Edit tour

Windows Analysis Report
-19.msg

Overview

General Information

Sample name:	-19.msg
Analysis ID:	1670386
MD5:	f71ce748356dd88dbdfa33488ef063c5
SHA1:	6bbbbd0d5825d3de05520b9d2bdc96ffbf600dc9
SHA256:	a4992627599e5de4318f023e810fedcc5a83a63506ab05053b77c6c922969d3a
Infos:

Detection

unknown

Score:	21
Range:	0 - 100
Confidence:	80%

Signatures

AI detected suspicious elements in Email content

Queries the volume information (name, serial number etc) of a device

Sigma detected: Outlook Security Settings Updated - Registry

Classification

×

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6880 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\-19.msg" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6824 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "455C64DA-F6EA-4B99-AEE6-A577FF0D7DE7" "2E50688B-849F-4EE2-80D7-D96D82180D58" "6880" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZH9Z7MDY\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6880, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6880, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• System Summary
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious elements in Email content

Source: -19.msg

Joe Sandbox AI: Detected potential phishing email: Email has no subject line, which is suspicious. Sender address is a numeric mobile number format through MMS gateway. Contains only an image attachment with no message body, common in phishing/spam

Source: Email

Classification: unknown

Source: classification engine

Classification label: sus21.winMSG@3/4@0/16

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250421T1126130848-6880.etl

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\-19.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "455C64DA-F6EA-4B99-AEE6-A577FF0D7DE7" "2E50688B-849F-4EE2-80D7-D96D82180D58" "6880" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "455C64DA-F6EA-4B99-AEE6-A577FF0D7DE7" "2E50688B-849F-4EE2-80D7-D96D82180D58" "6880" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	11 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Process Injection	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	12 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-0005.dual-s-msedge.net	52.123.128.14	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
20.42.73.24	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.123.128.14	s-0005.dual-s-msedge.net	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.0.142	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1670386
Start date and time:	2025-04-21 17:25:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	-19.msg
Detection:	SUS
Classification:	sus21.winMSG@3/4@0/16
Cookbook Comments:	Found application associated with file extension: .msg

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 52.123.128.14
Excluded domains from analysis (whitelisted): ecs.office.com, dual-s-0005-office.config.skype.com, ecs.office.trafficmanager.net
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetValueKey calls found.

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250421T1126130848-6880.etl

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	modified
Size (bytes):	94208
Entropy (8bit):	4.477588930487954
Encrypted:	false
SSDEEP:
MD5:	EED34D104A3C5DC2C59492FD0E57E92C
SHA1:	828B08420FB00979AC1EA6CBC8FCDAAFF076F198
SHA-256:	8565ECB74AF5D89832A88602FA9AB1F1120474A79FB1747881C9FB5560B51D21
SHA-512:	C495202B864259329C83F053CD52F048C35F877D9194CAE2C95301E3015807D2F40993EECD9EF8CCC36B3E7DACDC5F247AE773620766D3274995B964F72BD329
Malicious:	false
Reputation:	unknown
Preview:	............................................................................d.................................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................3.........................v.2._.O.U.T.L.O.O.K.:.1.a.e.0.:.1.1.0.2.5.f.d.4.9.1.b.d.4.f.3.0.8.b.4.6.4.8.d.4.1.f.8.f.4.a.7.0...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.4.2.1.T.1.1.2.6.1.3.0.8.4.8.-.6.8.8.0...e.t.l...........P.P...............................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF69A30887992E9E06.TMP

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	163840
Entropy (8bit):	0.328620254175565
Encrypted:	false
SSDEEP:
MD5:	B6CB401C64948317427CE743675B6C0C
SHA1:	C2927E810298746D58C2438CFC1DF4FA8F45914C
SHA-256:	56D3CF2221454BE05855B6E77C1492B6EABA632A7506332A9AC5C4DCAFF30BBB
SHA-512:	E25E7BA98704D3F5BC4CED9471289EE382424135AB3ED68BA0D5ACC1C6296F606EC5D96854BE0D693795ED9B21E297A95BE3864F7D95AA468A1FE8772246B2ED
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	Microsoft Outlook email folder (>=2003)
Category:	dropped
Size (bytes):	271360
Entropy (8bit):	1.2784374024774212
Encrypted:	false
SSDEEP:
MD5:	789DF5A3259226B8CA02269186BEAE07
SHA1:	8286DEF9A8ED3D979AD296902ACE099920E47149
SHA-256:	2EEE79A3418A651D71BB38D141968CDB666A459543F13BC1307364B2B4710F65
SHA-512:	D2C012F9F92BCCF8E29BE0F7B1874BA85DA32FFEF648EA873437E58E926A52C6E8EEDC21177E0E1709173A6A68C942B7979629C8DE5E4DEA10E123EE35A6D639
Malicious:	false
Reputation:	unknown
Preview:	!BDN.tt.SM......\...............D.......M................@...........@...@...................................@...........................................................................$.......D.......\..............@...............C...........................................................................................................................................................................................................................................................................................\........q-..-......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	1.1713309041058648
Encrypted:	false
SSDEEP:
MD5:	BB29D2C49904FE6B7954CE5EAA94AE44
SHA1:	F0AFC9389C38BA1393C6F8E3940910EC497B5949
SHA-256:	EF53D6522BC05D2B49ACDEEF66215E1EFDDFF04160409C4972C76A18F7269A85
SHA-512:	DC2ADD1297CCBFB4A14CE757C946E549D54372095B61A4B0A286F6535BCD3608A84747DDC1F1E262D8C09403CE4DF77DCBEC0E49A512D566036FD863B0F3374E
Malicious:	false
Reputation:	unknown
Preview:	..G0...L..................................#.........G........v.......................f..............................@...........................................................................................................................................................................................................................................................................................................................................................................................................................................o`.............0...M..................................#.@.....................~.H...............@.....~.L...................`.~.P........x............~.T........^............~.X........s..........@.~.`...............`.....~.d................... .~.......................~..........X......8.....~..........^............~.........@a..........`.~..........o............~..........c............~..........I..........@.~. ...............n.....~. .......

Static File Info

General

File type:
Entropy (8bit):	7.88239837223436
TrID:	Outlook Message (71009/1) 58.92% Outlook Form Template (41509/1) 34.44% Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:	-19.msg
File size:	866'304 bytes
MD5:	f71ce748356dd88dbdfa33488ef063c5
SHA1:	6bbbbd0d5825d3de05520b9d2bdc96ffbf600dc9
SHA256:	a4992627599e5de4318f023e810fedcc5a83a63506ab05053b77c6c922969d3a
SHA512:	7ad4eefc1971e6295dad82077c57ee4b8c9f39f5a884c2734e92a442e2623794dac5b9403da0db89bb6de247e34774a5d82941d72eff22224dda01328b256d60
SSDEEP:	24576:l8xXnlxuyXmjue1EBmFMA7HU8QYNBzDnf80JOYJMJI+9zxB:2xXnDDGu/fYvzDf8Qu
TLSH:	37052316BDC61B07E2FB5F754AE349468658ECF2AE1060CBA7E17F0E1672A51E0E012D
File Content Preview:	........................>.......................................................7...8...9...:...;...<...=...>...?...@...A...B...C..............................................................................................................................

Static Mail

General

Subject:
From:	3366342090@mms.att.net
To:	stacey.manring@ncfbssc.com
Cc:
BCC:
Date:	Fri, 18 Apr 2025 14:29:57 +0200
Communications:
Attachments:	763650712.jpg

Headers

Key	Value
Received	from zatn1ammsc01nfe002.wnsnet.atn1a.tci.att.com ([107.79.70.25])
for <stacey.manring@ncfbssc.com>; Fri, 18 Apr 2025 08	30:03 -0400
id 5iXOuEPuC2I0p5kr1uPksD; Fri, 18 Apr 2025 12	30:00 +0000
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/simple; d=mms.att.net;
h=Message-ID	To:From:Date;
id 5kq5uoW6Zibtl5kr0uCj83; Fri, 18 Apr 2025 12	29:59 +0000
X-Authority-Analysis	v=2.4 cv=Tag1tgQh c=1 sm=1 tr=0 ts=680245c7
a=vS8ST19TvISX4aSVRkQnoQ==	117 a=oeu5STYdRKV+spy8fGwEtw==:17
a=s5jvgZ67dGcA	10 a=XR8D0OoHHMoA:10 a=JZkk_B9SIJQNXoL9BJEA:9 a=KQqxNPgzF0kA:10
id 5kfquQp6xZptJ5kqzuqr0u; Fri, 18 Apr 2025 07	29:58 -0500
Message-ID	<5kfquQp6xZptJ5kqzuqr0u@txt.att.net>
In-Reply-To	995528712.19824670.1744979397897.JavaMail.nems@zatn1ammsc01nfe002
X-Mms-Message-Type	m-send-req
X-Mms-Transaction-Id	1744979379-0
X-Mms-MMS-Version	1.2
To	stacey.manring@ncfbssc.com
From	3366342090@mms.att.net
Date	Fri, 18 Apr 2025 12:29:57 +0000 (UTC)
X-Mms-Sender-Visibility	Show
MIME-Version	1.0
X-CMAE-Envelope	MS4xfL4c2pci2n21s35BPvrGLeAuI1TiMs07baK/Gv/JNKPsisnXqL9wFjMG5CvgGK0OoyNZhkyQKEutEmWyf8mhhxqJnBzkVq+0DE6rS/4V2e/1B8hDA0Ik
X-CLX-Shades	MLX
X-Proofpoint-GUID	jBxn-zn67wCYh6gp0DUZHxj3RIYbcVyl
X-CLX-Response	1TFkXGBkaEQpMehceGBIRCllEF21GeHtnUl9NH1obEQpYWBdhSGNkThseW21 wbhEKeE4XaUNPTGgea2gdTGQRCnlMF2VYHxhzGG1GWm1NEQpDSBcHGx0eEQpDWRcHGB4RCkNJFx oEGhoaEQpZTRdnZnIRCllJFxpxGhAadwYTGnEdEBp3BhgaBhsYGhEKWV4XbGx5EQpJRhdESUxIQ
X-Proofpoint-ORIG-GUID	jBxn-zn67wCYh6gp0DUZHxj3RIYbcVyl
X-Proofpoint-Banner-Trigger	inbound
Content-Type	multipart/mixed;
date	Fri, 18 Apr 2025 14:29:57 +0200

File Icon


Icon Hash:	c4e1928eacb280a2