Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.04.09 11:37	Machine	s1_win7_x6402
Filename	................................................................................dot
Type	Rich Text Format data, unknown version
AI Score	Not founds	Behavior Score	4.4
ZERO API	file : mailcious
VT API (file)	25 detected (ObfsObjDat, RTFObfustream, Save, Bloodhound, multiple detections, Malicious, score, dinbqn, RTFMALFORM, Malformed, ai score=83, Malform, CVE-2017-1188, Probably Heur, RTFBadVersion, objupdate)
md5	40f03856876fda8b3bda880d1d5a4636
sha256	a4358b898c41852211ee727e4b8c0d05301bf4c6a90a4780c5a6f8b1b1cf5c81
ssdeep	384:CrbzX8txvSYHKdnddR6DJlNmBjL0ztbQ3om:uH8bKdlkJlNmBjatO
imphash
impfuzzy

Network IP location

Signature (10cnts)

Level	Description
warning	File has been identified by 25 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	An application raised an exception which may be indicative of an exploit crash
notice	Creates hidden or system file
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
notice	RTF file has an unknown version
notice	Sends data using the HTTP POST Method
info	One or more processes crashed

Rules (1cnts)

Level	Name	Description	Collection
info	Rich_Text_Format_Zero	Rich Text Format Signature Zero	binaries (upload)

Network (56cnts) ?

Request	ASN Co	IP4	Rule ?	ZERO ?
http://23.95.122.24/zyo/vbc.exe whois	AS-COLOCROSSING	23.95.122.24		malware
http://www.blackmantech.fitness/nnmd/ whois	SEDO GmbH	91.195.240.94		clean
http://www.ueoxx.com/nnmd/ whois	AMAZON-02	52.15.160.167		clean
http://www.vegrebel.com/nnmd/?Ajn=iedGY0/jFY2caMs7ufAPjCijJp09b4Pnd9J45dLvz29YUuAPrQ24EB7QdiStDbxe7UevWaqL&ndndsZ=KdvDNnE0J8D8 whois	UNIFIEDLAYER-AS-1	50.87.195.61		clean
http://www.dream-e-mail.com/nnmd/ whois	LEASEWEB-USA-LAX-11	23.107.250.219		clean
http://www.winnijermaynezigmund.site/nnmd/?Ajn=N2I1yTk+m5kpahBRa8KKuG/S0eEJEgSw239Z/a58dxU5l2G0s9OUHiRItD8O8JZ1353ED8ed&ndndsZ=KdvDNnE0J8D8 whois	NAMECHEAP-NET	198.54.117.244		clean
http://www.raison-sociale.com/nnmd/ whois	OVH SAS	164.132.235.17		clean
http://www.dream-e-mail.com/nnmd/?Ajn=GDNzUjFbUW1WpVH7wCb7N3BoG8g8NpYy+xvVu1J5yu1tN7UOoDiMgA12mZMJcf0xYUEJW7jx&ndndsZ=KdvDNnE0J8D8 whois	LEASEWEB-USA-LAX-11	23.107.250.219		clean
http://www.partapprintercare.com/nnmd/ whois	Hetzner Online GmbH	195.201.179.80		clean
http://www.blackmantech.fitness/nnmd/?Ajn=lO2MoVQRnuQliAFYE73xMyvXdf5GkN1z0aKfIeNynRlJRWydjj13mXpuZu0yLgH94KMPbX89&ndndsZ=KdvDNnE0J8D8 whois	SEDO GmbH	91.195.240.94		clean
http://www.topmejoresproductos.com/nnmd/?Ajn=5oGfYuXOY9e6Wgzyw65MR7pWmotIxUI2yZPS8hwMrcBGefCHV1tZ9t+5FZg010TA0GKtEOYf&ndndsZ=KdvDNnE0J8D8 whois	CONFLUENCE-NETWORK-INC	209.99.40.222		clean
http://www.partapprintercare.com/nnmd/?Ajn=3phtZ1zyTDnz2WU83f8ON1haRiqj6XFttO8huOGvsDIOA2gUzVx9KnrUfWHFG6Oh1DS0eFgG&ndndsZ=KdvDNnE0J8D8 whois	Hetzner Online GmbH	195.201.179.80		clean
http://www.ueoxx.com/nnmd/?Ajn=tRQiX2tnIcR1+0C/rREkw+oZ8fYp7zrYt8/OoSFyZqkjizznZx3g6RXGoToit+qONbwCpa2o&ndndsZ=KdvDNnE0J8D8 whois	AMAZON-02	3.14.206.30		clean
http://www.scott-re.online/nnmd/ whois	GOOGLE	34.102.136.180	630	mailcious
http://www.elpis-catering.com/nnmd/?Ajn=0Ts1VGxpsMxFhohnYcmQwyVTyV70cpoMLj6MACjr+zVW8ucMOFGWLmSRW6U63/nNCvV4KGuc&ndndsZ=KdvDNnE0J8D8 whois	LIQUIDWEB	67.225.129.56		clean
http://www.vegrebel.com/nnmd/ whois	UNIFIEDLAYER-AS-1	50.87.195.61		clean
http://www.scott-re.online/nnmd/?Ajn=YoDjfv9GFAPxmC/m/YrXEnPJINgN/ZGcUJt6czxWwkNRV1BAm2Kb0tXyCx+SX/c+MMPjJ8db&ndndsZ=KdvDNnE0J8D8 whois	GOOGLE	34.102.136.180	630	mailcious
http://www.thechilldrengang.com/nnmd/?Ajn=Qm+zDj4f4RLuzqptG8COn+B+brI1CpB9wHw121EclcSQGwPEjyrk1ZHI0LfP5GMpxTTOLxvE&ndndsZ=KdvDNnE0J8D8 whois	AS-26496-GO-DADDY-COM-LLC	107.180.43.16		clean
http://www.syduit.com/nnmd/ whois	DXTL Tseung Kwan O Service	154.86.211.231		clean
http://www.regalparkllc.com/nnmd/ whois	AUTOMATTIC	192.0.78.25		clean
http://www.elpis-catering.com/nnmd/ whois	LIQUIDWEB	67.225.129.56		clean
http://www.topmejoresproductos.com/nnmd/ whois	CONFLUENCE-NETWORK-INC	209.99.40.222		clean
http://www.thechilldrengang.com/nnmd/ whois	AS-26496-GO-DADDY-COM-LLC	107.180.43.16		clean
http://www.syduit.com/nnmd/?Ajn=btHTA+j+pbtfXH5E0zmzPQOf49f/oMdnjHUIX6frz8d7so2A3ybxPAuEpf9zLJV/bTrkMS/E&ndndsZ=KdvDNnE0J8D8 whois	DXTL Tseung Kwan O Service	154.86.211.231		clean
http://www.winnijermaynezigmund.site/nnmd/ whois	NAMECHEAP-NET	198.54.117.244		clean
http://www.raison-sociale.com/nnmd/?Ajn=P1LpRENdnqb1fbOGyNga4nCXTVuCGTreTbOaFjWN+nixYx/3vSvBuhMK5uJ9XJmSyj6SVpMN&ndndsZ=KdvDNnE0J8D8 whois	OVH SAS	164.132.235.17		clean
http://www.regalparkllc.com/nnmd/?Ajn=tTl8v8g2q+7FzdYz1UQNVvYPTgelaUE7gW7tW0qfdn51WjA1prpQnhugYZXHkQH8F1WTaXCY&ndndsZ=KdvDNnE0J8D8 whois	AUTOMATTIC	192.0.78.25		clean
www.topmejoresproductos.com whois	CONFLUENCE-NETWORK-INC	209.99.40.222		clean
www.fjsibao.com whois				clean
www.scott-re.online whois	GOOGLE	34.102.136.180		clean
www.elpis-catering.com whois	LIQUIDWEB	67.225.129.56		clean
www.syduit.com whois	DXTL Tseung Kwan O Service	154.86.211.231		clean
www.xn--kck4cd0r.net whois				clean
www.ueoxx.com whois	AMAZON-02	52.15.160.167		clean
www.dream-e-mail.com whois	LEASEWEB-USA-LAX-11	23.107.250.219		clean
www.partapprintercare.com whois	Hetzner Online GmbH	195.201.179.80		clean
www.vegrebel.com whois	UNIFIEDLAYER-AS-1	50.87.195.61		clean
www.thechilldrengang.com whois	AS-26496-GO-DADDY-COM-LLC	107.180.43.16		clean
www.blackmantech.fitness whois	SEDO GmbH	91.195.240.94		clean
www.raison-sociale.com whois	OVH SAS	164.132.235.17		clean
www.regalparkllc.com whois	AUTOMATTIC	192.0.78.25		clean
www.winnijermaynezigmund.site whois	NAMECHEAP-NET	198.54.117.244		clean
23.95.122.24 whois	AS-COLOCROSSING	23.95.122.24		malware
52.15.160.167 whois	AMAZON-02	52.15.160.167		clean
195.201.179.80 whois	Hetzner Online GmbH	195.201.179.80		mailcious
91.195.240.94 whois	SEDO GmbH	91.195.240.94		phishing
209.99.40.222 whois	CONFLUENCE-NETWORK-INC	209.99.40.222		mailcious
164.132.235.17 whois	OVH SAS	164.132.235.17		phishing
50.87.195.61 whois	UNIFIEDLAYER-AS-1	50.87.195.61		clean
34.102.136.180 whois	GOOGLE	34.102.136.180		mailcious
67.225.129.56 whois	LIQUIDWEB	67.225.129.56		phishing
198.54.117.244 whois	NAMECHEAP-NET	198.54.117.244		phishing
192.0.78.24 whois	AUTOMATTIC	192.0.78.24		mailcious
154.86.211.231 whois	DXTL Tseung Kwan O Service	154.86.211.231		clean
107.180.43.16 whois	AS-26496-GO-DADDY-COM-LLC	107.180.43.16		phishing
23.107.250.219 whois	LEASEWEB-USA-LAX-11	23.107.250.219		clean

Report - ................................................................................dot

Signature (10cnts)

Rules (1cnts)

Network (56cnts) ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure