Windows
Analysis Report
Quarantined Messages (17).zip
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- rundll32.exe (PID: 4800 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- OUTLOOK.EXE (PID: 4196 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\Ap pData\Loca l\Temp\Tem p1_Quarant ined Messa ges (17).z ip\c8d6f34 8-2c7f-437 3-d490-08d c6d99c1ea\ 3776921e-2 a18-2cd4-a aec-da6b08 1172ed.eml " MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 6368 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "F93 4068C-7290 -4272-93EB -0EABEDB4C 2FD" "72FE 0D74-B04C- 4033-BC1B- 8AD57BC871 D2" "4196" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
- chrome.exe (PID: 7048 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\Desk top\summar y_06-May-2 024_08-02- 35.htm MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4780 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2128 --fi eld-trial- handle=184 4,i,419478 0321943637 23,1640637 8703367206 043,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Window created: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File read: |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Clipboard Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 Process Injection | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.251.215.228 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| low |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
20.42.73.30 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
74.125.20.84 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.215.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.69.195 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.69.206 | unknown | United States | 15169 | GOOGLEUS | false | |
104.98.118.147 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
52.109.20.39 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.109.0.142 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.109.0.91 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1438235 |
Start date and time: | 2024-05-08 13:55:39 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Quarantined Messages (17).zip |
Detection: | CLEAN |
Classification: | clean3.winZIP@17/28@2/34 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 52.109.0.91, 52.113.194.132, 52.109.20.39, 104.98.118.147, 52.109.0.142
- Excluded domains from analysis (whitelisted): omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, osiprod-wus-bronze-azsc-000.westus.cloudapp.azure.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, wus-azsc-config.officeapps.live.com, officeclient.microsoft.com, osiprod-scus-buff-azsc-000.southcentralus.cloudapp.azure.com, a1864.dscd.akamai.net, wus-azsc-000.odc.officeapps.live.com, ecs.office.com, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, us2.roaming1.live.com.akadns.net, ctldl.windowsupdate.com, scus-azsc-000.roaming.officeapps.live.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, us2.odcsm1.live.com.akadns.net, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, prod.odcsm1.live.com.akadns.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetValueKey calls found.
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.392920726592617 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8BB9926EE3C37371AB7EEEA516B92A5A |
SHA1: | 880C45BD955F4EFC7F491285EB64E0ABBB605113 |
SHA-256: | 67556CA56EB5BA1FABB15F19837ADF60A3158D073E72EC4E409A5DE0E361098B |
SHA-512: | 4B11894D9E99260B82FA9BDE3662007D3EE386566CEE19E6595688A8916316A992F85ABA6EC479C83BB26E75C692D118454580FB12A554968F2EC1BE321E199E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.4464393446710155 |
Encrypted: | false |
SSDEEP: | |
MD5: | 03E09EE0579B85405C52E3901C75B3E3 |
SHA1: | AF3AE06248C69A85189D5EBA6CE993056E8BF36E |
SHA-256: | 700FB13BDDF16511DAA4CD4F448579E036973668F02161406B9E14E36722F665 |
SHA-512: | 3966548E957F94EEF5DA16AA93BB9C181AAC98ACD1B7DE6724C5C9A4CE9885BF762EACAA01FA5934CBC9052277434899F1F017D47EDA2BBA2182CC5FCCFA24AF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.CampaignStates.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1538 |
Entropy (8bit): | 5.170046666246265 |
Encrypted: | false |
SSDEEP: | |
MD5: | F903C4A051E8AA36E9E085B08D1BC55E |
SHA1: | FF9AF9BBA28D4F3FF2238A64425CABE8123250AB |
SHA-256: | 59D97433D58543D3CAE4BFDF9AC0DC6990A99BFB10D118B0D62D32DA15D30968 |
SHA-512: | 7B9A526C71B8DF94CF6556AB827C07E2265ACF6F81B4A12B3303ACCD6601C92735ECAA0F4AD5DC054FD1E7EA19B29FC220F41213822CD04E71DC27FDA8C9027B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.GovernedChannelStates.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 740 |
Entropy (8bit): | 4.578658879460996 |
Encrypted: | false |
SSDEEP: | |
MD5: | 439A34DE8DA5C04AF25AADB84A2120D4 |
SHA1: | F12F9FF6E03A5762BD03061557029446680B1DAE |
SHA-256: | 32B560C75C25C6F56C0439F67A3FA7D4F271F07B435EE41575A3D82C6C612880 |
SHA-512: | BE704CD0DF8041945D16B8103135650B33D5E97D6F7C202E9C9499C3AE57E33855C2CC3A8F73B578DB482F47026C756F1FAA411A2CC58B5E53CE23CD24229834 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 87 |
Entropy (8bit): | 4.576828956814449 |
Encrypted: | false |
SSDEEP: | |
MD5: | E4E83F8123E9740B8AA3C3DFA77C1C04 |
SHA1: | 5281EAE96EFDE7B0E16A1D977F005F0D3BD7AAD0 |
SHA-256: | 6034F27B0823B2A6A76FE296E851939FD05324D0AF9D55F249C79AF118B0EB31 |
SHA-512: | BD6B33FD2BBCE4A46991BC0D877695D16F7E60B1959A0DEFC79B627E569E5C6CAC7B4AD4E3E1D8389A08584602A51CF84D44CF247F03BEB95F7D307FBBA12BB9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyEventActivityStats.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.378783493486176 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6CA4960355E4951C72AA5F6364E459D5 |
SHA1: | 2FD90B4EC32804DFF7A41B6E63C8B0A40B592113 |
SHA-256: | 88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3 |
SHA-512: | 8544CD778717788B7484FAF2001F463320A357DB63CB72715C1395EF19D32EEC4278BAB07F15DE3F4FED6AF7E4F96C41908A0C45BE94D5CDD8121877ECCF310D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\25AB4A9A-DF95-44A4-B233-041BAA334CB6
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 166208 |
Entropy (8bit): | 5.340932080221233 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3FB17A70F8E429DBCF8B535B8A8FF6E3 |
SHA1: | 85A0EE72E9925F1C42ACADCF41A968DAD2B2F6F0 |
SHA-256: | 891A4F284AF2F82A570C966120C8DB6BA478C98204BAF3161485576A3FA52BD3 |
SHA-512: | 86AC29E6D4AB456A1CBACFB0D70917A36A6F3A47477BBC81AE6FD7026689A36B1C228F91059EA3375EF401FDA79013845B770CF2329A96856CB5FCDFE50A9C58 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.09304735440217722 |
Encrypted: | false |
SSDEEP: | |
MD5: | D0DE7DB24F7B0C0FE636B34E253F1562 |
SHA1: | 6EF2957FDEDDC3EB84974F136C22E39553287B80 |
SHA-256: | B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED |
SHA-512: | 42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.1384465837476566 |
Encrypted: | false |
SSDEEP: | |
MD5: | EE33954AEBE8D5C0F22711EC5570B8F2 |
SHA1: | 55B686BAF6108DCD2899A06FA8590F0302C470D1 |
SHA-256: | 88E37F82310BE2E817D29810D36EE6B0B946891C34425BB8FEB376133C7741B3 |
SHA-512: | E7D600A59956DF752E8AE9ADCC5EAE346E89D98D09BBA8170A5309D9DDDA2ED5402374E470BA2899AE15C8B51BE8C8B5B9975DF9F6A189BBDF25A06D8CEEA321 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04486648292292196 |
Encrypted: | false |
SSDEEP: | |
MD5: | D292E402BACE99B056EB8068A044E3AE |
SHA1: | 92F88DC41882D1F94B0A018E167A2BFCB3ED3692 |
SHA-256: | 7FF2F2D4A7756B37048A91B6AEC485D3921767CC265B055D0A2A60752BFA5668 |
SHA-512: | EB0CE240C1FD543903345AFEEA3FEB387EB4D96FC1A81EAF1C7CD4A3AC4E279F207DE3440110D81B636DF5724B9EE6B5DFE303600778E64807E373ACA2E886E0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 45352 |
Entropy (8bit): | 0.3947019065830845 |
Encrypted: | false |
SSDEEP: | |
MD5: | B06B703E855590C3CD24D7A2F72D6F20 |
SHA1: | B20E04F517D5E1D348782B8537939AEA94B4EE31 |
SHA-256: | 5CF9768CF8E840D50D759E30E1FAC5FF75C0AE1949F5C5A5520D2C9B78613AB6 |
SHA-512: | E0754297814642AF508FF8955CB689D5EC600C221CF0EC332B9673B2AC5A39BC75C7C79F5D93F5EBE749E4CB831BF79B8E87BF6C967E07482F22A2371041AF09 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\WG1H6521\summary_06-May-2024_08-02-35.htm:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1715169375681586600_49E01608-A0CF-4AE7-9046-9786213DC423.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.1586409682161881 |
Encrypted: | false |
SSDEEP: | |
MD5: | DE485029B05C7EADA76B8A2750840B63 |
SHA1: | EB1558A7373C01B777D93ED28F4C8E626B80F909 |
SHA-256: | F576C09D8BB7EB3FA17E1E1292849ED337725175B586561E776FA6E40053BE21 |
SHA-512: | 608A775E99F5D4D2614C5CC2DB321E4BFE7281333A3CB7CFC6677F85DAA3462D1E02378885D68392A2C836FD2AFE3A95F9D709DD72E63C588B9F218A963A9EBB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1715169375682376700_49E01608-A0CF-4AE7-9046-9786213DC423.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240508T1356150468-4196.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 4.468389116322039 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3DAB2B7976C411A409B8768570CCAE55 |
SHA1: | D149D4C7FB5B0393D010D616ED7CA7CD66C84D69 |
SHA-256: | 044D3C69AF00769CDEFE469244586C23A394A4E490D1989C7C6A16E6236C2219 |
SHA-512: | 4CB5D595F08B07657310067F7409B8E10BC837243BBBA514462707D32F4AE94E576D8E8198D482CBA527A6D6FE159B3A80C2F7FB24DC2440A83C9044FEF2233F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | FC7ABB379A2629368CC6CCF69F845D06 |
SHA1: | 02CF336266971747009F5442D5C64413B0C075C4 |
SHA-256: | 36FF6FED591DA8E5DCF36363002800ECBFD1F7FDF11308798A836B4A6153E91C |
SHA-512: | 6EC09FA3DCF3ED1B4D7D8E60DEA2D4EE7EDA1FD26FEF946467415F47A1889B6A13325F1EDA0F5877FE19FEA2E7F8B996ADCD85F2EB0755BDBE766F1D6B151B2D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 2.016991364538616 |
Encrypted: | false |
SSDEEP: | |
MD5: | 99999DA4784866D5E506282111EE6E60 |
SHA1: | 863F43D1BE8281DB3B77868056132F59192756A4 |
SHA-256: | 76386788439BC34A80560BE9C02DC7CE26CB45DC46C6E63995E66C0316CA22D1 |
SHA-512: | 5D3EE571CA1405780CA0A08756BC6F6F4814EC8CF2E1A03E6182ACE67947BF1E2B9373429A251B9FC5EC7F7E9D1C43A61BFF78EB71CA50F8F9C09C75235A9EFE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 219FAEC747E0EFCA440608B929B8976F |
SHA1: | C5DC40B87E535AB0DE3D22ED05DA67955F527EF1 |
SHA-256: | 19EA0ADF8A99FAECE22208FD0772B244D7F5E4E28B40F40591E6A2A8BEC7306E |
SHA-512: | 68E788B1320AA529B73AF798788F8B3AD1F31C6165FB3AF10A7337FD9919AE0D31E629ABEDD1D471E08E86DA65BA641E0CB5D0052426934BBA29440F62D7F5BC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 162 |
Entropy (8bit): | 3.7946653282965834 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9837AA83873AEB431B42022ADCFF8C32 |
SHA1: | 15691DBC198B8675163AA0B11E447410AE6AD054 |
SHA-256: | 7CD4CBEA04F2E548860D3C699F109ECD8B62D40FF4E30E1A12DC55F58D2BBAC7 |
SHA-512: | 3C7362FC8DDAC8B75368E38F568A38AE3711C497F013881B57332EEBCF8746D83B59559407F95177F83D8DCBFB5547CC7C5E0B8865E72C07ECB2CD150E524DB5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 19616 |
Entropy (8bit): | 7.477689097108452 |
Encrypted: | false |
SSDEEP: | |
MD5: | 219FAEC747E0EFCA440608B929B8976F |
SHA1: | C5DC40B87E535AB0DE3D22ED05DA67955F527EF1 |
SHA-256: | 19EA0ADF8A99FAECE22208FD0772B244D7F5E4E28B40F40591E6A2A8BEC7306E |
SHA-512: | 68E788B1320AA529B73AF798788F8B3AD1F31C6165FB3AF10A7337FD9919AE0D31E629ABEDD1D471E08E86DA65BA641E0CB5D0052426934BBA29440F62D7F5BC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9892065017626828 |
Encrypted: | false |
SSDEEP: | |
MD5: | F2D788F6A7A63D1EB5A6E060193B6FBC |
SHA1: | 454CD472FDDB6471AA105F8C2F7B9AEEFEBEFBA1 |
SHA-256: | 1E303CF60ECDA7A5F594AB7FBD5D5EB425899443C857A89AEC6933C53612E41F |
SHA-512: | F0873978ACE62757952C28306E93A91148E4236C816767287819E473267528478889EEA0A8A62B47E7B6D6CD1D16E3ABBDE3C1D9989D2145F302687334435107 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.004885936185409 |
Encrypted: | false |
SSDEEP: | |
MD5: | CAC78A8F1DEBDC2694A9DF52C4318BDA |
SHA1: | 56DFA7F18DCF23468785962F54878098130BE3DE |
SHA-256: | CD2F6E3D74EDB046712D01F4F615B37C6A3D14756A6BE63AFFE101D3705A3524 |
SHA-512: | EBD07358E2C9013E4EFE8A09927700EBF71F19E5824E8CFFBA53A32DBEB1AF331E35F46ADCEDD8B4FC406E4C92879840BD9FB8EAD840EAF210A4AB5B20FAECE4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.011299723680317 |
Encrypted: | false |
SSDEEP: | |
MD5: | 23255AF2F4771D65B4CFF39F72EDFB07 |
SHA1: | AEE58FB5085A519003B56453D82DC5DB01C5A02D |
SHA-256: | 5DB6A3AB4071F8C412CA05D7CCBED12018C01E02962EF4A7BA5A47CB0B38028F |
SHA-512: | A0B2ED4A6FF1DD5E6A706A9D81F0A16D17338C2074C1802E86DE94E6D1F82306196D98C84B1BFC1077F8021062D6C95FC49F6578F67882BCA886AAED43D4698E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.000393251286238 |
Encrypted: | false |
SSDEEP: | |
MD5: | B266D74FE8CFF35A5B0AC685634D20EE |
SHA1: | 7157F1B9B620D5243A80A4518B42B64B56AA2C8B |
SHA-256: | C125C95267D50081418382A2EE176E5B8389416014485A03392A4678F02C65C7 |
SHA-512: | 49482F686B5E2A1B50AAD8033A3A68326ECBC435FBA863D02F93E2B2E17227745FFE906A7C0EA3ED8B9997288A3447D99C2383C41F2CCAA8D7EA5F83BAE45262 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9902501281696683 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8BE82B98E045F4406252C81FF042E612 |
SHA1: | 67380115253B6B4C29011586EB277D859A4F5B72 |
SHA-256: | D2DFC07F4C7522B9809788E8403095C67F153587F3F4F43BF15E74731700EBD0 |
SHA-512: | FC1D300CA593094928DFF869D004A1E1B61C853448B53DB44537E2147F391506859D523BE22B16A0EC4743840CEE48475B1478183190AB4B9062588D852F5EA2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.000277118108726 |
Encrypted: | false |
SSDEEP: | |
MD5: | EAD11C485AB6AB49FD60CD7CA38325E6 |
SHA1: | 12800527BD52AEDD9DE2FB0F96EC4675960B44A1 |
SHA-256: | D10461BA3DC27EB9FDFA0D956D43F3B3E721A66015C4838A98520FAD51A34B2D |
SHA-512: | 356CF6CB7946B8957B2BB50DBFA97225F26CCA9F3EA8E4344DA6C4474C33977BB83FDDDD588F21EDF1A26E3832E7455FD5163A1A61861A6AFE83199447D1768D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 1.6315852698898985 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6E80FDC36BB0E5EB23DB02B5A3B15AAA |
SHA1: | 109CBB892955004174326EFB3B4BC761B9D3B624 |
SHA-256: | 3945D8B9BE3C165E16E430C97A77ED306FFA7583FF9C911BA6BA066A009AEE81 |
SHA-512: | A08B9F6D5F883488A70A9D136B0A951CE65D41DE5CB990F3F4E94963D6B16F36D9CBC7B557619BDF673BB649E6C8CAC83A05379843309B0C49EC5B743695F148 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 2.1255861475676254 |
Encrypted: | false |
SSDEEP: | |
MD5: | C43247D1718780FA1912F1713C39C627 |
SHA1: | 62433530D0E5F068A4E1D60B9127A34E4882945D |
SHA-256: | B8BB5C9B007C41E27AE45566C85634C7AD7F3FCE446B23C487CDC8CEAEF93921 |
SHA-512: | A499A19F3EB7BC3069ED49773B590EB0894F777F6D7B5EA75339E5DD2684EA57174ADACC61BFEA8271F3288FF0A9F6963CD832A102126D4207E7D0C475382FF5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.988670393301542 |
TrID: |
|
File name: | Quarantined Messages (17).zip |
File size: | 20'039 bytes |
MD5: | 0e470fd94fe661e546140b0111a37e48 |
SHA1: | 126377a97ec72294bafef89bcb02955996964f7f |
SHA256: | 02f88e0effb254717f1b1ed9264e3a6ec0118eee0854e900979303b277e1724f |
SHA512: | b6260a36b58e82e481fb0f4bc35a29dcf62ab18434acf851e74c01be89fdeba6fb7aa8cf2d27f1ccb1917a37aad1d75f55b68ad4a03bd2d6eefd2875f7605d0b |
SSDEEP: | 384:gUf12VkQNuqsF8uh8kzpgqqH8EamQn5GP8+gRqeU3v:gUf1tQNsFVh8kiH8EE0U+gRqvv |
TLSH: | 9792F1EA974E0958AA5D13370153B768193DC0F712C112ACBAE71A36D4FEF09CA0AC1B |
File Content Preview: | PK..-......^.X_.c.........M...c8d6f348-2c7f-4373-d490-08dc6d99c1ea/3776921e-2a18-2cd4-aaec-da6b081172ed.eml....M........M........&M...*..y.Q..K....#....O\...A.,>)r.X!...[.....#...|....]_s+d......{n..;.h7]..*@]..._Z7 ....?.......e.q...w....d..:..P.ml.9jB.J |
Icon Hash: | 1c1c1e4e4ececedc |