Windows Analysis Report
https://attachments.office.net/owa/scharfi%40healthesystems.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGRiNDRhZDRjLTU5MDYtNGIxZi1iZWEzLTMxNzAxNDc1MDlkYwBGAAAAAABKaGeaik1pTJKS753XARkPBwA2TQ%2BJRvilSZw5ZwX6ZVMcAAAAMPLNAABjlmxW0OkeRYTsmXxki7u0AARkFkARAAABEgAQAL9k38PsJtdGhGfMC27r7wA%3D&thumbnailTy

Overview

General Information

Sample URL: https://attachments.office.net/owa/scharfi%40healthesystems.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGRiNDRhZDRjLTU5MDYtNGIxZi1iZWEzLTMxNzAxNDc1MDlkYwBGAAAAAABKaGeaik1pTJKS753XARkPBwA2TQ%2BJRv
Analysis ID: 1465766
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Creates files inside the system directory
Stores files to the Windows start menu directory

Classification

Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /owa/scharfi%40healthesystems.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGRiNDRhZDRjLTU5MDYtNGIxZi1iZWEzLTMxNzAxNDc1MDlkYwBGAAAAAABKaGeaik1pTJKS753XARkPBwA2TQ%2BJRvilSZw5ZwX6ZVMcAAAAMPLNAABjlmxW0OkeRYTsmXxki7u0AARkFkARAAABEgAQAL9k38PsJtdGhGfMC27r7wA%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiMzFjZTY1ZmViM2MzNGNlZTg0NDNiZTJiNDU3MDBiNjUiLCJzaWduaW5fc3RhdGUiOlsiZHZjX21uZ2QiLCJkdmNfZG1qZCIsImttc2kiXSwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA0MzY3N2ZiNy1iODk0LTQ1NDktOGUwMS0zOGMzZjI3MWM0N2YiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM5MDY2NjExMzQwMDQ1NjRcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCJmODk4MWNhNC05M2JkLTQxMzktYWU5ZC0yYTY0ZGNkYzU4NzJcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTE3ODk4MTM1NDUtOTMzNDAxMDMyLTI1NTYwNTY0NzMtMTI4MjAzOTFcIn0iLCJuYmYiOjE3MTk4NzgxNzQsImV4cCI6MTcxOTg3ODQ3NCwiaXNzIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDQzNjc3ZmI3LWI4OTQtNDU0OS04ZTAxLTM4YzNmMjcxYzQ3ZiIsImF1ZCI6IjAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMC9hdHRhY2htZW50cy5vZmZpY2UubmV0QDQzNjc3ZmI3LWI4OTQtNDU0OS04ZTAxLTM4YzNmMjcxYzQ3ZiIsImhhcHAiOiJvd2EifQ.t5Xgv8eR_TfatMktqJ7JjnJafROB0fji1czP9ZR96nX1FkAZML1FJvdPeDk0V2rp3m5jEeRWloFmtz2AYTzKhNPMePSO4GYvWWuBayNL0IEBCVjKw0knfZiz5WH7T9cC5WxhV-x3NmUm9SWBHBq0k6xxrfPaB9BimtTzPrRiajTPIJqs6wrsjIEbrquToHhyr_zMYiPKzCwj2z5nrw4bGeOeE6CEp4XMdHBj9Foc22X451BeyyuCzZdQjEoC6Bw1frHCLp0hgQuKTU065FcItCBeADkzDu5Z4YnXlCj7pRkWdzpszu5HyevcvmqO-66A60nqvJduSHHjtP-urytSJQ&X-OWA-CANARY=X-OWA-CANARY_cookie_is_null_or_empty&owa=outlook.office.com&scriptVer=20240621005.09&clientId=C58FAA7FDA564195AA577D7CEEBC7343&animation=true&persistenceId=267c1982-ca11-413d-9839-5d834b1d45cb HTTP/1.1Host: attachments.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic DNS traffic detected: DNS query: attachments.office.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49715 version: TLS 1.2
Creates files inside the system directory
Source: C:\Windows\SysWOW64\mspaint.exe File created: C:\Windows\Debug\WIA Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe File created: C:\Windows\Debug\WIA\wiatrace.log Jump to behavior
Source: classification engine Classification label: clean1.win@18/10@4/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2292,i,9355722068866127456,13920442212961938397,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://attachments.office.net/owa/scharfi%40healthesystems.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGRiNDRhZDRjLTU5MDYtNGIxZi1iZWEzLTMxNzAxNDc1MDlkYwBGAAAAAABKaGeaik1pTJKS753XARkPBwA2TQ%2BJRvilSZw5ZwX6ZVMcAAAAMPLNAABjlmxW0OkeRYTsmXxki7u0AARkFkARAAABEgAQAL9k38PsJtdGhGfMC27r7wA%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiMzFjZTY1ZmViM2MzNGNlZTg0NDNiZTJiNDU3MDBiNjUiLCJzaWduaW5fc3RhdGUiOlsiZHZjX21uZ2QiLCJkdmNfZG1qZCIsImttc2kiXSwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA0MzY3N2ZiNy1iODk0LTQ1NDktOGUwMS0zOGMzZjI3MWM0N2YiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM5MDY2NjExMzQwMDQ1NjRcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCJmODk4MWNhNC05M2JkLTQxMzktYWU5ZC0yYTY0ZGNkYzU4NzJcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTE3ODk4MTM1NDUtOTMzNDAxMDMyLTI1NTYwNTY0NzMtMTI4MjAzOTFcIn0iLCJuYmYiOjE3MTk4NzgxNzQsImV4cCI6MTcxOTg3ODQ3NCwiaXNzIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDQzNjc3ZmI3LWI4OTQtNDU0OS04ZTAxLTM4YzNmMjcxYzQ3ZiIsImF1ZCI6IjAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMC9hdHRhY2htZW50cy5vZmZpY2UubmV0QDQzNjc3ZmI3LWI4OTQtNDU0OS04ZTAxLTM4YzNmMjcxYzQ3ZiIsImhhcHAiOiJvd2EifQ.t5Xgv8eR_TfatMktqJ7JjnJafROB0fji1czP9ZR96nX1FkAZML1FJvdPeDk0V2rp3m5jEeRWloFmtz2AYTzKhNPMePSO4GYvWWuBayNL0IEBCVjKw0knfZiz5WH7T9cC5WxhV-x3NmUm9SWBHBq0k6xxrfPaB9BimtTzPrRiajTPIJqs6wrsjIEbrquToHhyr_zMYiPKzCwj2z5nrw4bGeOeE6CEp4XMdHBj9Foc22X451BeyyuCzZdQjEoC6Bw1frHCLp0hgQuKTU065FcItCBeADkzDu5Z4YnXlCj7pRkWdzpszu5HyevcvmqO-66A60nqvJduSHHjtP-urytSJQ&X-OWA-CANARY=X-OWA-CANARY_cookie_is_null_or_empty&owa=outlook.office.com&scriptVer=20240621005.09&clientId=C58FAA7FDA564195AA577D7CEEBC7343&animation=true&persistenceId=267c1982-ca11-413d-9839-5d834b1d45cb"
Source: unknown Process created: C:\Windows\SysWOW64\mspaint.exe mspaint.exe "C:\Users\user\Desktop\"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2292,i,9355722068866127456,13920442212961938397,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: mfc42u.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: uiribbon.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: sti.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: wiatrace.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: coremessaging.dll Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Windows\SysWOW64\mspaint.exe File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information queried: ProcessInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1465766 URL: https://attachments.office.... Startdate: 02/07/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 23 2->5         started        8 mspaint.exe 2 2->8         started        10 chrome.exe 2->10         started        dnsIp3 15 192.168.2.5, 443, 49703, 49709 unknown unknown 5->15 17 239.255.255.250 unknown Reserved 5->17 12 chrome.exe 5->12         started        process4 dnsIp5 19 FRA-efz.ms-acdc.office.com 52.98.179.98, 443, 49709, 49710 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 12->19 21 www.google.com 142.250.186.100, 443, 49713, 49725 GOOGLEUS United States 12->21 23 5 other IPs or domains 12->23
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
52.98.179.98
 FRA-efz.ms-acdc.office.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
142.250.186.100
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.5

Contacted Domains

Name IP Active
www.google.com 142.250.186.100 true
FRA-efz.ms-acdc.office.com 52.98.179.98 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
attachments.office.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://attachments.office.net/owa/scharfi%40healthesystems.com/service.svc/s/GetAttachmentThumbnail?id=AAMkAGRiNDRhZDRjLTU5MDYtNGIxZi1iZWEzLTMxNzAxNDc1MDlkYwBGAAAAAABKaGeaik1pTJKS753XARkPBwA2TQ%2BJRvilSZw5ZwX6ZVMcAAAAMPLNAABjlmxW0OkeRYTsmXxki7u0AARkFkARAAABEgAQAL9k38PsJtdGhGfMC27r7wA%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiMzFjZTY1ZmViM2MzNGNlZTg0NDNiZTJiNDU3MDBiNjUiLCJzaWduaW5fc3RhdGUiOlsiZHZjX21uZ2QiLCJkdmNfZG1qZCIsImttc2kiXSwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA0MzY3N2ZiNy1iODk0LTQ1NDktOGUwMS0zOGMzZjI3MWM0N2YiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM5MDY2NjExMzQwMDQ1NjRcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCJmODk4MWNhNC05M2JkLTQxMzktYWU5ZC0yYTY0ZGNkYzU4NzJcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTE3ODk4MTM1NDUtOTMzNDAxMDMyLTI1NTYwNTY0NzMtMTI4MjAzOTFcIn0iLCJuYmYiOjE3MTk4NzgxNzQsImV4cCI6MTcxOTg3ODQ3NCwiaXNzIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwQDQzNjc3ZmI3LWI4OTQtNDU0OS04ZTAxLTM4YzNmMjcxYzQ3ZiIsImF1ZCI6IjAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMC9hdHRhY2htZW50cy5vZmZpY2UubmV0QDQzNjc3ZmI3LWI4OTQtNDU0OS04ZTAxLTM4YzNmMjcxYzQ3ZiIsImhhcHAiOiJvd2EifQ.t5Xgv8eR_TfatMktqJ7JjnJafROB0fji1czP9ZR96nX1FkAZML1FJvdPeDk0V2rp3m5jEeRWloFmtz2AYTzKhNPMePSO4GYvWWuBayNL0IEBCVjKw0knfZiz5WH7T9cC5WxhV-x3NmUm9SWBHBq0k6xxrfPaB9BimtTzPrRiajTPIJqs6wrsjIEbrquToHhyr_zMYiPKzCwj2z5nrw4bGeOeE6CEp4XMdHBj9Foc22X451BeyyuCzZdQjEoC6Bw1frHCLp0hgQuKTU065FcItCBeADkzDu5Z4YnXlCj7pRkWdzpszu5HyevcvmqO-66A60nqvJduSHHjtP-urytSJQ&X-OWA-CANARY=X-OWA-CANARY_cookie_is_null_or_empty&owa=outlook.office.com&scriptVer=20240621005.09&clientId=C58FAA7FDA564195AA577D7CEEBC7343&animation=true&persistenceId=267c1982-ca11-413d-9839-5d834b1d45cb false
    		unknown