Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Urgent Secure File Transfer Notification.eml

RFC 822 mail, ASCII text, with CRLF line terminators

initial sample

Details

Filetype:	RFC 822 mail, ASCII text, with CRLF line terminators
Entropy:	5.979090516268103
Filename:	Urgent Secure File Transfer Notification.eml
Filesize:	20745
MD5:	c9232f4a0da52524ee58b7a16670cf41
SHA1:	15282531f3d2c550f671b87591847bd4d477f9e9
SHA256:	6f6b3d9cf6ec0e8f0578bc7f2375f1ea0ab22d937fbaa3169d94c33bae60ee33
SHA512:	4fd9729dfa2a08b08db18893efc1f302f12ebe934543de99323673fb1dd4c4a3aa71861b49a2a696b58cc8189dea7fff72f08d8eb173038c5cb81c7329aabd83
SSDEEP:	192:Gn8xyrYSubjjcYSA8VcWzzARpce1xBRHdiCGRuirqa31JzqvlTeM1QgU54Smn9Ea:xXc6szARpcABRAiY1QJlBJK7IREVb0
Preview:	Received: from YQBP288MB0882.CANP288.PROD.OUTLOOK.COM (2603:10b6:c01:90::18).. by YT2P288MB0153.CANP288.PROD.OUTLOOK.COM with HTTPS; Mon, 28 Oct 2024.. 14:05:41 +0000..Received: from YT4P288CA0021.CANP288.PROD.OUTLOOK.COM (2603:10b6:b01:d4::23).. by YQBP2

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

data

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
Category:	dropped
Dump:	FRMCACHE.DAT.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	data
Entropy:	4.38767743099746
Encrypted:	false
Size:	231348
Whitelisted:	false

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

ASCII text, with very long lines (65536), with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Category:	dropped
Dump:	OfficeSharedEntities.bin.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	ASCII text, with very long lines (65536), with no line terminators
Entropy:	4.000299760592446
Encrypted:	false
Size:	322260
Whitelisted:	false

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

ASCII text, with no line terminators

modified

Details

File:	C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Category:	modified
Dump:	OfficeSharedEntitiesUpdated.bin.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	ASCII text, with no line terminators
Entropy:	2.5219280948873624
Encrypted:	false
Size:	10
Whitelisted:	false

C:\Users\user\AppData\Local\Microsoft\Office\16.0\SmartLookupCache\main_ssr.html

HTML document, ASCII text, with very long lines (56354), with CRLF, LF line terminators

modified

Details

File:	C:\Users\user\AppData\Local\Microsoft\Office\16.0\SmartLookupCache\main_ssr.html
Category:	modified
Dump:	main_ssr.html.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	HTML document, ASCII text, with very long lines (56354), with CRLF, LF line terminators
Entropy:	5.938637680508547
Encrypted:	false
Size:	406268
Whitelisted:	false

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0A31A525-9351-49F3-A96B-19E9DC3A5FA6

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0A31A525-9351-49F3-A96B-19E9DC3A5FA6
Category:	dropped
Dump:	0A31A525-9351-49F3-A96B-19E9DC3A5FA6.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.291021032944116
Encrypted:	false
Size:	180288
Whitelisted:	false

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

SQLite Rollback Journal

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
Category:	dropped
Dump:	outlook.exe.db-journal.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	SQLite Rollback Journal
Entropy:	0.13760166725504608
Encrypted:	false
Size:	4616
Whitelisted:	false

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

data

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
Category:	dropped
Dump:	MSO3072.acl.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Type:	data
Entropy:	1.2389205950315936
Encrypted:	false
Size:	30
Whitelisted:	false

IPs

Domain

Country

Malicious

52.113.194.132

unknown

United States

2.19.126.151

unknown

European Union

23.212.88.34

unknown

United States

52.109.89.18

unknown

United States

52.109.89.19

unknown

United States

52.168.112.67

unknown

United States

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Urgent Secure File Transfer Notification.eml

Files

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportUrgent Secure File Transfer Notification.eml

Files

IPs

IOC Report
Urgent Secure File Transfer Notification.eml