File name: | WG Ihre Amazon.de Bestellung.msg |
Full analysis: | https://app.any.run/tasks/3957a4d2-f377-4f35-8955-4794a9539d63 |
Verdict: | Malicious activity |
Analysis date: | January 22, 2019, 13:49:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-outlook |
File info: | CDFV2 Microsoft Outlook Message |
MD5: | 4F060315D93E13B341A92396E8F75A1A |
SHA1: | 5FC97A1217113F7A506D81A0EA894EC305B852C7 |
SHA256: | FE92850B2D3C53F5F30AB87F4B10908AB83BF325D82AD5C890B2C41376F40037 |
SSDEEP: | 768:atpGUFkYehbonR0tW6P46JNB+ISUX96uBlZyjyi/97SX9Q:65k7RkReB7lbmjyi/hSX9Q |
.msg | | | Outlook Message (58.9) |
---|---|---|
.oft | | | Outlook Form Template (34.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2928 | "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\WG Ihre Amazon.de Bestellung.msg" | C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2928 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR8C96.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2928 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@amazon[2].txt | — | |
MD5:— | SHA256:— | |||
2928 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@amazon[1].txt | text | |
MD5:653FEF9604C7DD7FAE20E8B217917E82 | SHA256:C381C0EF6548E983136BCB5423AC5F01BB37D0F398F958BF93B9923E0D9863B3 | |||
2928 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:EFED14D048483AF67818AF7D4C704FCE | SHA256:295A62EAEFD639E0A47CD2ED2A489A5803AE1DBC868A5F10EE2ADB80F8DD552C | |||
2928 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\amazon[1].gif | image | |
MD5:7133623306663BABE2EA04A9EA03D696 | SHA256:AB574203051606604427AF17A4233BDD336C4D4B1F9803AE9CA59CAE510B0791 | |||
2928 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf | text | |
MD5:48DD6CAE43CE26B992C35799FCD76898 | SHA256:7BFE1F3691E2B4FB4D61FBF5E9F7782FBE49DA1342DBD32201C2CC8E540DBD1A | |||
2928 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\transp[1].gif | image | |
MD5:FB02F374B8F73825415DB1BCCD4BD76D | SHA256:CAA849B179BEFA2645A8E2C474D2E82A76777A3305315ECE911013E8EE9A916C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2928 | OUTLOOK.EXE | GET | 200 | 2.16.186.114:80 | http://g-ec2.images-amazon.com/images/G/01/abis-ui/merchants/amazon.de | unknown | image | 2.04 Kb | whitelisted |
2928 | OUTLOOK.EXE | OPTIONS | 404 | 2.16.186.114:80 | http://g-ec2.images-amazon.com/images/G/01/abis-ui/merchants/ | unknown | html | 85 b | whitelisted |
2928 | OUTLOOK.EXE | OPTIONS | 404 | 2.16.186.114:80 | http://g-ec2.images-amazon.com/images/G/01/abis-ui/merchants/ | unknown | html | 85 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2928 | OUTLOOK.EXE | 99.84.159.201:443 | images-eu.ssl-images-amazon.com | AT&T Services, Inc. | US | unknown |
2928 | OUTLOOK.EXE | 104.111.232.173:443 | www.amazon.de | Akamai International B.V. | NL | whitelisted |
2928 | OUTLOOK.EXE | 2.16.186.114:80 | g-ec2.images-amazon.com | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.amazon.de |
| whitelisted |
images-eu.ssl-images-amazon.com |
| whitelisted |
g-ec2.images-amazon.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2928 | OUTLOOK.EXE | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious DOC loader of embedded OLE from external source |
2928 | OUTLOOK.EXE | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious DOC loader of embedded OLE from external source |