File name: | Details for Next Scheduled Date .msg |
Full analysis: | https://app.any.run/tasks/7762f30e-1a60-40db-9e12-ab1bf156a2bf |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 19:53:52 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 1E82CE204684D0CE4028EDA6E526041A |
SHA1: | 1D5C66AFBC3B12B5AE277B827E6620F7EE4CE11E |
SHA256: | F952905C95C3B5D547FA8E813AAC9036A2F69DCE4418AB3E12463B198C70E6B8 |
SSDEEP: | 6144:N0dD52xX5D/Mvx/BdDrE/+pK8WuUyKvZ1ABboEBbikG72s/6qHf6+ftgDoPO63Rj:NUGR/MvxXD4G0X6epf4T0ZFJbwU |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3532 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\Details for Next Scheduled Date .msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
4072 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\O45GRG6B\PO.iso" | C:\Program Files\WinRAR\WinRAR.exe | OUTLOOK.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
4000 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa4072.46687\PO.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa4072.46687\PO.exe | — | WinRAR.exe |
User: admin Company: ubisOFT Integrity Level: MEDIUM Description: stransporterne Exit code: 0 Version: 6.08.0008 | ||||
2700 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa4072.46687\PO.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa4072.46687\PO.exe | — | PO.exe |
User: admin Company: ubisOFT Integrity Level: MEDIUM Description: stransporterne Exit code: 0 Version: 6.08.0008 | ||||
3916 | "C:\Windows\System32\colorcpl.exe" | C:\Windows\System32\colorcpl.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Color Control Panel Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3120 | /c del "C:\Users\admin\AppData\Local\Temp\Rar$EXa4072.46687\PO.exe" | C:\Windows\System32\cmd.exe | — | colorcpl.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3532 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR9AED.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3532 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\O45GRG6B\PO (2).iso\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
3532 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:68EEB150FF5A30F246253EC41299DB7F | SHA256:3AAE4E2448AE8612568414F286BDE0ACD9CDBAF7E2EBAB1D5DF0C25D0F040FC8 | |||
4072 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa4072.46687\PO.exe | executable | |
MD5:71F91C6E0BB3E1BAD447E03F2497F4C3 | SHA256:49371FAF3788B443E1EE7A3672462AD80233085DBF0215FAC33E617D25C85A6A | |||
3532 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_E15AD21F8B3EA04EB23DF3A769BEC26F.dat | xml | |
MD5:EEAA832C12F20DE6AAAA9C7B77626E72 | SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16 | |||
3532 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_8099E0CD16D4B64191B558BC0DD9A3E1.dat | xml | |
MD5:807EF0FC900FEB3DA82927990083D6E7 | SHA256:4411E7DC978011222764943081500FFF0E43CBF7CCD44264BD1AB6306CA68913 | |||
3532 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_8906F323CE71674DA070AAA58F54D943.dat | xml | |
MD5:BBCF400BD7AE536EB03054021D6A6398 | SHA256:383020065C1F31F4FB09F448599A6D5E532C390AF4E5B8AF0771FE17A23222AD | |||
3532 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\O45GRG6B\PO.iso:Zone.Identifier | text | |
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B | SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 | |||
3532 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\O45GRG6B\PO.iso | compressed | |
MD5:A446E7A52F913D02DD1D9FEDCEA30BA5 | SHA256:8C1651A40010926F39FC347F153AD9743E44FD028328D05E93568CCB414D18BF | |||
3532 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\O45GRG6B\PO (2).iso | compressed | |
MD5:A446E7A52F913D02DD1D9FEDCEA30BA5 | SHA256:8C1651A40010926F39FC347F153AD9743E44FD028328D05E93568CCB414D18BF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3532 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3532 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
www.rains.ink |
| unknown |