IOC Report
SPECIAL PARTY INVITATION FROM DON & LINDA HUFFMAN.msg

loading gif

Files

File Path
Type
Category
Malicious
SPECIAL PARTY INVITATION FROM DON & LINDA HUFFMAN.msg
CDFV2 Microsoft Outlook Message
initial sample
malicious
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
Microsoft Outlook email folder (>=2003)
dropped
malicious
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
data
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
modified
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2E4E1DAE.dat
PNG image data, 552 x 112, 8-bit colormap, interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\387F9BF8.dat
PNG image data, 266 x 220, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3AB943F6.htm
GIF image data, version 87a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3DCF7A8.htm
PNG image data, 510 x 120, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\524BFB83.htm
PNG image data, 435 x 96, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5FC8D5D7.dat
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6C4D8389.y3RhnFQ--~D
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 524x372, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\808FD4FD.dat
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8EA47CC6.dat
PNG image data, 66 x 74, 8-bit colormap, interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A2DF9EDA.dat
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C46585EC.dat
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E1EFED13.dat
PNG image data, 225 x 220, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F1D7BB99.dat
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 222x220, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8DF620A4-404F-4668-A4E5-FE4F2BED226F}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732121438864112800_85883C4F-2985-45B4-904A-62F0670E1BC6.log
ASCII text, with very long lines (28773), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732121438864929300_85883C4F-2985-45B4-904A-62F0670E1BC6.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241120T1150380600-6284.etl
data
modified
C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache
data
dropped
C:\Users\user\AppData\Local\Temp\~DFFFE5D97A2F82A9A5.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 15:51:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 102
ASCII text, with very long lines (26548)
downloaded
Chrome Cache Entry: 103
ASCII text
downloaded
Chrome Cache Entry: 104
ASCII text, with very long lines (32038)
dropped
Chrome Cache Entry: 107
JSON data
downloaded
Chrome Cache Entry: 108
ASCII text
dropped
Chrome Cache Entry: 91
ASCII text
dropped
Chrome Cache Entry: 93
ASCII text, with very long lines (9476)
downloaded
Chrome Cache Entry: 96
ASCII text
dropped
Chrome Cache Entry: 97
HTML document, ASCII text
downloaded
Chrome Cache Entry: 99
PNG image data, 250 x 92, 8-bit/color RGBA, non-interlaced
dropped
There are 34 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://clicktime.cloud.postoffice.net/clicktime.php?U=https://punchmeetdirect.info/&E=mbaker%40firstfedweb.com&X=XID170CkgR4R5051Xd2&T=FF1001&HV=U,E,X,T&H=7657709960056573da15999e9daa042b06812829

Domains

Name
IP
Malicious
google.com
142.250.181.110
fd-geo-ec.gy1.b.yahoodns.net
87.248.114.16
cloud.postoffice.net
165.212.65.209
cdnjs.cloudflare.com
104.17.25.14
clicktime.cloud.postoffice.net
165.212.65.140
maxcdn.bootstrapcdn.com
104.18.11.207
www.google.com
142.250.181.68
augloop.office.com
unknown
punchmeetdirect.info
unknown
ecp.yusercontent.com
unknown

IPs

IP
Domain
Country
Malicious
52.113.194.132
unknown
United States
172.217.19.238
unknown
United States
165.212.65.209
cloud.postoffice.net
United States
1.1.1.1
unknown
Australia
172.217.17.35
unknown
United States
192.168.2.16
unknown
unknown
52.111.252.7
unknown
United States
52.111.252.16
unknown
United States
216.58.208.234
unknown
United States
165.212.65.140
clicktime.cloud.postoffice.net
United States
104.18.11.207
maxcdn.bootstrapcdn.com
United States
8.8.8.8
unknown
United States
52.109.68.129
unknown
United States
74.125.205.84
unknown
United States
239.255.255.250
unknown
Reserved
87.248.114.16
fd-geo-ec.gy1.b.yahoodns.net
United Kingdom
52.109.32.97
unknown
United States
142.250.181.68
www.google.com
United States
172.217.21.35
unknown
United States
51.116.253.168
unknown
United Kingdom
104.17.25.14
cdnjs.cloudflare.com
United States
There are 11 hidden IPs, click here to show them.