Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

original.eml

SMTP mail, ASCII text, with very long lines (459), with CRLF line terminators

initial sample

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

data

modified

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\87B68FE1-E9C4-44E3-9F2C-E1C6E62046E2

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LZC2TRC0\phish_alert_iocp_v1.10.14 (002).eml:Zone.Identifier (copy)

RFC 822 mail, Unicode text, UTF-8 text, with very long lines (5103), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LZC2TRC0\phish_alert_iocp_v1.10.14.eml

RFC 822 mail, Unicode text, UTF-8 text, with very long lines (5103), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LZC2TRC0\phish_alert_iocp_v1.10.14.eml:Zone.Identifier

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241028T1508040633-6436.etl

data

dropped

C:\Users\user\AppData\Local\Temp\msoC166.tmp

GIF image data, version 89a, 15 x 15

dropped

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 18:08:12 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

dropped

There are 5 hidden files, click here to show them.

URLs

Name

Malicious

https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu1109938.ct.sendgrid.net%2Fls%2Fclick%3Fupn%3Du001.IdUpeluz2aslhKdrxa6HzBkzp1qcpeciwBazOuWwNMNCXnilnleTA006iucL9Sy3rTM-2FY3gIcCbdRwd-2BeXdyyZJ3CfBRdq3trYR11I-2F5OBdfbQ6D4ghg3teSNhnfuGVTvjx1gYJRD06Nt13yULPF8SCNjxv1bgrcHa93RLYhNId2yvcEYk8qTl6IrekoaHGVH-2F3NhTlh7tOohhQoWdz66u-2F8xf-2FXENOIvBLwSXzGROTUwGOEIY-2Boh3NcYuDwzuA0wXloEPO6Ofr94Iv548avY2rb9z181ZPHxsLuBcTKa5A-3DRuxL_04UVeSclHZkwqXlnLIJvsrMLK4qR-2FHb5-2Fz-2FM0XTOQ-2F2xEqq9OLDaa-2FwOEfxMfs86bwkiHQXk3gr3qF-2FHhEiEvmZZpdlVwIZAR9dEf9PzBKSqgiTHIb4VAeoxwRBE-2F1u6HrXk8rPXWIh2kvtUnIp6pZT7jYHaxDO0-2Bm-2FCmFaKHjylAa2sMo0TgnlAsux1Fyd-2F8wkUOYTgiggQ0Qanc5qMYBOl7-2B2mfaGT-2F-2BH7mVmNX-2Fh6t9pwse1grrQrdKlR3dvyKyp8rPGRJpO95k80XyiWscU8RRH4P4nlqiau8cIBMJgdelKtu20ZzdAlvIkZWVop-2BPx-2BzONj9DTBQnzu2qJDxuzLLuWNBiRzh1hEz3dYUkAMYrVPSLb0m9O40aOglqfY&data=05%7C02%7Cjimmy.levasseur%40metalus.qc.ca%7C6c9b625cccc44e2e77ab08dcf76e55b0%7C4f85cc14eaa84e0b829193aab6969f78%7C0%7C0%7C638657300467135875%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=q03q9s4%2Bl%2FNV6U82ZSdsWo5u6Mxm2Yyt%2Fch%2B6K%2B%2FrOk%3D&reserved=0

Details

Name:	https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu1109938.ct.sendgrid.net%2Fls%2Fclick%3Fupn%3Du001.IdUpeluz2aslhKdrxa6HzBkzp1qcpeciwBazOuWwNMNCXnilnleTA006iucL9Sy3rTM-2FY3gIcCbdRwd-2BeXdyyZJ3CfBRdq3trYR11I-2F5OBdfbQ6D4ghg3teSNhnfuGVTvjx1gYJRD06Nt13yULPF8SCNjxv1bgrcHa93RLYhNId2yvcEYk8qTl6IrekoaHGVH-2F3NhTlh7tOohhQoWdz66u-2F8xf-2FXENOIvBLwSXzGROTUwGOEIY-2Boh3NcYuDwzuA0wXloEPO6Ofr94Iv548avY2rb9z181ZPHxsLuBcTKa5A-3DRuxL_04UVeSclHZkwqXlnLIJvsrMLK4qR-2FHb5-2Fz-2FM0XTOQ-2F2xEqq9OLDaa-2FwOEfxMfs86bwkiHQXk3gr3qF-2FHhEiEvmZZpdlVwIZAR9dEf9PzBKSqgiTHIb4VAeoxwRBE-2F1u6HrXk8rPXWIh2kvtUnIp6pZT7jYHaxDO0-2Bm-2FCmFaKHjylAa2sMo0TgnlAsux1Fyd-2F8wkUOYTgiggQ0Qanc5qMYBOl7-2B2mfaGT-2F-2BH7mVmNX-2Fh6t9pwse1grrQrdKlR3dvyKyp8rPGRJpO95k80XyiWscU8RRH4P4nlqiau8cIBMJgdelKtu20ZzdAlvIkZWVop-2BPx-2BzONj9DTBQnzu2qJDxuzLLuWNBiRzh1hEz3dYUkAMYrVPSLb0m9O40aOglqfY&data=05%7C02%7Cjimmy.levasseur%40metalus.qc.ca%7C6c9b625cccc44e2e77ab08dcf76e55b0%7C4f85cc14eaa84e0b829193aab6969f78%7C0%7C0%7C638657300467135875%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=q03q9s4%2Bl%2FNV6U82ZSdsWo5u6Mxm2Yyt%2Fch%2B6K%2B%2FrOk%3D&reserved=0
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu1109938.ct.sendgrid.net%2Fls%2Fclick%3Fupn%3Du001.IdUpeluz2aslhKdrxa6HzMirFwoDQYrI31fzdf8ArvVqWprBwFhQKz9IUQmpJtHHsulYF0E0vP7UxTfdNpTAJuF1fzexsJJN-2FxAklcI9L-2B04nMIN9-2FO01J-2BEQaEiWrWmi-2B6zeKPc1HXcPIi3O-2F1v98PsnmLsfizgioFhlqdhVbByQS4FtjRND39BHA178u7vnlQFEDvl6xjwIGVibX4bwoyAlVrJkv6e3cIyS3grZRA-2BUOK0hwFk3OjJ7Ve3ZUiH3CfaHBLhhAHI2r-2F45rDbFUSFOn30PTeBkCiy6HPXzkdc9OhgrIXgbumAy4BVCjcKeeJRqOvWiUbZHfQQwx69FdM2cPjvB95P9VnfDOSUtfj1LWSf2cu-2FFU5ACtiHv7WXoqLF2e2-2FmMDjIOnZKjtZMaeWDXRvh-2FloCPHJtixQ53-2BhXtoao06ipfoKqc60CAS6Kmj4MP0V-2Bnqx0BiHmnt2FHd1CepThOf91Br65Xig1EPxbBHFhioIF4d76VKeh3-2B2Xs1NF0H6xF9Il-2Fl1krLNF3F6MxL3UMYWmMP3xcCDwKfkHGO-2B0pKRqYa4pCjg4YrI9x4o5QMvToL1dbY0JTWk4yiqBt3olycDj7j-2FS-2FCOtzZ0VaIlD4-2FkqimS5zSw0bv6IST1p1-2BAu-2FmB2jfxd5iQ64aKQ4DX7p46CGFeY5AAoqITpMBvtxBac8i2bHNjOZnsMJSn3hr9vwuwaFgOpggWSMPNuAS3vzfLorNjhsWia86KSBnSdw9C6c1-2FP0uE0004cYua4oV75RyYQaWru6ZxCk7YraIgBGreJMeXXXjbXNjthKnNVkBQLDwRt-2BzC2BxzyPMA-2FtcAqKzwOffXqY6zaA-3D-3D30T2_04UVeSclHZkwqXlnLIJvsrMLK4qR-2FHb5-2Fz-2FM0XTOQ-2F2xEqq9OLDaa-2FwOEfxMfs86bwkiHQXk3gr3qF-2FHhEiEvmZZpdlVwIZAR9dEf9PzBKSqgiTHIb4VAeoxwRBE-2F1u6HrXk8rPXWIh2kvtUnIp6pZT7jYHaxDO0-2Bm-2FCmFaKHjzOHV9Dm9j2qKN3lpmn8XoSOLUSeXmOHtdwAU5S5jKweXQcz4otjNvDP9TxClPnOU9Dnv-2BiHV6H5SwyUnQNqLdWpBXLrTgDNrrwZelHgU2zJ6g0ilzoRizpJ0eeQuM1qUCriQureMO5iOW2ZDDuKNT1VZ0Bt8miWc1z4-2FLDHuLfcUhiuZYx-2FJc1jLw-2Fs4s-2Ft5-2Bdaa3lXraJLkA9VVBrdPPN&data=05%7C02%7Cjimmy.levasseur%40metalus.qc.ca%7C6c9b625cccc44e2e77ab08dcf76e55b0%7C4f85cc14eaa84e0b829193aab6969f78%7C0%7C0%7C638657300467115402%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=gNfchtyL0mej7HoT46SsBGya4C%2BfS8tz7Ms2VORDqFc%3D&reserved=0

Details

Name:	https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu1109938.ct.sendgrid.net%2Fls%2Fclick%3Fupn%3Du001.IdUpeluz2aslhKdrxa6HzMirFwoDQYrI31fzdf8ArvVqWprBwFhQKz9IUQmpJtHHsulYF0E0vP7UxTfdNpTAJuF1fzexsJJN-2FxAklcI9L-2B04nMIN9-2FO01J-2BEQaEiWrWmi-2B6zeKPc1HXcPIi3O-2F1v98PsnmLsfizgioFhlqdhVbByQS4FtjRND39BHA178u7vnlQFEDvl6xjwIGVibX4bwoyAlVrJkv6e3cIyS3grZRA-2BUOK0hwFk3OjJ7Ve3ZUiH3CfaHBLhhAHI2r-2F45rDbFUSFOn30PTeBkCiy6HPXzkdc9OhgrIXgbumAy4BVCjcKeeJRqOvWiUbZHfQQwx69FdM2cPjvB95P9VnfDOSUtfj1LWSf2cu-2FFU5ACtiHv7WXoqLF2e2-2FmMDjIOnZKjtZMaeWDXRvh-2FloCPHJtixQ53-2BhXtoao06ipfoKqc60CAS6Kmj4MP0V-2Bnqx0BiHmnt2FHd1CepThOf91Br65Xig1EPxbBHFhioIF4d76VKeh3-2B2Xs1NF0H6xF9Il-2Fl1krLNF3F6MxL3UMYWmMP3xcCDwKfkHGO-2B0pKRqYa4pCjg4YrI9x4o5QMvToL1dbY0JTWk4yiqBt3olycDj7j-2FS-2FCOtzZ0VaIlD4-2FkqimS5zSw0bv6IST1p1-2BAu-2FmB2jfxd5iQ64aKQ4DX7p46CGFeY5AAoqITpMBvtxBac8i2bHNjOZnsMJSn3hr9vwuwaFgOpggWSMPNuAS3vzfLorNjhsWia86KSBnSdw9C6c1-2FP0uE0004cYua4oV75RyYQaWru6ZxCk7YraIgBGreJMeXXXjbXNjthKnNVkBQLDwRt-2BzC2BxzyPMA-2FtcAqKzwOffXqY6zaA-3D-3D30T2_04UVeSclHZkwqXlnLIJvsrMLK4qR-2FHb5-2Fz-2FM0XTOQ-2F2xEqq9OLDaa-2FwOEfxMfs86bwkiHQXk3gr3qF-2FHhEiEvmZZpdlVwIZAR9dEf9PzBKSqgiTHIb4VAeoxwRBE-2F1u6HrXk8rPXWIh2kvtUnIp6pZT7jYHaxDO0-2Bm-2FCmFaKHjzOHV9Dm9j2qKN3lpmn8XoSOLUSeXmOHtdwAU5S5jKweXQcz4otjNvDP9TxClPnOU9Dnv-2BiHV6H5SwyUnQNqLdWpBXLrTgDNrrwZelHgU2zJ6g0ilzoRizpJ0eeQuM1qUCriQureMO5iOW2ZDDuKNT1VZ0Bt8miWc1z4-2FLDHuLfcUhiuZYx-2FJc1jLw-2Fs4s-2Ft5-2Bdaa3lXraJLkA9VVBrdPPN&data=05%7C02%7Cjimmy.levasseur%40metalus.qc.ca%7C6c9b625cccc44e2e77ab08dcf76e55b0%7C4f85cc14eaa84e0b829193aab6969f78%7C0%7C0%7C638657300467115402%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=gNfchtyL0mej7HoT46SsBGya4C%2BfS8tz7Ms2VORDqFc%3D&reserved=0
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

can01.safelinks.eop-tm2.outlook.com

52.102.11.124

s-part-0023.t-0009.t-msedge.net

13.107.246.51

sni1gl.wpc.alphacdn.net

152.199.21.175

s-part-0015.t-0009.t-msedge.net

13.107.246.43

s-part-0017.t-0009.t-msedge.net

13.107.246.45

sni1gl.wpc.omegacdn.net

152.199.21.175

www.google.com

142.250.185.100

s-part-0039.t-0009.t-msedge.net

13.107.246.67

s-part-0032.t-0009.t-msedge.net

13.107.246.60

js.monitor.azure.com

unknown

can01.safelinks.protection.outlook.com

unknown

c.s-microsoft.com

unknown

support.content.office.net

unknown

aadcdn.msftauth.net

unknown

logincdn.msftauth.net

unknown

acctcdn.msftauth.net

unknown

mem.gfx.ms

unknown

There are 8 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

13.107.246.43

s-part-0015.t-0009.t-msedge.net

United States

142.250.74.202

unknown

United States

20.223.36.55

unknown

United States

20.189.173.6

unknown

United States

13.107.246.45

s-part-0017.t-0009.t-msedge.net

United States

13.107.246.67

s-part-0039.t-0009.t-msedge.net

United States

20.223.35.26

unknown

United States

192.168.2.17

unknown

52.109.89.119

unknown

United States

142.250.185.100

www.google.com

United States

13.107.246.60

s-part-0032.t-0009.t-msedge.net

United States

52.182.141.63

unknown

United States

142.251.168.84

unknown

United States

184.28.89.233

unknown

United States

20.190.160.14

unknown

United States

52.109.32.97

unknown

United States

52.168.112.66

unknown

United States

142.250.184.206

unknown

United States

172.217.18.110

unknown

United States

2.19.97.192

unknown

European Union

52.113.194.132

unknown

United States

104.102.52.100

unknown

United States

1.1.1.1

unknown

Australia

142.250.186.163

unknown

United States

184.28.89.167

unknown

United States

88.221.169.152

unknown

European Union

239.255.255.250

unknown

Reserved

20.190.159.2

unknown

United States

104.47.75.220

unknown

United States

152.199.21.175

sni1gl.wpc.alphacdn.net

United States

104.124.11.201

unknown

United States

52.102.11.124

can01.safelinks.eop-tm2.outlook.com

United States

172.217.16.195

unknown

United States

There are 23 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
original.eml

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportoriginal.eml

Files

URLs

Domains

IPs

IOC Report
original.eml