Windows
Analysis Report
Axactor Microsoft - Introduksjonsm#U00f8te.msg
Overview
General Information
Sample name: | Axactor Microsoft - Introduksjonsm#U00f8te.msgrenamed because original name is a hash value |
Original sample name: | Axactor Microsoft - Introduksjonsmte.msg |
Analysis ID: | 1524034 |
MD5: | 753e07dc560986e69a18fd3ec1bcce68 |
SHA1: | ebe1bb8775e0f44126f1806aacfefcd0bac08734 |
SHA256: | d7fbed810d6e04385a98349f8e3a76904bd13799bd1e4035f5ceb8216cc54460 |
Infos: | |
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- OUTLOOK.EXE (PID: 2668 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /f "C:\Users \user\Desk top\Axacto r Microsof t - Introd uksjonsm#U 00f8te.msg " MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 2104 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "CC7 A2BEE-2601 -4BC5-8135 -28ECC8573 887" "DB58 9ACD-F139- 4868-9435- FA7AB6F7BB EA" "2668" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File read: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | Key value created or modified: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 12 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
2.19.126.151 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
52.109.28.47 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
51.105.71.137 | unknown | United Kingdom | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
199.232.214.172 | bg.microsoft.map.fastly.net | United States | 54113 | FASTLYUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524034 |
Start date and time: | 2024-10-02 12:32:49 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Axactor Microsoft - Introduksjonsm#U00f8te.msgrenamed because original name is a hash value |
Original Sample Name: | Axactor Microsoft - Introduksjonsmte.msg |
Detection: | CLEAN |
Classification: | clean1.winMSG@3/20@0/59 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, TextInputHost.exe
- Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.28.47, 2.19.126.151, 2.19.126.160, 199.232.214.172, 51.105.71.137
- Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, self-events-data.trafficmanager.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprduks03.uksouth.cloudapp.azure.com, uks-azsc-000.roaming.officeapps.live.com, login.live.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Input | Output |
---|---|
URL: Email Model: jbxai | { "Status":"Unavailable"} |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 3.4657220944431426 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0719B3DA2D1940342CF580C95F00DD10 |
SHA1: | 5AB192C186109ABD0FF0F4DFE9595B11DF769831 |
SHA-256: | A3A05902B1AEC2960CFF4C8CE4133398110A35CD50E97C18E8125D8C885439EA |
SHA-512: | 35267CD35FC6742900CDA5E7FD4AE7917B21966A6F8460785B6AD1216381215EA800CA2874E40D444FE168239EC1B8BA1EAB37FF73547BF72666734F6BAC1AA1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.390305475555932 |
Encrypted: | false |
SSDEEP: | |
MD5: | 29CFFB3AAC3DA2CFA9B41CA40A710052 |
SHA1: | 25A80474446C337EBF55A63B9195603CAFCC0290 |
SHA-256: | 97116C4411FAC69F4BEA9776765CF2688CFA8359994499DB3313AC0BF44C63AC |
SHA-512: | 36930847AC4A85BD0DAE399A57B596F24BFF69CF9AA4C00CF4A1E55EA8265267FB513763FDAED1A906CAC6666F2E27FD5F40DC8B993BC2E7A03B786E085A9141 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.7219280948873625 |
Encrypted: | false |
SSDEEP: | |
MD5: | 54767607C256A08B2DDDCDBBAB97C3E6 |
SHA1: | D8860ACF338C09142E06808395971D9C427D200F |
SHA-256: | 328EF9EC8B82903465D5CC4B2239DC85A32F3699FE86BB64BDD7ED56CF719372 |
SHA-512: | EB6F75BDE489CD95445A9A850F8EDC309521FCC9787806EB00DCBEA661C5B28263EF9404AC84F4A68AEEFF91505352FB602ED4BCADEFC9E97AFD30381D7062D3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.09216609452072291 |
Encrypted: | false |
SSDEEP: | |
MD5: | F138A66469C10D5761C6CBB36F2163C3 |
SHA1: | EEA136206474280549586923B7A4A3C6D5DB1E25 |
SHA-256: | C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6 |
SHA-512: | 9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.1370048545379396 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5BD120A8639BD578F532B708550B413A |
SHA1: | E374CFA86BA7AFB0FA0407F05C37F57F40D55C48 |
SHA-256: | C49B97149C825559779E12FDB484FAB9FD2C17267FE52254AEADAD90068AC472 |
SHA-512: | FB25914885C6ED8F19732E971FC8F719FF92B25BDD9AD7E4CFA4F468E56610744E7718B96AEC09AA5F4C37A6B117F1DC92165D51C6503251C96E1F644F40162B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.0446603401158491 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9BF613882684BBADDA2124E750277E8F |
SHA1: | 3F5727C15D931D5AF3667B60C26BE46FB91693F5 |
SHA-256: | 2C067596A3F854224DDA76814B02F2750F8C1F64C8125851CEA716DC743E49FF |
SHA-512: | ABB289F4981DA5C941AE1C0320D82737D5D72BC2F24C85789755E34041A11A0EB1E62A9266F69288FFCC99E318501FCF50891DD765ECD95537692FF75F7598B9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 45352 |
Entropy (8bit): | 0.3925949238881112 |
Encrypted: | false |
SSDEEP: | |
MD5: | CE3878450B5179B0347E8A585C9436EC |
SHA1: | 465D252B382BCD5920B4363CFC794CF67AD8E994 |
SHA-256: | 1B87EF2DE94B0FDC4CCE85A5CDFFF1CAB08188671320E9B56F6F4F5FA77BA27B |
SHA-512: | 0E0C70F63BD948A1818CF7EC70C3D062B5E18F01D2175124FDE40381F45DC3C40EBEF8F7846906B12A023B6DA278C97BE26B12283A0B3BC67AF933419D99F363 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 12903 |
Entropy (8bit): | 7.968570453548359 |
Encrypted: | false |
SSDEEP: | |
MD5: | D20410F4C6A9FE5539CE6CA6111B810A |
SHA1: | 3DD4BEB5CE191CFBE2879BDDF8B159460A22652F |
SHA-256: | 84CAFDFFC4DD29FA9B20C731EA234A0583A3FFBCB087B53B189F7C4B34819002 |
SHA-512: | A038F60107F785506CC7980249BAD2DDA8840B8D8E35FEB1D691D4923A059F39D1043938C60F36A104A85D0AA3DDAF792464F65E8DA3C49A437D315163A85CAD |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A9BB4B62-BBC2-43A5-B3D2-F0C035A29A75}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 11164 |
Entropy (8bit): | 3.73623439517865 |
Encrypted: | false |
SSDEEP: | |
MD5: | B3BF4DC984E841A92D82351BC84F0B3B |
SHA1: | 0C53F8A0333EC59FEFE3AB0CE85911BBDE7613F2 |
SHA-256: | D2052412A3ED2E0A134B8B82EAE769F4D0027E72F66261DA557363EB6B830FF3 |
SHA-512: | F1646A94EAD1CABAA8D19E76E55784CFE498BA1F5C440874B5E96B05B1D0DFDACDDF4558E13558A495C465B8E614B06A778D20B88F5605336502647FC96022AF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C7B35FF6-2FB1-4C61-A99B-1FFDD9ABAB76}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 2.1121448492410155 |
Encrypted: | false |
SSDEEP: | |
MD5: | F4AE44D5F771AFF85E9A79C9B85DB620 |
SHA1: | C59F876EA6BF8A929EAD49EB208F864CEF47085F |
SHA-256: | 94F736A62B217B87E7FDE399042DEBD7EF116519CDB9546F212E8683E4EEF4C3 |
SHA-512: | 8BD1929924E114F47824ED7839FF2C44EE0185CF43FE910380E2B412D1679BD705C435BACC44910DC7050F2F9D30F39B1C773D42A38D9667E8E7531C515AC218 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727865202285952900_ECBF2CD6-77CF-44CF-87E6-ACE9D4696033.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.00709038095367761 |
Encrypted: | false |
SSDEEP: | |
MD5: | C425F8CB364C4B024952BF79B292B1D8 |
SHA1: | 5885C9D76741E4FE66A0D1F69BDF91839D997821 |
SHA-256: | FB57C81158625249E5E18A84AA29C97F8EE82C65EEE85EA6AC6C936920AA97A1 |
SHA-512: | 03DAA615B56EE8757662B9B1B3C03457F762C050F2959CAC1CBBDCC67C47F00E7A539C0178B9036C9095A0AC46F8AE86C29F3B40C5892E72AFCAFDED2109DC38 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727865202286786400_ECBF2CD6-77CF-44CF-87E6-ACE9D4696033.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T0633220054-2668.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 94208 |
Entropy (8bit): | 4.588002980717007 |
Encrypted: | false |
SSDEEP: | |
MD5: | A64ABFCED10ED435D5C159D2071DADFE |
SHA1: | 5B48910436C0BE4B3A59E45319B4D7176BB6843B |
SHA-256: | D69C7E9D61E98B462A0DC875583EB9287D6E085FAAAD23D4E79B25DAE8FA838D |
SHA-512: | 30CF3161EA72E0C0DA13D71DBFC6F303C17CC092850407B183022A55C5B220F7E0535F445DCB4863BFD351F4BE6118E4D25ADD41581E41E5AF7097A521495D84 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 663 |
Entropy (8bit): | 5.949125862393289 |
Encrypted: | false |
SSDEEP: | |
MD5: | ED3C1C40B68BA4F40DB15529D5443DEC |
SHA1: | 831AF99BB64A04617E0A42EA898756F9E0E0BCCA |
SHA-256: | 039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A |
SHA-512: | C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 163840 |
Entropy (8bit): | 0.5261104467438287 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2A42D44C1F948F95EEB911D7CA743E1D |
SHA1: | B182415348F5181BCBD9A67A7D653FDA11C8A0D9 |
SHA-256: | F2385A12FA5EA844DB42CCBBBD5960217E882D1AE0846F7BAD29C6E20C9CA627 |
SHA-512: | CDB9291966A4C38D280CAE4001A459C69034B7CEB65A099F0DA91ED1403A52303C7ACC136A281A24CB6C207B3B2C37F8E418449BAE781C59625532279C1F5388 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | D415D1DA35E4BFA21662CE5ABF2E8138 |
SHA1: | 5B05454897EF8A890949577C4F7EDD48ACC07159 |
SHA-256: | AC3190327A084525DF26161EE3FB5514633D3D10856D619C656EFC6BEE865137 |
SHA-512: | C16328B9FBBD2CFECFC1DBE028F7D5ED91465FEE8BAF1E4AF7437A0C34341918CE0E50E0EDCECAA386B6D7780BBE781AA0B78362A2343515477AAF9722F9A75E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.6705259511320396 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9BE84F9EE92F7CA42AA1103DBD73FDEF |
SHA1: | F041A1742E094A5EE1AB7A000C032E6DA5921F19 |
SHA-256: | 06A2E85832123D2D4ABAA42BBAFB96FC86B87DF5CCFCE38E3E16ECA296DF1F3B |
SHA-512: | 32A691B9EC21DA94186B2E3EB534FD2C5932296E53D3CAE97A4911EFA48FAEED34DA79B9D1EF7E0F47A49C4EF2848A8954B168A068AAE69D39202C32EFD548B5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 1.4850640665642132 |
Encrypted: | false |
SSDEEP: | |
MD5: | A9555F57008261044B2F824757D3E7FF |
SHA1: | 972B35929E0CD47F465D57A750C6C35F7AE6141A |
SHA-256: | CD1167D7D7882D464F4271AD10FCF8E0729730A53004F29C794406FDE6C6AF88 |
SHA-512: | 02FACCF36144C63C6347266F97FC3FC2EE2FF83BCE3CEEF127F49ECC827B427956193394E2C145131A88EA0E28B3E4021B4F7945C03650BFDD88E963289BB213 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.8397992966653707 |
Encrypted: | false |
SSDEEP: | |
MD5: | 53F112AC36C3742A678157AEA19B131E |
SHA1: | F9B3AA380AC7A242E81B5ADFF956CAA248D7CBB1 |
SHA-256: | 92E86463091016249FF1F60418410FDF5A4918D19003F89B786936C8FBE379A7 |
SHA-512: | 4F7CD2D8C29EF942DBA0F13A40F356898E77AE2A25D4BC776460E255AD19E701A9C4F77173C6EEA497EF5823A1DDE5A3FBFAAB787BE2B61227C03D5B4F0C9876 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 4.373522671178253 |
TrID: |
|
File name: | Axactor Microsoft - Introduksjonsm#U00f8te.msg |
File size: | 220'160 bytes |
MD5: | 753e07dc560986e69a18fd3ec1bcce68 |
SHA1: | ebe1bb8775e0f44126f1806aacfefcd0bac08734 |
SHA256: | d7fbed810d6e04385a98349f8e3a76904bd13799bd1e4035f5ceb8216cc54460 |
SHA512: | f046f528e96c512165558204da54bce63270ad982210c7fe34a93c4431a9b258a9455ed4b6fa5e1e48b10ae770d848eb1a06748b95cf0f80e4fefe62f395d4e9 |
SSDEEP: | 3072:DFIeUNqN+OdDn34SPq7zXukqGnHrgD+/S9EwDsw2LfQ0iCSF:DBr+Sl+q9EXL4 |
TLSH: | 572401243AFA1115F277EF3149F690979937BD92AD24994F2081370E0A73A41ED62F3B |
File Content Preview: | ........................>...................................4...................r.......p...................................................................................................................................................................... |
Subject: | Axactor & Microsoft - Introduksjonsmte |
From: | Didrik Berg <didrikberg@microsoft.com> |
To: | "roger.opstad@axactor.com" <roger.opstad@axactor.com>; Richard Johnson <Richard.Johnson@microsoft.com>; Marie Kvendset <Marie.Kvendset@microsoft.com>; Marcus Pieterse <marcus.pieterse@microsoft.com>; Kristine Boge <kristineboge@microsoft.com>; Nicolas Fortune-Bredefeldt <nicolasfo@microsoft.com> |
Cc: | |
BCC: | |
Date: | Tue, 01 Oct 2024 14:24:56 +0200 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Received | from GV1PR83MB0756.EURPRD83.prod.outlook.com |
12 | 24:56 +0000 |
ARC-Seal | i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; |
ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; |
h=From | Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; |
ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=pass |
(2603 | 10a6:10:3c3::16) with Microsoft SMTP Server (version=TLS1_2, |
2024 12 | 24:56 +0000 |
Transport; Tue, 1 Oct 2024 12 | 24:59 +0000 |
Authentication-Results | spf=pass (sender IP is 40.107.104.104) |
Received-SPF | Pass (protection.outlook.com: domain of microsoft.com designates |
15.20.8026.11 via Frontend Transport; Tue, 1 Oct 2024 12 | 24:59 +0000 |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; |
by PAXPR83MB0559.EURPRD83.prod.outlook.com (2603 | 10a6:102:246::15) with |
([fe80 | :7a3:afdc:7cb7:9da6%6]) with mapi id 15.20.8048.007; Tue, 1 Oct 2024 |
From | Didrik Berg <didrikberg@microsoft.com> |
To | "roger.opstad@axactor.com" <roger.opstad@axactor.com>, Richard Johnson |
Subject | =?iso-8859-1?Q?Axactor_&_Microsoft_-_Introduksjonsm=F8te?= |
Thread-Topic | =?iso-8859-1?Q?Axactor_&_Microsoft_-_Introduksjonsm=F8te?= |
Thread-Index | AdsT/JonVAFHrbzzYkS8WqFYSTrKHQ== |
Date | Tue, 1 Oct 2024 12:24:56 +0000 |
Message-ID | <GV1PR83MB07568CED7CB9DCF58D2CFDD0CA772@GV1PR83MB0756.EURPRD83.prod.outlook.com> |
Accept-Language | en-GB, en-US |
Content-Language | en-GB |
X-MS-Has-Attach | yes |
X-MS-TNEF-Correlator | msip_labels: |
MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-10-01T12 | 22:36.793Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; |
Authentication-Results-Original | dkim=none (message not signed) |
x-ms-exchange-calendar-series-instance-id | BAAAAIIA4AB0xbcQGoLgCAAAAACIxO6Z/BPbAQAAAAAAAAAAEAAAAByCo4BKv7xClcWVbQVSse0= |
x-ms-traffictypediagnostic | GV1PR83MB0756:EE_MeetingMessage|PAXPR83MB0559:EE_MeetingMessage|DB5PEPF00014B8A:EE_|PAWPR06MB8714:EE_|PA4PR06MB7182:EE_ |
X-MS-Office365-Filtering-Correlation-Id | 4a827b59-1658-4ac9-81ec-08dce21410f1 |
x-ms-exchange-senderadcheck | 1 |
x-ms-exchange-antispam-relay | 0 |
X-Microsoft-Antispam-Untrusted | BCL:0;ARA:13230040|376014|366016|1800799024|10070799003|38070700018; |
X-Microsoft-Antispam-Message-Info-Original | =?us-ascii?Q?E2Ol7xRnH9MNVhrJjJEm0+CH8jCNsYjDWo/nueLrXSr5+Fmscug75fZ3XKVq?= |
X-Forefront-Antispam-Report-Untrusted | CIP:255.255.255.255;CTRY:;LANG:nb;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR83MB0756.EURPRD83.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(10070799003)(38070700018);DIR:OUT;SFP:1102; |
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount | 1 |
X-MS-Exchange-AntiSpam-MessageData-Original-0 | =?iso-8859-1?Q?243yXmxxA99AtwWLIC0AtXmyk8ap8KfjC+ZkrdNZ+7XBHs8uCXHVws6KIr?= |
Content-Type | multipart/related; |
MIME-Version | 1.0 |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | PAWPR06MB8714 |
Return-Path | didrikberg@microsoft.com |
X-MS-Exchange-Organization-ExpirationStartTime | 01 Oct 2024 12:24:59.1253 |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Exchange-Organization-Network-Message-Id | 4a827b59-1658-4ac9-81ec-08dce21410f1 |
X-EOPAttributedMessage | 0 |
X-EOPTenantAttributedMessage | aa047274-bbe6-4fbd-98b6-b244735e8553:0 |
X-MS-Exchange-Organization-MessageDirectionality | Incoming |
X-MS-Exchange-Transport-CrossTenantHeadersStripped | DB5PEPF00014B8A.eurprd02.prod.outlook.com |
X-MS-Exchange-Transport-CrossTenantHeadersPromoted | DB5PEPF00014B8A.eurprd02.prod.outlook.com |
X-MS-PublicTrafficType | |
X-MS-Exchange-Organization-AuthSource | DB5PEPF00014B8A.eurprd02.prod.outlook.com |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-MS-Office365-Filtering-Correlation-Id-Prvs | f38c7519-1c4d-4720-68e0-08dce2140f62 |
X-MS-Exchange-AtpMessageProperties | SA|SL |
X-MS-Exchange-Organization-SCL | 1 |
X-Microsoft-Antispam | BCL:0;ARA:13230040|5073199012|4073199012|35042699022; |
X-Forefront-Antispam-Report | CIP:40.107.104.104;CTRY:IE;LANG:nb;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:EUR03-DBA-obe.outbound.protection.outlook.com;PTR:mail-dbaeur03on2104.outbound.protection.outlook.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(5073199012)(4073199012)(35042699022);DIR:INB;SFTY:9.25; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 01 Oct 2024 12:24:59.0629 |
X-MS-Exchange-CrossTenant-Network-Message-Id | 4a827b59-1658-4ac9-81ec-08dce21410f1 |
X-MS-Exchange-CrossTenant-Id | aa047274-bbe6-4fbd-98b6-b244735e8553 |
X-MS-Exchange-CrossTenant-AuthSource | DB5PEPF00014B8A.eurprd02.prod.outlook.com |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:03.2324669 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.8005.023 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198); |
X-Microsoft-Antispam-Message-Info | =?us-ascii?Q?AfjPQfG0byiVbR/tJa1vh4d3K57vllEKvL3wtMIhPWsMbvCvBme5bdnKNxC9?= |
date | Tue, 01 Oct 2024 14:24:56 +0200 |
Icon Hash: | c4e1928eacb280a2 |