popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ENC.zip

ZIP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 1, 2024, 3:02 p.m. July 1, 2024, 3:05 p.m.
Size 3.7MB
Type Zip archive data, at least v2.0 to extract
MD5 34dd73380e19295eef9c195a9f35c9b3
SHA256 208e322fe1e0e726aa69b3ac530da9ad4432dc046202cd06ce655148a73895a8
CRC32 E3BF7E3E
ssdeep 98304:XFRntzkol6g3ArKTgyI9e8Ki94nnNO+ahXk58GscjseUhtACE9uW:nntlCLenSuN4e6TIL
Yara
  • zip_file_format - ZIP file format

Name Response Post-Analysis Lookup
kaylen.xyz
A 104.21.94.78
A 172.67.220.235
172.67.220.235
IP Address Status Action
104.21.94.78 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49173 -> 104.21.94.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49172 -> 104.21.94.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49175 -> 104.21.94.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49171 -> 104.21.94.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49174 -> 104.21.94.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49176 -> 104.21.94.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49178 -> 104.21.94.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49179 -> 104.21.94.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49170 -> 104.21.94.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49173
104.21.94.78:443 		C=US, O=Google Trust Services, CN=WE1 CN=kaylen.xyz a6:97:7c:6b:09:d0:4a:fa:93:43:ee:47:cc:8f:7b:47:85:bc:af:68
TLSv1
192.168.56.102:49172
104.21.94.78:443 		C=US, O=Google Trust Services, CN=WE1 CN=kaylen.xyz a6:97:7c:6b:09:d0:4a:fa:93:43:ee:47:cc:8f:7b:47:85:bc:af:68
TLSv1
192.168.56.102:49175
104.21.94.78:443 		C=US, O=Google Trust Services, CN=WE1 CN=kaylen.xyz a6:97:7c:6b:09:d0:4a:fa:93:43:ee:47:cc:8f:7b:47:85:bc:af:68
TLSv1
192.168.56.102:49171
104.21.94.78:443 		C=US, O=Google Trust Services, CN=WE1 CN=kaylen.xyz a6:97:7c:6b:09:d0:4a:fa:93:43:ee:47:cc:8f:7b:47:85:bc:af:68
TLSv1
192.168.56.102:49174
104.21.94.78:443 		C=US, O=Google Trust Services, CN=WE1 CN=kaylen.xyz a6:97:7c:6b:09:d0:4a:fa:93:43:ee:47:cc:8f:7b:47:85:bc:af:68
TLSv1
192.168.56.102:49176
104.21.94.78:443 		C=US, O=Google Trust Services, CN=WE1 CN=kaylen.xyz a6:97:7c:6b:09:d0:4a:fa:93:43:ee:47:cc:8f:7b:47:85:bc:af:68
TLSv1
192.168.56.102:49178
104.21.94.78:443 		C=US, O=Google Trust Services, CN=WE1 CN=kaylen.xyz a6:97:7c:6b:09:d0:4a:fa:93:43:ee:47:cc:8f:7b:47:85:bc:af:68
TLSv1
192.168.56.102:49179
104.21.94.78:443 		C=US, O=Google Trust Services, CN=WE1 CN=kaylen.xyz a6:97:7c:6b:09:d0:4a:fa:93:43:ee:47:cc:8f:7b:47:85:bc:af:68
TLSv1
192.168.56.102:49170
104.21.94.78:443 		C=US, O=Google Trust Services, CN=WE1 CN=kaylen.xyz a6:97:7c:6b:09:d0:4a:fa:93:43:ee:47:cc:8f:7b:47:85:bc:af:68

suspicious_features POST method with no referer header suspicious_request POST https://kaylen.xyz/
request GET https://kaylen.xyz/
request POST https://kaylen.xyz/
request GET https://kaylen.xyz//sql.dll
request GET https://kaylen.xyz//freebl3.dll
request GET https://kaylen.xyz//mozglue.dll
request GET https://kaylen.xyz//msvcp140.dll
request GET https://kaylen.xyz//nss3.dll
request GET https://kaylen.xyz//softokn3.dll
request GET https://kaylen.xyz//vcruntime140.dll
request POST https://kaylen.xyz/
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win32/TrojanDownloader.Rugmi.AJC.gen
NANO-Antivirus Virus.Win32.Gen.ccmw