Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Fwd_ Payment_Confirmation.msg

CDFV2 Microsoft Outlook Message

initial sample

Details

Filetype:	CDFV2 Microsoft Outlook Message
Entropy:	3.30316637471596
Filename:	Fwd_ Payment_Confirmation.msg
Filesize:	39424
MD5:	4cfb650a9f6716e65b12578ad7357869
SHA1:	78b9efaf0c5436a04ab38b456ad935507359c7f8
SHA256:	25a3dbaae7f8949703add1c993037243f3b149c7a220eb4e5878e860976b87e0
SHA512:	c240f73d537fd7e795c3bfba37bde7b8c2795a342ecff29cb2e2ac338dd0593479578ef4e91f64c8e47cd4f6b46aedda4f8fded00a5a22cc0898a2996acdd972
SSDEEP:	768:kr2JwM4mknonBHqHBoZxAi1ZIA6gXPRb3vLfyAflj+DqPG:kS/HqHBo91Hh9lG
Preview:	........................>......................................................................................................................................................................................................................................

C:\Users\alfredo\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20221129T1749280939-2572.etl

data

dropped

Details

File:	C:\Users\alfredo\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20221129T1749280939-2572.etl
Category:	dropped
Dump:	OUTLOOK_16_0_13929_20386-20221129T1749280939-2572.etl.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	data
Entropy:	3.678242832905412
Encrypted:	false
Size:	16384
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\alfredo\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20221129T1750110559-2124.etl

data

dropped

Details

File:	C:\Users\alfredo\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20221129T1750110559-2124.etl
Category:	dropped
Dump:	OUTLOOK_16_0_13929_20386-20221129T1750110559-2124.etl.11.dr
ID:	dr_1
Target ID:	11
Process:	C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	data
Entropy:	3.6716367200007447
Encrypted:	false
Size:	16384
Whitelisted:	false
Reputation:	low

Domains

Name

Malicious

d26p066pn2w0s0.cloudfront.net

13.224.189.75

part-0017.t-0009.t-msedge.net

13.107.213.45

accounts.google.com

142.250.186.109

f8d5c6ccb462dad.cdd-ap.nexusguard.cloud

27.126.206.60

cdnjs.cloudflare.com

104.17.25.14

part-0017.t-0009.fbs1-t-msedge.net

13.107.219.45

maxcdn.bootstrapcdn.com

104.18.11.207

www.google.com

142.250.186.100

clients.l.google.com

142.250.185.206

use.fontawesome.com

unknown

clients2.google.com

unknown

code.jquery.com

unknown

30-11-vjwerg9-80eu5rht-0ghjwr-0gfhwe-0r98gf.obs.ap-southeast-1.myhuaweicloud.com

unknown

logo.clearbit.com

unknown

There are 4 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

142.250.185.67

unknown

United States

142.250.185.206

clients.l.google.com

United States

142.250.185.68

unknown

United States

34.104.35.123

unknown

United States

172.217.16.202

unknown

United States

192.168.2.1

unknown

216.58.212.138

unknown

United States

27.126.206.60

f8d5c6ccb462dad.cdd-ap.nexusguard.cloud

Hong Kong

142.250.186.163

unknown

United States

13.224.189.75

d26p066pn2w0s0.cloudfront.net

United States

104.18.11.207

maxcdn.bootstrapcdn.com

United States

69.16.175.42

unknown

United States

13.107.213.45

part-0017.t-0009.t-msedge.net

United States

142.250.186.109

accounts.google.com

United States

239.255.255.250

unknown

Reserved

172.64.132.15

unknown

United States

127.0.0.1

unknown

104.17.25.14

cdnjs.cloudflare.com

United States

142.250.184.202

unknown

United States

There are 9 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Fwd_ Payment_Confirmation.msg

Files

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportFwd_ Payment_Confirmation.msg

Files

Domains

IPs

IOC Report
Fwd_ Payment_Confirmation.msg