IOC Report
You have been assigned a task.eml

Files

File Path

Type

Category

Malicious

You have been assigned a task.eml

multipart/mixed; boundary="===============6372313978696415606==", ASCII text, with CRLF line terminators

initial sample

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

SQLite Write-Ahead Log, version 3007000

modified

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9PJHFGTO\ Q1 Performance Summary and Analysis (002).shtml:Zone.Identifier

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9PJHFGTO\ Q1 Performance Summary and Analysis.shtml

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1714124240335060700_2F4993B0-5383-47C6-AA3F-C64361097689.log

ASCII text, with very long lines (28768), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1714124240335843200_2F4993B0-5383-47C6-AA3F-C64361097689.log

data

dropped

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240426T1137200130-6336.etl

data

modified

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Microsoft Outlook email folder (>=2003)

dropped

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

data

dropped

Chrome Cache Entry: 64

PNG image data, 1017 x 535, 8-bit/color RGB, non-interlaced

downloaded

Chrome Cache Entry: 67

HTML document, ASCII text, with very long lines (64557)

downloaded

Chrome Cache Entry: 68

PNG image data, 1350 x 1100, 8-bit colormap, non-interlaced

downloaded

There are 11 hidden files, click here to show them.

URLs

Name

IP

Malicious

file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9PJHFGTO/%20Q1%20Performance%20Summary%20and%20Analysis.shtml

Details

Name:	file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9PJHFGTO/%20Q1%20Performance%20Summary%20and%20Analysis.shtml
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Source:	browser
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
HTML page is missing a favicon	Phishing

https://todays-tasks-plan.vercel.app/#ZGF2aWQuYW5kZXJzb25Ad2VhcmV3b3Jrc3BhY2UuY29t

Domains

Name

IP

Malicious

project-2024-tasks.membership-6e8.workers.dev

104.21.70.6

Details

Name:	project-2024-tasks.membership-6e8.workers.dev
IP:	104.21.70.6
TargetID:	13
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

a.nel.cloudflare.com

35.190.80.1

Details

Name:	a.nel.cloudflare.com
IP:	35.190.80.1
TargetID:	13
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

d15shllkswkct0.cloudfront.net

18.64.171.116

Details

Name:	d15shllkswkct0.cloudfront.net
IP:	18.64.171.116
TargetID:	13
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

142.250.217.164

Details

Name:	www.google.com
IP:	142.250.217.164
TargetID:	13
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

login0nline.cheapbandgear.com

104.21.94.122

Details

Name:	login0nline.cheapbandgear.com
IP:	104.21.94.122
TargetID:	13
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

todays-tasks-plan.vercel.app

76.76.21.241

Details

Name:	todays-tasks-plan.vercel.app
IP:	76.76.21.241
TargetID:	13
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

sni1gl.wpc.sigmacdn.net

152.195.19.97

IPs

IP

Domain

Country

Malicious

52.113.194.132

unknown

United States

104.21.94.122

login0nline.cheapbandgear.com

United States

192.178.50.67

unknown

United States

1.1.1.1

unknown

Australia

76.76.21.241

todays-tasks-plan.vercel.app

United States

51.104.15.253

unknown

United Kingdom

104.21.70.6

project-2024-tasks.membership-6e8.workers.dev

United States

152.195.19.97

sni1gl.wpc.sigmacdn.net

United States

192.168.2.16

unknown

unknown

173.194.215.84

unknown

United States

142.250.217.164

www.google.com

United States

142.250.217.174

unknown

United States

239.255.255.250

unknown

Reserved

23.208.28.161

unknown

United States

35.190.80.1

a.nel.cloudflare.com

United States

52.111.227.28

unknown

United States

18.64.171.116

d15shllkswkct0.cloudfront.net

United States

There are 7 hidden IPs, click here to show them.