID: 7524)
      • ShellExperienceHost.exe (PID: 7040)
      • csc.exe (PID: 3832)
      • EXPEDIENTE DEL PROCESO N° 4528-2932-22.exe (PID: 7640)

    • Reads the computer name

      • identity_helper.exe (PID: 7360)
      • csc.exe (PID: 7660)
      • ShellExperienceHost.exe (PID: 7040)
      • csc.exe (PID: 3832)

    • The process uses the downloaded file

      • msedge.exe (PID: 7384)
      • msedge.exe (PID: 7008)
      • WinRAR.exe (PID: 7832)

    • Reads the software policy settings

      • slui.exe (PID: 3832)
      • csc.exe (PID: 7660)
      • slui.exe (PID: 7452)

    • Reads the machine GUID from the registry

      • csc.exe (PID: 7660)
      • csc.exe (PID: 3832)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7832)

    • Reads Environment values

      • csc.exe (PID: 7660)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 7832)
      • msedge.exe (PID: 7600)

    • Application launched itself

      • msedge.exe (PID: 7008)

    • Manual execution by a user

      • EXPEDIENTE DEL PROCESO N° 4528-2932-22.exe (PID: 7640)

    • Checks proxy server information

      • slui.exe (PID: 7452)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

AsyncRat

(PID) Process(7660) csc.exe
C2 (1)pinchiec.duckdns.org
Ports (1)2245
Version1.0.7
Options
AutoRunfalse
MutexDcRatMutex_qwqdanchun
InstallFolder%AppData%
Certificates
Cert1MIICMDCCAZmgAwIBAgIVALHnIPqvO0ejsIiXRAS4cjBZw0S5MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMTAxMzE2NDExOFoXDTMzMDcyMjE2NDExOFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A...
Server_Signaturef+lO0R7wUJLMIxhZa0xEo0TVhyhA2tBY8FNXUjw7lz4NF3mDXzPJFo2CQD8+Z6FPpOxR0Nh+0gb3xY6ZCa1OL0hSBc8nNVmX4UK9jQ/B6+7zcSxsXn7FbfvIsLbcB5l7YWKlPRrljw5fRbuHm/nWA2j+xKPlcqQTL7oXZhVtczU=
Keys
AES8b51197aa1670e2ec4df53e5e2af4d3e22daef2d256da858c7e60115d448fcdc
SaltDcRatByqwqdanchun
No Malware configuration.

TRiD

.msg | Outlook Message (58.9)
.oft | Outlook Form Template (34.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
220
Monitored processes
72
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start outlook.exe ai.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs expediente del proceso n° 4528-2932-22.exe slui.exe #ASYNCRAT csc.exe msedge.exe no specs msedge.exe no specs shellexperiencehost.exe no specs systemsettingsbroker.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs expediente del proceso n° 4528-2932-22.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs csc.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4208 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
764"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8100 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
836"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7448 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1140"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8052 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2360"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5704 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2648"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8148 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2848"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7444 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2888"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6968 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3088"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7412 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3628"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=8036 --field-trial-handle=2272,i,15895262647506042483,1819260806027930216,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
51 700
Read events
50 961
Write events
656
Delete events
83

Modification events

(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:writeName:6
Value:
01941A000000001000B24E9A3E05000000000000000500000000000000
(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5396
Operation:writeName:0
Value:
0B0E100933DE8FB6594745903F4EDC3C2B44D0230046F198C5D5B78CB6ED016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C91003783634C511942AD2120B6F00750074006C006F006F006B002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootCommand
Value:
(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootFailureCount
Value:
(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:delete keyName:(default)
Value:
(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:CantBootResolution
Value:
BootSuccess
(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:ProfileBeingOpened
Value:
Outlook
(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:SessionId
Value:
90DAD708-B605-4845-A6C4-89376D82CD0B
(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:BootDiagnosticsLogFile
Value:
C:\Users\admin\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16026_20146-20230209T1802460432-6544.etl
(PID) Process:(5396) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:ProfileBeingOpened
Value:
Executable files
15
Suspicious files
652
Text files
157
Unknown types
11

Dropped files

PID
Process
Filename
Type
5396OUTLOOK.EXEC:\USERS\ADMIN\DOCUMENTS\OUTLOOK FILES\OUTLOOK1.PST
MD5:
SHA256:
5396OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbresbinary
MD5:04034549973367577F3E4DC8D9057276
SHA256:52FF44B44B069200DCEEAEDE737E6503BAA797AEBE5F1DDAE38461B8FAD70E48
5396OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\FORMS\FRMDATA64.DATbinary
MD5:6D4DE3C5917BAA7B9B0C272974B2FD4E
SHA256:EA295E017CCCD7A740EE9B7BFED3CC7C0FBBE82C991C26C051F8B3F549AB2F14
5396OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C14273DC.datimage
MD5:65BDF0AB29AEEABF58F24D8D29F01370
SHA256:C014705E8FC63E60089A5CA1925B8BF318571F7B82F0756A1748596AD7891F8F
5396OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bintext
MD5:CC90D669144261B198DEAD45AA266572
SHA256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
5396OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9binary
MD5:2871E00FA381DEEDDD526C49C9DD0251
SHA256:8F04299146952F54957C31FAA7FE83B47E984201BDF58A02FDF3A87307A55E1A
5396OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:6950293E33A85585477EDCE33DA58821
SHA256:6A15AF6EECB18932D860628CCA2C4D79321779359DF4432AB38E4D20400ED433
7008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1d669c.TMP
MD5:
SHA256:
7008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1d669c.TMP
MD5:
SHA256:
7008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1d669c.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
47
TCP/UDP connections
177
DNS requests
176
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3992
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5396
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5396
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6704
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
3396
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3396
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4024
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4024
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6836
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
188
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
2080
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3396
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4656
SearchApp.exe
2.23.209.182:443
www.bing.com
Akamai International B.V.
GB
unknown
4656
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
5396
OUTLOOK.EXE
52.113.194.132:443
ecs.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3992
svchost.exe
20.190.159.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
www.bing.com
  • 2.23.209.182
  • 2.23.209.187
  • 2.23.209.135
  • 2.23.209.189
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.179
  • 2.23.209.183
  • 2.23.209.185
  • 92.123.104.17
  • 92.123.104.28
  • 92.123.104.31
  • 92.123.104.27
  • 92.123.104.29
  • 92.123.104.32
  • 92.123.104.30
  • 92.123.104.18
  • 92.123.104.21
  • 2.23.209.181
  • 2.23.209.144
  • 2.23.209.158
  • 2.23.209.150
  • 2.23.209.149
  • 2.23.209.141
  • 2.23.209.177
  • 2.23.209.176
  • 92.123.104.14
  • 92.123.104.8
  • 92.123.104.15
  • 92.123.104.11
  • 92.123.104.9
  • 92.123.104.10
  • 92.123.104.16
  • 92.123.104.33
  • 92.123.104.59
  • 92.123.104.65
  • 92.123.104.61
  • 92.123.104.38
  • 92.123.104.62
  • 92.123.104.34
  • 92.123.104.37
  • 92.123.104.35
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted
login.live.com
  • 20.190.159.68
  • 20.190.159.64
  • 40.126.31.69
  • 40.126.31.73
  • 20.190.159.75
  • 20.190.159.23
  • 20.190.159.4
  • 20.190.159.73
  • 40.126.32.134
  • 20.190.160.17
  • 40.126.32.72
  • 40.126.32.140
  • 40.126.32.136
  • 40.126.32.138
  • 40.126.32.76
  • 20.190.160.20
whitelisted
go.microsoft.com
  • 23.35.238.131
  • 184.28.89.167
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.14
whitelisted
roaming.officeapps.live.com
  • 52.109.68.129
whitelisted
omex.cdn.office.net
  • 23.48.23.11
  • 23.48.23.66
  • 23.48.23.18
  • 23.48.23.62
  • 23.48.23.30
  • 23.48.23.43
whitelisted
messaging.lifecycle.office.com
  • 52.111.243.12
whitelisted

Threats

PID
Process
Class
Message
2168
svchost.exe
Potentially Bad Traffic
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2168
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
7660
csc.exe
Domain Observed Used for C2 Detected
REMOTE [ANY.RUN] AsyncRAT SSL certificate
7660
csc.exe
Domain Observed Used for C2 Detected
ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
7660
csc.exe
Malware Command and Control Activity Detected
REMOTE [ANY.RUN] AsyncRAT Successful Connection
3840
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
3840
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RV ACTA REFERENTE Y DETALLES DE LA DEMANDA..msg