File name: | iCal-201972.ics |
Full analysis: | https://app.any.run/tasks/b321d34d-8a58-4041-b463-72fb48d37307 |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 15:36:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | text/calendar |
File info: | vCalendar calendar file |
MD5: | FB0F5257D9BBB60BF5DC2ED7FBC4481C |
SHA1: | 5DEC6C33CA13FE0052E70D1B748F45B329E2C401 |
SHA256: | E976AB28340AB965E1E1A6EE8015B94FD8E33D6EA249F84B64E8392909EF7CDB |
SSDEEP: | 48:Egfo6ej19yn1l6b1d4Z1lN41dm8Cj1ILNKb13fE1+M/QK1lZs1hdI1woIWvn1tdb:Egf2jenubUZN4d8CNO5Ef/QKdstIKQvt |
.ics/vcs | | | iCalendar - vCalendar (100) |
---|
URL: | - |
---|---|
UID: | 7F1AD3AB-9A08-4DB9-9DAC-4B4603C0BBB2 |
Summary: | Audit Committee Meeting |
SequenceNumber: | - |
Organizer: | mailto:2_HAYDINBRGAZDKMJYGA2DIMJQGKJTW4JAC2N4N4OFMGWHOHXCGBFRNW6BPTVRHVPHO7LFGPETOJFIG@imip.me.com |
Location: | Room - Ames 416 - Executive Conference Room w/VTC |
ModifyDate: | 2019:05:08 13:23:11Z |
DateTimeStartTimezoneID: | America/Chicago |
DateTimeStart: | 2019:08:02 08:00:00 |
DateTimeStamp: | 2019:05:09 00:33:48Z |
DateTimeEndTimezoneID: | America/Chicago |
DateTimeEnd: | 2019:08:02 09:15:00 |
Description: | "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." |
DateCreated: | 2019:05:08 13:23:11Z |
Attendee: | mailto:[email protected] |
VCalendarVersion: | 2 |
Method: | REQUEST |
Software: | -//CALENDARSERVER.ORG//NONSGML Version 1//EN |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3384 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /ical "C:\Users\admin\AppData\Local\Temp\iCal-201972.ics" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRE40.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\~DFF4D2E5F643F96353.TMP | — | |
MD5:— | SHA256:— | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\~DF20C11039AB99564D.TMP | — | |
MD5:— | SHA256:— | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D1EFD586-25E6-4E99-AF85-C81F2A4F49A9}.tmp | — | |
MD5:— | SHA256:— | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:6580CE879103BB625E30EBB6B4D178DC | SHA256:76BEC5544CB2E7050E933074D6C76F9D021CDEEFBDF9AB8963D5EE6182BE4142 | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019051520190516\index.dat | dat | |
MD5:DBB1CEA36B7AA6CAA3DA4ACB8E620492 | SHA256:13414FF8860237435228EC19F6821401614D7B93E1132DDB6C07D85979E9C745 | |||
3384 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\~Outlook Data File - NoMail.pst.tmp | binary | |
MD5:57DFC85AC6EBBF9B058DE2AEF5EDA538 | SHA256:7E36B40A21DB0151BE744903446E551B93304B23FE98301B52C9A72D1D219EBB | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.srs | srs | |
MD5:29DD665E7F5C5482307B1C8E75E42150 | SHA256:077225A20B182199376F9E8FBC6AA400B3EC59B86D56EC4DAFD584966EEE8A2C | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml | xml | |
MD5:9E6AF9F761A5CF7CD065483CB168D331 | SHA256:3C471793CB044388056F168B605BF9ED234F7EEF5C79F9C206624730BE3F3109 | |||
3384 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\mso1278.tmp | html | |
MD5:A8934077843220A8E31367C7BBE15E6C | SHA256:A2DB0201D36F07F3F99D1ADF8B8EAFB9CF9BB803D024FCC9327B77AF56346861 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3384 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3384 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |