Windows
Analysis Report
Message has been processed Request for Best Price Offer.msg
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- OUTLOOK.EXE (PID: 7280 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /f "C:\Users \user\Desk top\Messag e has been processed Request f or Best Pr ice Offer. msg" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 7544 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "CDF FC684-55B8 -4BBF-993F -CA8D282AB B3A" "90DC D6BD-804E- 417E-848D- A22B5F466C 39" "7280" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1538059 |
Start date and time: | 2024-10-20 07:20:38 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Message has been processed Request for Best Price Offer.msg |
Detection: | CLEAN |
Classification: | clean1.winMSG@3/10@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.113.194.132, 20.42.65.85, 104.208.16.95
- Excluded domains from analysis (whitelisted): ecs.office.com, slscr.update.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, onedscolprdcus20.centralus.cloudapp.azure.com, onedscolprdeus05.eastus.cloudapp.azure.com, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, neu-azsc-config.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Input | Output |
---|---|
URL: Model: claude-3-5-sonnet-20240620 | { "explanation": [ "The email appears to be a legitimate business communication requesting a price offer", "The sender's email address matches the signature and seems to be from a real company", "The content and structure of the email are professional and consistent with normal business practices" ], "phishing": false, "confidence": 8 } |
Is this email content a phishing attempt? Please respond only in valid JSON format: Email content converted to JSON: { "date": "Thu, 17 Oct 2024 18:06:58 +0200", "subject": "Message has been processed :Request for Best Price Offer", "communications": [ "Dear Sir/Madam,\n\n\n\n\nI hope this message finds you well.\n\n\n\n\nPlease find the attached Letter of Intent (LOI), provided for your reference. We would appreciate it if you could kindly offer your most competitive price.\n\n\n\n\nThank you for your time and consideration.\n\n\n\n\nBest regards,\n\n\n\n\nMohammadjavad Haghshenas Lari\n\nExport Sales Account Manager\n\nSales & Marketing Dept.\n\nArya Sasol Polymer Company\n\nPars Special Economic Energy Zone (PSEEZ), Iran\n\nIP Phone: +98 21 8592 2924\n\nCell Phone: +98 905 340 5259\n\n" ], "from": "\"Mohammadjavad Haghshenas\" <haghshenasm@aryasasol.com>", "to": "<sales7@sabasea.com>" } | |
URL: Email Model: claude-3-haiku-20240307 | ```json { "contains_trigger_text": true, "trigger_text": "Please find the attached Letter of Intent (LOI), provided for your reference. We would appreciate kindly offer your most competitive price.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false } |
URL: Email Model: claude-3-haiku-20240307 | ```json { "brands": [ "Arya Sasol Polymer Company" ] } |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.391545287863859 |
Encrypted: | false |
SSDEEP: | 1536:pNYLrYxgsCvPe7gG3WvgsfFNcAz79ysQqt2DjylqoQHlrcm0FvZmsyDnWDLy60+0:o6gg7pagimiGu2cqoQFrt0FvIK6Av4Jb |
MD5: | D08DE6FECD84B16A0375A21BDB828547 |
SHA1: | 822520561AC7BD4C7D1D3EB6047014DBDA911A60 |
SHA-256: | C6DA411A52A13F30F643382458D929B686529180EEDB5B0A1D60F0556D654917 |
SHA-512: | E34F88E690E138A2C9964D3E655CA0CDD4D3AD36C804D805C151339111881557F86E98E94E6951C69DB6D52D16481818003489660D3031D60E652D25D33983C5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.045583106806383875 |
Encrypted: | false |
SSDEEP: | 3:Gtlxtjlj92Z+qvjuoPlxtjlj92Z+qvj2/lll1R9//8l1lvlll1lllwlvlllglbep:GtDYAq71PDYAq7Slt9X01PH4l942wU |
MD5: | 2A5FB0A7318C240989C3EB8EBC8568F0 |
SHA1: | 83392469058BF7507D646BFFCE2D62C4806D26A0 |
SHA-256: | 98E69400BFE84E5EE9ABE0868E389F3B33B38D5103E8AD03C51C5D1CB7BD7237 |
SHA-512: | 82D958772A05B64A2D4F5D3AC1833F12603D2192C19E5A347A5F30C6676045DD9B43367FF5358CB053A66D6A636643B2ED90EFBD0EB74D4909F0D45B246F63C0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 49472 |
Entropy (8bit): | 0.4835353849347518 |
Encrypted: | false |
SSDEEP: | 48:9gtJQ1cvF/Ull7DYMc2gbzO8VFDYMcVIBO8VFDYML:9Tll4djVGgjVGC |
MD5: | 5917756C503AA7F779D2B488F9CC05DF |
SHA1: | 665D0B8E019483BC03AC579502313453CF352D74 |
SHA-256: | AB2BB50934576D71AAF95CFC43184BC3A2AFCD7E04A0B81D6B771A0AA6DAD53D |
SHA-512: | 786BD5B625891130799C49D7BBF0A2A15C5BBFB3452FCA4E9576B09AE20AF5D989ADCFEA2240FF74CB970068B6C48DCB0167F4BA94954193FB76D93564AD8E75 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729401702351035100_4C83E36A-69F6-4DDB-8C3D-93DBDB98E4E0.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.16107919210437227 |
Encrypted: | false |
SSDEEP: | 1536:DceeTz2/TzZbXDlRPJm1VQZ2k2U7C3HQRpdjAveQqIUj14y/T9B7smB:EzoBbXmV7Kx |
MD5: | EA5716775BEEDB61DE68153D718B8F35 |
SHA1: | D830C1FC3CB14D21EE35100B62D23A6354AE10AD |
SHA-256: | D5684A7D6E400E04F2BED93E8A7BE3405E1043E18069D8C0D6D460C53F3A3166 |
SHA-512: | 8D72BF2D048B0424D0AD503032B04079724312968F07510BBF4301060E1C056CA92FD95071833CAED904084B082EA69226FFD592AF0C562A8A771B05039944FB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729401702351822800_4C83E36A-69F6-4DDB-8C3D-93DBDB98E4E0.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241020T0121420049-7280.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 102400 |
Entropy (8bit): | 4.590403084174379 |
Encrypted: | false |
SSDEEP: | 768:jL+hUVHmvwg2RXn4S08mM9RuLhXL19BZEEEVVFAkKM8q05bzVqNeXgWoWnlT1Wkf:Jr4SuM9RuLhX7rX |
MD5: | 50211F2453B58A7FBE3F49B82632F501 |
SHA1: | 3601EFEDBABDD6327657BAFFC9F9FB8701360CD9 |
SHA-256: | 99510350D01875A27974E08EB5B4A0034DE251702C87FF76DAB263169D62D5CD |
SHA-512: | 1079E48F02D3893F95DBCDB3B6EAF3320CCDE3BFE6198CD1219788AA50ED2661CA461015F373F648F05A8B2DA87EC1C2EAF135729514E61558B6A73BE3937164 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 163840 |
Entropy (8bit): | 0.3331489686023434 |
Encrypted: | false |
SSDEEP: | 192:t+GmCyr4jkDgrfP5zt7vi/WuQNgz0XHWQOAqAbAFAqwNh/:tiCdAWfhztsz0XHOAqMu |
MD5: | 48B4B161F4B3859E0DD58FB721E78D79 |
SHA1: | ED907614C2FEEE86E0E0F1CBD77F33F20860094F |
SHA-256: | 41DBBCE2E551B424E5FE829AE969B77F17515A0A81B2974297E8AA526F8D6C67 |
SHA-512: | 3782C72E2190329FEE201F656C34820A5EB1672BFC3CF0F0C4B7648600A3E443BA5B5BBE9649E21CC2589B34B781E1DBCB8A030F83A668A7D3EFC5DB86C2849A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | 3:qnl7v:ql |
MD5: | 47C484E6CA7DFA0BC3D28607091B83E4 |
SHA1: | AC4E650E6C8B369A585180C7C8EF877FF8CBDA7E |
SHA-256: | 6A80832060EFE1626F339CFB52460DF14A68FE77F84AC205B63A725638162ECD |
SHA-512: | 33AC5084106C9B07D209A6BAE29B66F5E083E526522C940ECC543B9A592271A0127DB402874F96BE21CEDDA8FD917B6E9E74A2B4580D41824E2D3CFAB24E92FC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 1.2823632283228343 |
Encrypted: | false |
SSDEEP: | 768:AxQcDwhOP551E9CB5LdnO8lt3kacWmMGh5SHtNVTIS7p:5OPP1E+5hnO8ga0SHtgQ |
MD5: | 41A3556E1DF92C581F06766035BA232F |
SHA1: | 20FEBCDA70E0D9972F4FC6E04C960D14B54AA5E1 |
SHA-256: | 2BB0A3CB087C369F5E4121FEA7ADE8F4124EF43F4AE2D5B63EAED5B818C1C390 |
SHA-512: | 457AA4885285E6647B8D8B0AD57174D5B6684C004D9DD2B553E03E1C57643C6F92F7D605C7AF6FDB0891F5756C19CC09825AE9C37FACD54686C883EE6F45576E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.7935380768751171 |
Encrypted: | false |
SSDEEP: | 192:YfkwjTIIJ27DeGV2rzEiJa3NuLRhpvRhZRvGx5XWc:sjTIgSDeejig3NwL51vGx |
MD5: | B8FD3B1EDCE91C98E1E84522B0E594C4 |
SHA1: | 7C9CDD97B864CE6CD8F206313FE4FF60C2A6D87C |
SHA-256: | F6873C32933229A32046CBB225E22A6D977D0CD824FBB590CC663C188045349F |
SHA-512: | 998211F6F9578037FC828FB3487BAFFEE8197551EA0BB66548F81CC1007552175FF9B746080EFB9E864366376B8E4A5BCAC167F910B8F883F850F00DDF7DE699 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 4.108964691575022 |
TrID: |
|
File name: | Message has been processed Request for Best Price Offer.msg |
File size: | 35'840 bytes |
MD5: | 3fd5248616a4072f3eefc862a0b01177 |
SHA1: | 501dd5e6b268b88128e66d83477f04ad5db45a2a |
SHA256: | 436b30930666eefe9b4f3114e0919bb5adedbcc75d15d7b32fa5c810ea5e17f6 |
SHA512: | 735f4444fb23e76c5709d95e4589b1f8651afc174e09b0078bf41a2ab080e3b37a6f1943c3749dc87d4a83f06d00a92e7287e2ff1e0bc5df414b5c701ae591b0 |
SSDEEP: | 768:joEoPXwcasKisKFLZ+o3nmsK2sK2txvPdpO:rca69gNu+txHdp |
TLSH: | 79F29B113AE94605F27BDE760EE28596C6277C82ED31D68F319D730E0B73940E971B2A |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
Subject: | Message has been processed :Request for Best Price Offer |
From: | "Mohammadjavad Haghshenas" <haghshenasm@aryasasol.com> |
To: | <sales7@sabasea.com> |
Cc: | |
BCC: | |
Date: | Thu, 17 Oct 2024 18:06:58 +0200 |
Communications: |
|
Attachments: |
Key | Value |
---|---|
Received | from mail0.somccrop.com ([193.27.90.180]:37804) by vip16-233.cp.htz.privatedns.biz with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <reply43@somccrop.com>) id 1t1LA1-0004xX-3B for sales7@sabasea.com; Thu, 17 Oct 2024 07:43:07 +0000 |
From | "Mohammadjavad Haghshenas" <haghshenasm@aryasasol.com> |
To | <sales7@sabasea.com> |
Subject | Message has been processed :Request for Best Price Offer |
Date | Thu, 17 Oct 2024 19:36:58 +0330 |
Message-ID | <20241017090658.B7251B3CB59526AE@aryasasol.com> |
MIME-Version | 1.0 |
Content-Type | multipart/alternative; |
X-Mailer | Microsoft Outlook 16.0 |
Thread-Index | AQJEKqsz37kiIxGoS5uUdnhR1ABexw== |
X-Spam-Status | No, score=2.6 |
X-Spam-Score | 26 |
X-Spam-Bar | ++ |
X-Ham-Report | Spam detection software, running on the system "vip16-233.cp.htz.privatedns.biz", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Dear Sir/Madam, I hope this message finds you well. Please find the attached Letter of Intent (LOI), provided for your reference. We would appreciate it if you could kindly offer your most competitive price. Content analysis details: (2.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)' 0.5 JMQ_SPF_NEUTRAL ASKDNS: SPF set to ?all [somccrop.com TXT:v=spf1 a mx ptr a:somccrop.com] [ip4:193.27.90.0/24 ?all] -0.0 SPF_PASS SPF: sender |
ord 0.0 DATE_IN_FUTURE_06_12 Date | is 6 to 12 hours after Received: date 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.27.90.180 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.27.90.180 |
X-Spam-Flag | NO |
X-MimeOLE | Produced By Microsoft MimeOLE |
date | Thu, 17 Oct 2024 18:06:58 +0200 |
Icon Hash: | c4e1928eacb280a2 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:21:38 |
Start date: | 20/10/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf0000 |
File size: | 34'446'744 bytes |
MD5 hash: | 91A5292942864110ED734005B7E005C0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 1 |
Start time: | 01:21:44 |
Start date: | 20/10/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6a7fc0000 |
File size: | 710'048 bytes |
MD5 hash: | EC652BEDD90E089D9406AFED89A8A8BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |