File name: | SURS help for Moraine Valley Community College personnel.msg |
Full analysis: | https://app.any.run/tasks/5d86b9ed-bd05-4aa1-b397-3bd8e8e961b8 |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 13:55:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 3821F7720E24D71BFB0ECB751F65CF12 |
SHA1: | 1A9907011D75BF856FD1ABC9EA5571011958E772 |
SHA256: | EE03C3897CC6A09D55CDAB6FE711BDE9002C7EB7426D1D4368B772144B40794E |
SSDEEP: | 384:NRKLi/6aqysKysK73oUxdGdT0ZMWqzvIesPRtY7Ou+MmBZV:WVaqysKysK73oIrZMWqjIeyu+MmN |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2420 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\SURS help for Moraine Valley Community College personnel.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
1600 | "C:\Program Files\Internet Explorer\iexplore.exe" http://app.publicemployeeretirementassistance.com/index.html#appointment/284ac2c9-31bf-4c5b-abf8-817f70f83413/unsubscribe | C:\Program Files\Internet Explorer\iexplore.exe | OUTLOOK.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3048 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1600 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2420 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVRA4C6.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1600 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1600 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2420 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:6EF521B6D15BB2276018E3CF83FA691C | SHA256:2466017849B8AA376CD61882B2143D2EBF2B7C90377DF77FADC6998C13640756 | |||
2420 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:7F2970A6CE0328F79C79E35CBAC18565 | SHA256:46C88BF6F81690E6E8A6B3DDB1A48FD3BDBB647CD8B38F670EE9EBDF36F00708 | |||
3048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:385E7D61F607D62BCAC12DA3C624FD0D | SHA256:8932AFEFA90794C124BCBBE8FFB080B4E3325CC8209E4ABA8D4804631DAA9D65 | |||
3048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:BB862B1C182943E955B7E3A55C5452B7 | SHA256:B69E4E2AB7F8FB605460282B33AA2529AD243F322C2F6DA493C7A700F5AC7A88 | |||
3048 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8JZUG7K0\index[1].htm | html | |
MD5:D94480BC874E0B386966ECCC6FF5ABC4 | SHA256:FF6D629ACDEC1ED44FAF31A52B0EA0FB2EA434F3410398319959364CB3EBE1B3 | |||
2420 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf | text | |
MD5:48DD6CAE43CE26B992C35799FCD76898 | SHA256:7BFE1F3691E2B4FB4D61FBF5E9F7782FBE49DA1342DBD32201C2CC8E540DBD1A | |||
2420 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_762194A6ED28374583AE337D84C3A40D.dat | xml | |
MD5:B21ED3BD946332FF6EBC41A87776C6BB | SHA256:B1AAC4E817CD10670B785EF8E5523C4A883F44138E50486987DC73054A46F6F4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2420 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
3048 | iexplore.exe | GET | 200 | 68.168.96.100:80 | http://app.publicemployeeretirementassistance.com/assets/stylesheets/pages.min.css | US | text | 6.10 Kb | unknown |
3048 | iexplore.exe | GET | 200 | 68.168.96.100:80 | http://app.publicemployeeretirementassistance.com/lib/font-awesome/css/font-awesome.min.css | US | text | 5.26 Kb | unknown |
3048 | iexplore.exe | GET | 200 | 68.168.96.100:80 | http://app.publicemployeeretirementassistance.com/assets/stylesheets/themes.min.css | US | text | 24.2 Kb | unknown |
3048 | iexplore.exe | GET | 200 | 68.168.96.100:80 | http://app.publicemployeeretirementassistance.com/index.html | US | html | 1.02 Kb | unknown |
3048 | iexplore.exe | GET | 200 | 68.168.96.100:80 | http://app.publicemployeeretirementassistance.com/assets/stylesheets/pixel-admin.min.css | US | text | 41.7 Kb | unknown |
3048 | iexplore.exe | GET | 200 | 68.168.96.100:80 | http://app.publicemployeeretirementassistance.com/assets/stylesheets/splash.css | US | text | 663 b | unknown |
3048 | iexplore.exe | GET | 200 | 172.217.23.138:80 | http://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,400,600,700,300&subset=latin | US | text | 167 b | whitelisted |
3048 | iexplore.exe | GET | 200 | 68.168.96.100:80 | http://app.publicemployeeretirementassistance.com/lib/require/require.js | US | text | 19.7 Kb | unknown |
3048 | iexplore.exe | GET | 200 | 68.168.96.100:80 | http://app.publicemployeeretirementassistance.com/assets/stylesheets/rtl.min.css | US | text | 7.55 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2420 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
3048 | iexplore.exe | 172.217.23.163:80 | fonts.gstatic.com | Google Inc. | US | whitelisted |
1600 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3048 | iexplore.exe | 172.217.23.138:80 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3048 | iexplore.exe | 68.168.96.100:80 | app.publicemployeeretirementassistance.com | Codero | US | unknown |
1600 | iexplore.exe | 68.168.96.100:80 | app.publicemployeeretirementassistance.com | Codero | US | unknown |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
app.publicemployeeretirementassistance.com |
| unknown |
www.bing.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
dns.msftncsi.com |
| shared |