Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

ce3354b1-93ec-e915-68c1-d433ef99e98a.eml

RFC 822 mail, ASCII text, with CRLF line terminators

initial sample

Details

Filetype:	RFC 822 mail, ASCII text, with CRLF line terminators
Entropy:	6.137443478930007
Filename:	ce3354b1-93ec-e915-68c1-d433ef99e98a.eml
Filesize:	17309
MD5:	64ae1db66e7f4a9df7f463ecea7599f1
SHA1:	5ffd427acfbb8ab48b5a25e50d4648b26379b7c2
SHA256:	912d7c59aac9f3c48bb47b219698284b8537d8c41cc453e97b259fe5dcb0c95a
SHA512:	bc3c52c32d419729f2ac79fa4acb315ad15bbd6886f9dfb7e2f320623d205a0e8c5ae1d7dff89ea797f0bbb29fa1e338b7b92b32c9535e90520a06afdb7c7ad6
SSDEEP:	192:a7SpWbzNZuM492r09sZZdo/sAB59S0kq8jT0ub01RwMczz5W0TXA7RGDXsWbSKAG:RWXn34Ci/nBVkq8jRaRwFH5Y7zKzM5I
Preview:	Received: from YT4PR01CA0007.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:d1::14).. by SJ0PR12MB8138.namprd12.prod.outlook.com (2603:10b6:a03:4e0::7) with.. Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.4

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

data

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
Category:	dropped
Dump:	FRMCACHE.DAT.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	data
Entropy:	4.384344852256023
Encrypted:	false
Size:	231348
Whitelisted:	false

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators

modified

Details

File:	C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
Category:	modified
Dump:	CatalogCacheMetaData.xml.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
Entropy:	5.085315830518751
Encrypted:	false
Size:	1869
Whitelisted:	false

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

data

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
Category:	dropped
Dump:	MSO3072.acl.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	data
Entropy:	1.2389205950315936
Encrypted:	false
Size:	30
Whitelisted:	false

C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Category:	dropped
Dump:	CUSTOM.DIC.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	2.699513850319966
Encrypted:	false
Size:	14
Whitelisted:	false

IPs

Domain

Country

Malicious

52.113.194.132

unknown

United States

52.111.229.96

unknown

United States

13.89.179.9

unknown

United States

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ce3354b1-93ec-e915-68c1-d433ef99e98a.eml

Files

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportce3354b1-93ec-e915-68c1-d433ef99e98a.eml

Files

IPs

IOC Report
ce3354b1-93ec-e915-68c1-d433ef99e98a.eml