hxxps://attachments[.]office[.]net/owa/suspicious%40resolutionlife[.]com[.]au/service[.]svc/s/GetAttachmentThumbnail?id=AAMkAGE1MDgwYzcyLTZhYTUtNDgyMy05ZDQyLTljOWUxMjljN2RmMgBGAAAAAACEmunnZVhQQLHpqubea6wQBwBbzcY7x5R3QY9e2JhrbznRAAAAAAEMAABbzcY7x5R3QY9e2JhrbznRAALGGDJWAAACEgAQAA4yDqxXF3xDugrDIxNzer8SABAAYixEc%2Bjf3Eeavh%2ButxtxSA%3D%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ[.]eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiN2M0M2NmNjhkNTk5NDExYWFkNDU5NDkwMDM1MWNmNDIiLCJzaWduaW5fc3RhdGUiOlsiZHZjX21uZ2QiLCJkdmNfY21wIiwiZHZjX2RtamQiLCJpbmtub3dubnR3ayIsImttc2kiXSwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEBhMDExMjhhNC1lM2U0LTQzNGMtOGFkNC1iM2Y3OTExNjU1Y2IiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM4MDExMjQyNTU5NzcwNjJcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCIwZjNiNzA4NC1hNTZlLTRhMGQtOWQzOS1iMzFiNTY5OWQ2YzNcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTM3Njc1NjE2MzMtNDI2MDE4MTk4Mi04ODQxMjgyMC0yNzgxNDkxNlwifSIsIm5iZiI6MTcyMzA4MjIxNCwiZXhwIjoxNzIzMDgyNTE0LCJpc3MiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAYTAxMTI4YTQtZTNlNC00MzRjLThhZDQtYjNmNzkxMTY1NWNiIiwiYXVkIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL2F0dGFjaG1lbnRzLm9mZmljZS5uZXRAYTAxMTI4YTQtZTNlNC00MzRjLThhZDQtYjNmNzkxMTY1NWNiIiwiaGFwcCI6Im93YSJ9[.]f6ryU6-KXsjWFfmPXApY0UUNjOmGl0LoWbhUmlcxFzdx9KWz9b1RWpYeqb5W3P-eFQY4QLnodvLMg2s2gCXrZUXNis-D8Be5trJ4MTtp1Po-goMHE7v7R_wdqlyLV4WK9sC2yGtwkbfY8VXYLN81rKED_6Qc8ptk5lfhDXsVMMGMGn0bXahPYkDQ4YohlcCqvaHR91u9bodcnKGPoecz8lqkTH3rtav68_Xdm_8Rg7NqHvQp_zHjLLN0MWh6FP9VVVn_FytWFdumXIvLqZrCzrw0VltBiZf6z70nerJHq-Q0d5gsBu3WZDL2169CwRrUTdnaif4zXhjNlTbzW7NmdQ&X-OWA-CANARY=bdvoVyJAlbkAAAAAAAAAAFBQ-oNNt9wYmmQNwdqsJMSpgzQNu-Oghtx9QnP9acYXoYtvNXTI_hM[.]&owa=outlook[.]office[.]com&scriptVer=20240719002[.]24&clientId=301EBAE1DE114286A470F45083003C22&animation=true

Sharing

Behavioral task

behavioral1

Sample

https://attachments.office.net/owa/suspicious%40resolutionlife.com.au/service.svc/s/GetAttachmentThumbnail?id=AAMkAGE1MDgwYzcyLTZhYTUtNDgyMy05ZDQyLTljOWUxMjljN2RmMgBGAAAAAACEmunnZVhQQLHpqubea6wQBwBbzcY7x5R3QY9e2JhrbznRAAAAAAEMAABbzcY7x5R3QY9e2JhrbznRAALGGDJWAAACEgAQAA4yDqxXF3xDugrDIxNzer8SABAAYixEc%2Bjf3Eeavh%2ButxtxSA%3D%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiN2M0M2NmNjhkNTk5NDExYWFkNDU5NDkwMDM1MWNmNDIiLCJzaWduaW5fc3RhdGUiOlsiZHZjX21uZ2QiLCJkdmNfY21wIiwiZHZjX2RtamQiLCJpbmtub3dubnR3ayIsImttc2kiXSwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEBhMDExMjhhNC1lM2U0LTQzNGMtOGFkNC1iM2Y3OTExNjU1Y2IiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM4MDExMjQyNTU5NzcwNjJcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCIwZjNiNzA4NC1hNTZlLTRhMGQtOWQzOS1iMzFiNTY5OWQ2YzNcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTM3Njc1NjE2MzMtNDI2MDE4MTk4Mi04ODQxMjgyMC0yNzgxNDkxNlwifSIsIm5iZiI6MTcyMzA4MjIxNCwiZXhwIjoxNzIzMDgyNTE0LCJpc3MiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAYTAxMTI4YTQtZTNlNC00MzRjLThhZDQtYjNmNzkxMTY1NWNiIiwiYXVkIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL2F0dGFjaG1lbnRzLm9mZmljZS5uZXRAYTAxMTI4YTQtZTNlNC00MzRjLThhZDQtYjNmNzkxMTY1NWNiIiwiaGFwcCI6Im93YSJ9.f6ryU6-KXsjWFfmPXApY0UUNjOmGl0LoWbhUmlcxFzdx9KWz9b1RWpYeqb5W3P-eFQY4QLnodvLMg2s2gCXrZUXNis-D8Be5trJ4MTtp1Po-goMHE7v7R_wdqlyLV4WK9sC2yGtwkbfY8VXYLN81rKED_6Qc8ptk5lfhDXsVMMGMGn0bXahPYkDQ4YohlcCqvaHR91u9bodcnKGPoecz8lqkTH3rtav68_Xdm_8Rg7NqHvQp_zHjLLN0MWh6FP9VVVn_FytWFdumXIvLqZrCzrw0VltBiZf6z70nerJHq-Q0d5gsBu3WZDL2169CwRrUTdnaif4zXhjNlTbzW7NmdQ&X-OWA-CANARY=bdvoVyJAlbkAAAAAAAAAAFBQ-oNNt9wYmmQNwdqsJMSpgzQNu-Oghtx9QnP9acYXoYtvNXTI_hM.&owa=outlook.office.com&scriptVer=20240719002.24&clientId=301EBAE1DE114286A470F45083003C22&animation=true

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

9 signatures

150 seconds

General

Target

https://attachments.office.net/owa/suspicious%40resolutionlife.com.au/service.svc/s/GetAttachmentThumbnail?id=AAMkAGE1MDgwYzcyLTZhYTUtNDgyMy05ZDQyLTljOWUxMjljN2RmMgBGAAAAAACEmunnZVhQQLHpqubea6wQBwBbzcY7x5R3QY9e2JhrbznRAAAAAAEMAABbzcY7x5R3QY9e2JhrbznRAALGGDJWAAACEgAQAA4yDqxXF3xDugrDIxNzer8SABAAYixEc%2Bjf3Eeavh%2ButxtxSA%3D%3D&thumbnailType=2&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbSIsInVjIjoiN2M0M2NmNjhkNTk5NDExYWFkNDU5NDkwMDM1MWNmNDIiLCJzaWduaW5fc3RhdGUiOlsiZHZjX21uZ2QiLCJkdmNfY21wIiwiZHZjX2RtamQiLCJpbmtub3dubnR3ayIsImttc2kiXSwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEBhMDExMjhhNC1lM2U0LTQzNGMtOGFkNC1iM2Y3OTExNjU1Y2IiLCJpc3NyaW5nIjoiV1ciLCJhcHBjdHgiOiJ7XCJtc2V4Y2hwcm90XCI6XCJvd2FcIixcInB1aWRcIjpcIjExNTM4MDExMjQyNTU5NzcwNjJcIixcInNjb3BlXCI6XCJPd2FEb3dubG9hZFwiLFwib2lkXCI6XCIwZjNiNzA4NC1hNTZlLTRhMGQtOWQzOS1iMzFiNTY5OWQ2YzNcIixcInByaW1hcnlzaWRcIjpcIlMtMS01LTIxLTM3Njc1NjE2MzMtNDI2MDE4MTk4Mi04ODQxMjgyMC0yNzgxNDkxNlwifSIsIm5iZiI6MTcyMzA4MjIxNCwiZXhwIjoxNzIzMDgyNTE0LCJpc3MiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBAYTAxMTI4YTQtZTNlNC00MzRjLThhZDQtYjNmNzkxMTY1NWNiIiwiYXVkIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL2F0dGFjaG1lbnRzLm9mZmljZS5uZXRAYTAxMTI4YTQtZTNlNC00MzRjLThhZDQtYjNmNzkxMTY1NWNiIiwiaGFwcCI6Im93YSJ9.f6ryU6-KXsjWFfmPXApY0UUNjOmGl0LoWbhUmlcxFzdx9KWz9b1RWpYeqb5W3P-eFQY4QLnodvLMg2s2gCXrZUXNis-D8Be5trJ4MTtp1Po-goMHE7v7R_wdqlyLV4WK9sC2yGtwkbfY8VXYLN81rKED_6Qc8ptk5lfhDXsVMMGMGn0bXahPYkDQ4YohlcCqvaHR91u9bodcnKGPoecz8lqkTH3rtav68_Xdm_8Rg7NqHvQp_zHjLLN0MWh6FP9VVVn_FytWFdumXIvLqZrCzrw0VltBiZf6z70nerJHq-Q0d5gsBu3WZDL2169CwRrUTdnaif4zXhjNlTbzW7NmdQ&X-OWA-CANARY=bdvoVyJAlbkAAAAAAAAAAFBQ-oNNt9wYmmQNwdqsJMSpgzQNu-Oghtx9QnP9acYXoYtvNXTI_hM.&owa=outlook.office.com&scriptVer=20240719002.24&clientId=301EBAE1DE114286A470F45083003C22&animation=true

Score

8^/10

phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Sharing

General

Malware Config

Signatures

Files