hxxp://Received[:] from PR0P264MB2169[.]FRAP264[.]PROD[.]OUTLOOK[.]COM (2603[:]10a6[:]102[:]167[::]11) by PAYP264MB3768[.]FRAP264[.]PROD[.]OUTLOOK[.]COM with HTTPS; Thu, 25 Apr 2024 12[:]42[:]45 +0000 Authentication-Results[:] dkim=none (message not signed) header[.]d=none;dmarc=none action=none header[.]from=cmai-groupe[.]com; Received[:] from PR0P264MB4298[.]FRAP264[.]PROD[.]OUTLOOK[.]COM (2603[:]10a6[:]102[:]25d[::]7) by PR0P264MB2169[.]FRAP264[.]PROD[.]OUTLOOK[.]COM (2603[:]10a6[:]102[:]167[::]11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15[.]20[.]7519[.]22; Thu, 25 Apr 2024 12[:]42[:]37 +0000 Received[:] from PR0P264MB4298[.]FRAP264[.]PROD[.]OUTLOOK[.]COM ([fe80[::]232c[:]261f[:]6009[:]4f86]) by PR0P264MB4298[.]FRAP264[.]PROD[.]OUTLOOK[.]COM ([fe80[::]232c[:]261f[:]6009[:]4f86%3]) with mapi id 15[.]20[.]7519[.]021; Thu, 25 Apr 2024 12[:]42[:]37 +0000 Content-Type[:] application/ms-tnef; name="winmail[.]dat" Content-Transfer-Encoding[:] binary From[:] MUELA Ernesto <ernesto[.]muela@cmai-groupe[.]com> To[:] =?utf-8?B?SmF2aWVyIFNhZWxpY2VzIEppbcOpbmV6?= <javier[.]saelices@puertassanrafael[.]com> Subject[:] =?utf-8?B?UlY6IEdlbmVyYWNpw7NuIGRlIHBhbGV0cy4=?= Thread-Topic[:] =?utf-8?B?R2VuZXJhY2nDs24gZGUgcGFsZXRzLg==?= Thread-Index[:] AdqPEc9OconuBqv6Riy3EZJO3XzdTwH/Dfbg Date[:] Thu, 25 Apr 2024 12[:]42[:]37 +0000 Message-ID[:] <PR0P264MB429851867960DB04760CC10FAE172@PR0P264MB4298[.]FRAP264[.]PROD[.]OUTLOOK[.]COM> References[:] <PR2P264MB0478FDC1AE541F291BCE98CEA8092@PR2P264MB0478[.]FRAP264[.]PROD[.]OUTLOOK[.]COM> In-Reply-To[:] <PR2P264MB0478FDC1AE541F291BCE98CEA8092@PR2P264MB0478[.]FRAP264[.]PROD[.]OUTLOOK[.]COM> Accept-Language[:] es-ES, en-US Content-Language[:] es-ES X-MS-Has-Attach[:] yes X-MS-Exchange-Organization-SCL[:] 1 X-MS-TNEF-Correlator[:] <PR0P264MB429851867960DB04760CC10FAE172@PR0P264MB4298[.]FRAP264[.]PROD[.]OUTLOOK[.]COM> MIME-Version[:] 1[.]0 X-MS-Exchange-Organization-MessageDirectionality[:] Originating X-MS-Exchange-Organization-AuthSource[:] PR0P264MB4298[.]FRAP264[.]PROD[.]OUTLOOK[.]COM X-MS-Exchange-Organization-AuthAs[:] Internal X-MS-Exchange-Organization-AuthMechanism[:] 04 X-MS-Exchange-Organization-Network-Message-Id[:] 64ee51fc-f4a3-4c0a-91fa-08dc65252fe6 X-MS-PublicTrafficType[:] Email X-MS-TrafficTypeDiagnostic[:] PR0P264MB4298[:]EE_|PR0P264MB2169[:]EE_|PAYP264MB3768[:]EE_ Return-Path[:] ernesto[.]muela@cmai-groupe[.]com X-MS-Exchange-Organization-ExpirationStartTime[:] 25 Apr 2024 12[:]42[:]37[.]3877 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason[:] OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval[:] 1[:]00[:]00[:]00[.]0000000 X-MS-Exchange-Organization-ExpirationIntervalReason[:] OriginalSubmit X-MS-Office365-Filtering-Correlation-Id[:] 64ee51fc-f4a3-4c0a-91fa-08dc65252fe6 X-Microsoft-Antispam[:] BCL[:]0;ARA[:]13230031|366007|41050700001; X-Forefront-Antispam-Report[:] CIP[:]255[.]255[.]255[.]255;CTRY[:];LANG[:]es;SCL[:]1;SRV[:];IPV[:]NLI;SFV[:]NSPM;H[:]PR0P264MB4298[.]FRAP264[.]PROD[.]OUTLOOK[.]COM;PTR[:];CAT[:]NONE;SFS[:](13230031)(366007)(41050700001);DIR[:]INT; X-MS-Exchange-CrossTenant-OriginalArrivalTime[:] 25 Apr 2024 12[:]42[:]37[.]1499 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader[:] Hosted X-MS-Exchange-CrossTenant-Id[:] 17c0a266-b720-479c-a157-ba6848d1fd33 X-MS-Exchange-CrossTenant-AuthSource[:] PR0P264MB4298[.]FRAP264[.]PROD[.]OUTLOOK[.]COM X-MS-Exchange-CrossTenant-AuthAs[:] Internal X-MS-Exchange-CrossTenant-Network-Message-Id[:] 64ee51fc-f4a3-4c0a-91fa-08dc65252fe6 X-MS-Exchange-CrossTenant-MailboxType[:] HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName[:] vwatX7r5cppGelyUsFabJDfKHvn80zWd/dNVeDobvE9O0yltF4HXyODl/C3IqzkJynlc3lfPhkZwOVqdwM5ZFXR7ki9oA0Y+8ppTFnc9mIk= X-MS-Exchange-Transport-CrossTenantHeadersStamped[:] PR0P264MB2169 X-MS-Exchange-Transport-EndToEndLatency[:] 00[:]00[:]08[.]3035744 X-MS-Exchange-Processed-By-BccFoldering[:] 15[.]20[.]7472[.]035 X-Microsoft-Antispam-Mailbox-Delivery[:] ucf[:]0;jmr[:]0;auth[:]0;dest[:]I;ENG[:](910001)(944506478)(944626604)(920097)(425001)(930097)(140003); X-Microsoft-Antispam-Message-Info[:] wOXy2djiHeJk7ZVXajYE6PM73spaRzeHmrvpA7W/ii2tnPUttUYf9/yCKnSOveh2m7A4hC3+G28pNiIu7s6ZK3trKM9cgqmnat+zCHICNTYRrr3w+TZLVlk+74HC49WE9C+O2scOSuGMfkIHbqX3FDfUYYzjck/XAkTXoZr4mbXED14fObQf8gN8Lc/t+kIgZMj1V509EQQRlAxB2jl/osCxDlXLlPZUu8ouq8lo1XDgV1ufotXkSt6S8ZHVw/5F0c5SCYLSvwt+b3xK+0MTdJALTl+pitM25X7lGy8qFELf/VbuuWCaJXXcrM16O6PaUikkZo+gA8gAap5v3HyZdrAju0mdWuqjtUlrB8LAl7+ZC6iNsnLNI+Yb1AoGwbfLa2InmH5FWVJDPFr9d0S/zUyx31NNPLZaN8zhSUepuyUiDd3HTNJq3PS4+C9dPY0HaUQ6yJp2zVe9knPzWqssXJRDI1YOCz9KlcI+gEaIBEN3mUKL33xyc4+IgZS0ko4Gp3jMS/mzOG8cJqUNnY4ogCDgAhCK6GH3wokdheGczbdiv4OtGDdXpHG3CFXvX3WhbBR5o6ex2tgClKuJSD3HjZ6Tt7/ExOhxLT9D2XegN3FdJwuYnmJnwPrBqGsTNOPm6vR53R69pIthgIrXdmJT5bpCkzq/vU7fddA4YkUbHuR2wIqGJ6146GSa6x9Z1UbnYnxk4rq5xVaQPyIjjgHrpUYDc/k8pNQxAEDW4fC9+KIRy9d8M7PiF5FTyTaxB4En5xc8pfnDzxQEKQhZXvr9zrsGaV2KEHqUQVRttCCPQhGx/tM/YZhaoUC8fVupKEFyw4V1DT9JAmuu4PXRFfZHhQ==

Sharing

Behavioral task

behavioral1

Sample

http://Received: from PR0P264MB2169.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:167::11) by PAYP264MB3768.FRAP264.PROD.OUTLOOK.COM with HTTPS; Thu, 25 Apr 2024 12:42:45 +0000 Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cmai-groupe.com; Received: from PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:25d::7) by PR0P264MB2169.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:167::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.22; Thu, 25 Apr 2024 12:42:37 +0000 Received: from PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM ([fe80::232c:261f:6009:4f86]) by PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM ([fe80::232c:261f:6009:4f86%3]) with mapi id 15.20.7519.021; Thu, 25 Apr 2024 12:42:37 +0000 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: binary From: MUELA Ernesto <[email protected]> To: =?utf-8?B?SmF2aWVyIFNhZWxpY2VzIEppbcOpbmV6?= <[email protected]> Subject: =?utf-8?B?UlY6IEdlbmVyYWNpw7NuIGRlIHBhbGV0cy4=?= Thread-Topic: =?utf-8?B?R2VuZXJhY2nDs24gZGUgcGFsZXRzLg==?= Thread-Index: AdqPEc9OconuBqv6Riy3EZJO3XzdTwH/Dfbg Date: Thu, 25 Apr 2024 12:42:37 +0000 Message-ID: <PR0P264MB429851867960DB04760CC10FAE172@PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM> References: <PR2P264MB0478FDC1AE541F291BCE98CEA8092@PR2P264MB0478.FRAP264.PROD.OUTLOOK.COM> In-Reply-To: <PR2P264MB0478FDC1AE541F291BCE98CEA8092@PR2P264MB0478.FRAP264.PROD.OUTLOOK.COM> Accept-Language: es-ES, en-US Content-Language: es-ES X-MS-Has-Attach: yes X-MS-Exchange-Organization-SCL: 1 X-MS-TNEF-Correlator: <PR0P264MB429851867960DB04760CC10FAE172@PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM> MIME-Version: 1.0 X-MS-Exchange-Organization-MessageDirectionality: Originating X-MS-Exchange-Organization-AuthSource: PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 04 X-MS-Exchange-Organization-Network-Message-Id: 64ee51fc-f4a3-4c0a-91fa-08dc65252fe6 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PR0P264MB4298:EE_|PR0P264MB2169:EE_|PAYP264MB3768:EE_ Return-Path: [email protected] X-MS-Exchange-Organization-ExpirationStartTime: 25 Apr 2024 12:42:37.3877 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit X-MS-Office365-Filtering-Correlation-Id: 64ee51fc-f4a3-4c0a-91fa-08dc65252fe6 X-Microsoft-Antispam: BCL:0;ARA:13230031|366007|41050700001; X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:es;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366007)(41050700001);DIR:INT; X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2024 12:42:37.1499 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 17c0a266-b720-479c-a157-ba6848d1fd33 X-MS-Exchange-CrossTenant-AuthSource: PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-Network-Message-Id: 64ee51fc-f4a3-4c0a-91fa-08dc65252fe6 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vwatX7r5cppGelyUsFabJDfKHvn80zWd/dNVeDobvE9O0yltF4HXyODl/C3IqzkJynlc3lfPhkZwOVqdwM5ZFXR7ki9oA0Y+8ppTFnc9mIk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB2169 X-MS-Exchange-Transport-EndToEndLatency: 00:00:08.3035744 X-MS-Exchange-Processed-By-BccFoldering: 15.20.7472.035 X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003); X-Microsoft-Antispam-Message-Info: wOXy2djiHeJk7ZVXajYE6PM73spaRzeHmrvpA7W/ii2tnPUttUYf9/yCKnSOveh2m7A4hC3+G28pNiIu7s6ZK3trKM9cgqmnat+zCHICNTYRrr3w+TZLVlk+74HC49WE9C+O2scOSuGMfkIHbqX3FDfUYYzjck/XAkTXoZr4mbXED14fObQf8gN8Lc/t+kIgZMj1V509EQQRlAxB2jl/osCxDlXLlPZUu8ouq8lo1XDgV1ufotXkSt6S8ZHVw/5F0c5SCYLSvwt+b3xK+0MTdJALTl+pitM25X7lGy8qFELf/VbuuWCaJXXcrM16O6PaUikkZo+gA8gAap5v3HyZdrAju0mdWuqjtUlrB8LAl7+ZC6iNsnLNI+Yb1AoGwbfLa2InmH5FWVJDPFr9d0S/zUyx31NNPLZaN8zhSUepuyUiDd3HTNJq3PS4+C9dPY0HaUQ6yJp2zVe9knPzWqssXJRDI1YOCz9KlcI+gEaIBEN3mUKL33xyc4+IgZS0ko4Gp3jMS/mzOG8cJqUNnY4ogCDgAhCK6GH3wokdheGczbdiv4OtGDdXpHG3CFXvX3WhbBR5o6ex2tgClKuJSD3HjZ6Tt7/ExOhxLT9D2XegN3FdJwuYnmJnwPrBqGsTNOPm6vR53R69pIthgIrXdmJT5bpCkzq/vU7fddA4YkUbHuR2wIqGJ6146GSa6x9Z1UbnYnxk4rq5xVaQPyIjjgHrpUYDc/k8pNQxAEDW4fC9+KIRy9d8M7PiF5FTyTaxB4En5xc8pfnDzxQEKQhZXvr9zrsGaV2KEHqUQVRttCCPQhGx/tM/YZhaoUC8fVupKEFyw4V1DT9JAmuu4PXRFfZHhQ==

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

http://Received: from PR0P264MB2169.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:167::11) by PAYP264MB3768.FRAP264.PROD.OUTLOOK.COM with HTTPS; Thu, 25 Apr 2024 12:42:45 +0000 Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cmai-groupe.com; Received: from PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:25d::7) by PR0P264MB2169.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:167::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.22; Thu, 25 Apr 2024 12:42:37 +0000 Received: from PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM ([fe80::232c:261f:6009:4f86]) by PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM ([fe80::232c:261f:6009:4f86%3]) with mapi id 15.20.7519.021; Thu, 25 Apr 2024 12:42:37 +0000 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: binary From: MUELA Ernesto <[email protected]> To: =?utf-8?B?SmF2aWVyIFNhZWxpY2VzIEppbcOpbmV6?= <[email protected]> Subject: =?utf-8?B?UlY6IEdlbmVyYWNpw7NuIGRlIHBhbGV0cy4=?= Thread-Topic: =?utf-8?B?R2VuZXJhY2nDs24gZGUgcGFsZXRzLg==?= Thread-Index: AdqPEc9OconuBqv6Riy3EZJO3XzdTwH/Dfbg Date: Thu, 25 Apr 2024 12:42:37 +0000 Message-ID: <PR0P264MB429851867960DB04760CC10FAE172@PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM> References: <PR2P264MB0478FDC1AE541F291BCE98CEA8092@PR2P264MB0478.FRAP264.PROD.OUTLOOK.COM> In-Reply-To: <PR2P264MB0478FDC1AE541F291BCE98CEA8092@PR2P264MB0478.FRAP264.PROD.OUTLOOK.COM> Accept-Language: es-ES, en-US Content-Language: es-ES X-MS-Has-Attach: yes X-MS-Exchange-Organization-SCL: 1 X-MS-TNEF-Correlator: <PR0P264MB429851867960DB04760CC10FAE172@PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM> MIME-Version: 1.0 X-MS-Exchange-Organization-MessageDirectionality: Originating X-MS-Exchange-Organization-AuthSource: PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM X-MS-Exchange-Organization-AuthAs: Internal X-MS-Exchange-Organization-AuthMechanism: 04 X-MS-Exchange-Organization-Network-Message-Id: 64ee51fc-f4a3-4c0a-91fa-08dc65252fe6 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PR0P264MB4298:EE_|PR0P264MB2169:EE_|PAYP264MB3768:EE_ Return-Path: [email protected] X-MS-Exchange-Organization-ExpirationStartTime: 25 Apr 2024 12:42:37.3877 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit X-MS-Office365-Filtering-Correlation-Id: 64ee51fc-f4a3-4c0a-91fa-08dc65252fe6 X-Microsoft-Antispam: BCL:0;ARA:13230031|366007|41050700001; X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:es;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366007)(41050700001);DIR:INT; X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2024 12:42:37.1499 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 17c0a266-b720-479c-a157-ba6848d1fd33 X-MS-Exchange-CrossTenant-AuthSource: PR0P264MB4298.FRAP264.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-Network-Message-Id: 64ee51fc-f4a3-4c0a-91fa-08dc65252fe6 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vwatX7r5cppGelyUsFabJDfKHvn80zWd/dNVeDobvE9O0yltF4HXyODl/C3IqzkJynlc3lfPhkZwOVqdwM5ZFXR7ki9oA0Y+8ppTFnc9mIk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB2169 X-MS-Exchange-Transport-EndToEndLatency: 00:00:08.3035744 X-MS-Exchange-Processed-By-BccFoldering: 15.20.7472.035 X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003); X-Microsoft-Antispam-Message-Info: wOXy2djiHeJk7ZVXajYE6PM73spaRzeHmrvpA7W/ii2tnPUttUYf9/yCKnSOveh2m7A4hC3+G28pNiIu7s6ZK3trKM9cgqmnat+zCHICNTYRrr3w+TZLVlk+74HC49WE9C+O2scOSuGMfkIHbqX3FDfUYYzjck/XAkTXoZr4mbXED14fObQf8gN8Lc/t+kIgZMj1V509EQQRlAxB2jl/osCxDlXLlPZUu8ouq8lo1XDgV1ufotXkSt6S8ZHVw/5F0c5SCYLSvwt+b3xK+0MTdJALTl+pitM25X7lGy8qFELf/VbuuWCaJXXcrM16O6PaUikkZo+gA8gAap5v3HyZdrAju0mdWuqjtUlrB8LAl7+ZC6iNsnLNI+Yb1AoGwbfLa2InmH5FWVJDPFr9d0S/zUyx31NNPLZaN8zhSUepuyUiDd3HTNJq3PS4+C9dPY0HaUQ6yJp2zVe9knPzWqssXJRDI1YOCz9KlcI+gEaIBEN3mUKL33xyc4+IgZS0ko4Gp3jMS/mzOG8cJqUNnY4ogCDgAhCK6GH3wokdheGczbdiv4OtGDdXpHG3CFXvX3WhbBR5o6ex2tgClKuJSD3HjZ6Tt7/ExOhxLT9D2XegN3FdJwuYnmJnwPrBqGsTNOPm6vR53R69pIthgIrXdmJT5bpCkzq/vU7fddA4YkUbHuR2wIqGJ6146GSa6x9Z1UbnYnxk4rq5xVaQPyIjjgHrpUYDc/k8pNQxAEDW4fC9+KIRy9d8M7PiF5FTyTaxB4En5xc8pfnDzxQEKQhZXvr9zrsGaV2KEHqUQVRttCCPQhGx/tM/YZhaoUC8fVupKEFyw4V1DT9JAmuu4PXRFfZHhQ==

Sharing

General

Malware Config

Signatures

Files