IOC Report
attachment(1).eml

loading gif

Files

File Path
Type
Category
Malicious
attachment(1).eml
RFC 822 mail, ASCII text, with CRLF line terminators
initial sample
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml
XML 1.0 document, ASCII text, with very long lines (2195), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Avenir Next LT Pro\25381880192.ttf
TrueType Font data, 20 tables, 1st "GDEF", 32 names, Macintosh, Copyright \251 2004 - 2017 Monotype GmbH. All rights reserved.Avenir Next LT ProBoldMonotype Ima
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Avenir Next LT Pro\26301410506.ttf
TrueType Font data, 20 tables, 1st "GDEF", 32 names, Macintosh, Copyright \251 2004 - 2017 Monotype GmbH. All rights reserved.Avenir Next LT ProRegularMonotype
dropped
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
ASCII text, with no line terminators
modified
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\FBAD925E-7B31-482A-993A-50EC4473AA8F
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_3A068CF11F63E149969CD37EBC347263.dat
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\14573093.dat
PNG image data, 1994 x 651, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3B2A5B6C.dat
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 177x177, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\84230978.dat
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\98454B19.dat
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\ACE1C646.dat
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
modified
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\CF1FAC7D.dat
PNG image data, 177 x 177, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\FB8A905A.dat
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 177x177, components 3
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729771051956124900_9CFDE129-03B7-4A1A-8623-24ADAAA18DC4.log
data
dropped
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T0757310748-3752.etl
data
modified
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
There are 13 hidden files, click here to show them.

IPs

IP
Domain
Country
Malicious
52.113.194.132
unknown
United States
93.184.221.240
unknown
European Union
2.19.126.160
unknown
European Union
184.28.90.27
unknown
United States
52.168.117.170
unknown
United States
52.109.76.240
unknown
United States
52.109.76.243
unknown
United States