Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Microsoft account password reset.eml

RFC 822 mail, Unicode text, UTF-8 (with BOM) text, with very long lines (537), with CRLF line terminators

initial sample

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

SQLite Write-Ahead Log, version 3007000

modified

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BD8B9D8B-7081-4C48-9C71-7E1E97913319}.tmp

data

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716391221505305300_868CD212-180C-4629-8AD2-457A2641255B.log

ASCII text, with very long lines (28774), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716391221506206300_868CD212-180C-4629-8AD2-457A2641255B.log

data

dropped

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240522T1120210296-5948.etl

data

modified

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 22 14:21:21 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Microsoft Outlook email folder (>=2003)

dropped

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

data

dropped

There are 7 hidden files, click here to show them.

Domains

Name

Malicious

nam04.safelinks.protection.outlook.com

104.47.73.156

Details

Name:	nam04.safelinks.protection.outlook.com
IP:	104.47.73.156
TargetID:	11
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

www.google.com

142.250.185.68

Details

Name:	www.google.com
IP:	142.250.185.68
TargetID:	11
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

c.s-microsoft.com

unknown

assets.onestore.ms

unknown

i.s-microsoft.com

unknown

ajax.aspnetcdn.com

unknown

IPs

Domain

Country

Malicious

52.113.194.132

unknown

United States

142.250.185.68

www.google.com

United States

1.1.1.1

unknown

Australia

152.199.19.160

unknown

United States

88.221.125.143

unknown

European Union

2.16.164.83

unknown

European Union

172.217.16.206

unknown

United States

23.43.61.127

unknown

United States

20.189.173.4

unknown

United States

142.251.5.84

unknown

United States

192.168.2.18

unknown

104.119.109.218

unknown

United States

23.197.124.141

unknown

United States

23.43.62.58

unknown

United States

184.28.89.233

unknown

United States

88.221.169.152

unknown

European Union

239.255.255.250

unknown

Reserved

172.217.23.99

unknown

United States

104.47.73.156

nam04.safelinks.protection.outlook.com

United States

There are 9 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Microsoft account password reset.eml

Files

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMicrosoft account password reset.eml

Files

Domains

IPs

IOC Report
Microsoft account password reset.eml