analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | phish_alert_iocp_v1.4.85.eml |
| Full analysis: | https://app.any.run/tasks/5e51f5af-95c4-4e7a-a4eb-650709f1f52a |
| Verdict: | Malicious activity |
| Analysis date: | May 20, 2022, 19:10:45 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | message/rfc822 |
| File info: | RFC 822 mail, ASCII text, with CRLF line terminators |
| MD5: | F5FF152E7D336E2E8E7E5A627F03D62A |
| SHA1: | 2AF425F262FFC5C7761F8DDA905F21C83BBE8999 |
| SHA256: | FAC4407EF2715620C4F00BB066E27285CB179CAB309385FCC0EB60D5AC0AD6D8 |
| SSDEEP: | 1536:5Dq17m8e6Mi0+uEel6VqMaUFfVPKV5MJ9aPFyDeGShrqVnMojj6tJHRaeu0dv+l:1f8b3uaVaKfVPKVQayDe+6JBVdv+l |
MALICIOUS
No malicious indicators.SUSPICIOUS
Checks supported languages
- OUTLOOK.EXE (PID: 2272)
- vlc.exe (PID: 2132)
Creates files in the user directory
- OUTLOOK.EXE (PID: 2272)
- vlc.exe (PID: 2132)
Searches for installed software
- OUTLOOK.EXE (PID: 2272)
Reads the computer name
- OUTLOOK.EXE (PID: 2272)
- vlc.exe (PID: 2132)
INFO
Reads Microsoft Office registry keys
- OUTLOOK.EXE (PID: 2272)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .eml | | | E-Mail message (Var. 5) (100) |
|---|
Total processes
39
Monitored processes
2
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2272 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\phish_alert_iocp_v1.4.85.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 Modules
| |||||||||||||||
| 2132 | "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\GF2P32AO\8005536457_20220519_174119.wav" | C:\Program Files\VideoLAN\VLC\vlc.exe | OUTLOOK.EXE | ||||||||||||
User: admin Company: VideoLAN Integrity Level: MEDIUM Description: VLC media player Version: 3.0.11 Modules
| |||||||||||||||
Total events
11 060
Read events
10 467
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
15
Unknown types
3
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2272 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR91A3.tmp.cvr | — | |
MD5:— | SHA256:— | |||
| 2272 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst | — | |
MD5:— | SHA256:— | |||
| 2272 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:409CCF400AC542332525CD8E78FC0C34 | SHA256:46A7587AC31FE351A3D08C0B04C81A716F3C0A5BE4D7FE6C8449F8C98A5F53B5 | |||
| 2272 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\GF2P32AO\8005536457_20220519_174119 (2).wav | wav | |
MD5:3E2A757DFC7D2CE39FA4AF6FC75D2381 | SHA256:F4522BE15D95E753ADA9FB15D40B68917C3AD54FE8D5A68C13EEA062639D8397 | |||
| 2272 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log | text | |
MD5:A5CE18637A5501212616CB8B042474F0 | SHA256:77492EFA71B3399EA62AF2EBAB20229A705D7E1D4C6814605A7FC8657ADAA664 | |||
| 2272 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_C8430EA9135AFB4B921AB0E132080400.dat | xml | |
MD5:BBCF400BD7AE536EB03054021D6A6398 | SHA256:383020065C1F31F4FB09F448599A6D5E532C390AF4E5B8AF0771FE17A23222AD | |||
| 2132 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini | ini | |
MD5:EDD58767CDBF6F9BCDFC9BCFCE65C181 | SHA256:72FC6C7BE380FD1BB9C13AF9F26CDCA6D7277E78DA56BAD5DEAD2687DFCDB005 | |||
| 2272 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_DB6B513E067100479AC7AD8246DCA35C.dat | xml | |
MD5:807EF0FC900FEB3DA82927990083D6E7 | SHA256:4411E7DC978011222764943081500FFF0E43CBF7CCD44264BD1AB6306CA68913 | |||
| 2272 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_3E23231752097F49B746403AE371C97E.dat | xml | |
MD5:B21ED3BD946332FF6EBC41A87776C6BB | SHA256:B1AAC4E817CD10670B785EF8E5523C4A883F44138E50486987DC73054A46F6F4 | |||
| 2272 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\GF2P32AO\8005536457_20220519_174119.wav | wav | |
MD5:3E2A757DFC7D2CE39FA4AF6FC75D2381 | SHA256:F4522BE15D95E753ADA9FB15D40B68917C3AD54FE8D5A68C13EEA062639D8397 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2272 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
config.messenger.msn.com |
| whitelisted |
Threats
Process | Message |
|---|---|
vlc.exe | main libvlc debug: VLC media player - 3.0.11 Vetinari
|
vlc.exe | main libvlc debug: Copyright © 1996-2020 the VideoLAN team
|
vlc.exe | main libvlc debug: revision 3.0.11-0-gdc0c5ced72
|
vlc.exe | main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=i686-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x86/contrib/i686-w64-mingw32/lib/pkgconfig'
|
vlc.exe | main libvlc debug: using multimedia timers as clock source
|
vlc.exe | main libvlc debug: min period: 1 ms, max period: 1000000 ms
|
vlc.exe | main libvlc debug: searching plug-in modules
|
vlc.exe | main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
|
vlc.exe | main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
|
vlc.exe | main libvlc error: stale plugins cache: modified C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll
|