Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.04.13 09:23	Machine	s1_win7_x6402
Filename	.............................................................dot
Type	Rich Text Format data, unknown version
AI Score	Not founds	Behavior Score	4.4
ZERO API	file : clean
VT API (file)	23 detected (ObfsObjDat, CVE-2017-1188, CVE2017, a variant of DOC, Abnormal, dinbqn, RTFMALFORM, Outbreak, Malformed, Malicious, score, Malform, ai score=83, Probably Heur, RTFBadVersion, CoinMiner)
md5	e70135cdb555ce99adee7df642813dcb
sha256	8fd53e5f78693bc7639c94ef4a7969c5395c4e90ae255c0080f687811c8339e6
ssdeep	192:v+5wk2b/9LmQCx4ZesrJHUf9i5Lt8cAKIG4BrNAorM:Giz9aQCC3tD+5AoA
imphash
impfuzzy

Network IP location

Signature (10cnts)

Level	Description
warning	File has been identified by 23 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	An application raised an exception which may be indicative of an exploit crash
notice	Creates hidden or system file
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
notice	RTF file has an unknown version
notice	Sends data using the HTTP POST Method
info	One or more processes crashed

Rules (1cnts)

Level	Name	Description	Collection
info	Rich_Text_Format_Zero	Rich Text Format Signature Zero	binaries (upload)

Network (59cnts) ?

Request	ASN Co	IP4	Rule ?	ZERO ?
http://www.vinegret.com/nnmd/ whois	CLOUDFLARENET	172.67.189.247		clean
http://www.acernoxsas.com/nnmd/?uZi0=RIRhBHcBnpQFpzVEdm9Qn3YrBBK1OZbcUKpQDD4XzYml+x0kk9G8REWbCSESFdmiGdYULLFI&Vnt4_=GTd0sn7PSL8x7PP whois	CLOUDFLARENET	172.67.171.149		clean
http://www.ueoxx.com/nnmd/ whois	AMAZON-02	52.15.160.167		clean
http://www.vinegret.com/nnmd/?uZi0=vSTcV67Wsym0gjaMHw+BLsLDF404VwtlM2ZL2+kS2oryP3sG0sNRMddYy5XCOzyR+w1r1rN4&Vnt4_=GTd0sn7PSL8x7PP whois	CLOUDFLARENET	172.67.189.247		clean
http://www.sorelaxedmassage.com/nnmd/?uZi0=ZSH2noI6NHAHn9QA8EACxsTwqFhF5NYts9vBJBihuNtX6Je+hj0P0cQ5PSooL6U0A47HLjeU&Vnt4_=GTd0sn7PSL8x7PP whois	UCloud (HK) Holdings Group Limited	103.72.145.203		clean
http://23.95.122.25/h/vbc.exe whois	AS-COLOCROSSING	23.95.122.25		clean
http://www.7985699.com/nnmd/ whois	CNSERVERS	45.142.156.44	631	mailcious
http://www.vr-club.site/nnmd/ whois	GMO Internet,Inc	163.44.185.224	627	mailcious
http://www.valid8.network/nnmd/?uZi0=CGq8FpRO0AiTL86OI7qyWUGcdnK3uFmp3WOqNHKk+zAOrlhHiWtpg/dTztC/+VOwDx9e6LJ8&Vnt4_=GTd0sn7PSL8x7PP whois	AS-26496-GO-DADDY-COM-LLC	182.50.132.242		clean
http://www.vr-club.site/nnmd/?uZi0=PWz62rtZjeojhOkFcCqBVXu8rEu/adWxBjkYhVKdUPhCPZNYbrsWWb643PkmL53QhEqlNSfQ&Vnt4_=GTd0sn7PSL8x7PP whois	GMO Internet,Inc	163.44.185.224	627	mailcious
http://www.elpis-catering.com/nnmd/?uZi0=0Ts1VGxpsMxFhohnYcmQwyVTyV70cpoMLj6MACjr+zVW8ucMOFGWLmSRW6U63/nNCvV4KGuc&Vnt4_=GTd0sn7PSL8x7PP whois	LIQUIDWEB	67.225.129.56		clean
http://www.acernoxsas.com/nnmd/ whois	CLOUDFLARENET	172.67.171.149		clean
http://www.valid8.network/nnmd/ whois	AS-26496-GO-DADDY-COM-LLC	182.50.132.242		clean
http://www.scott-re.online/nnmd/ whois	GOOGLE	34.102.136.180	630	mailcious
http://www.vegrebel.com/nnmd/ whois	UNIFIEDLAYER-AS-1	50.87.195.61	780	mailcious
http://www.elticrecruit.com/nnmd/ whois	GOOGLE	216.239.34.21	633	mailcious
http://www.ikoyisland.net/nnmd/?uZi0=R5rKQMUlrwVeLoW0iVXTqsebTRUUATzeWiADp6t7RLnxNxiFJigPNlV+Rw7wnrX+JJ9AzRNR&Vnt4_=GTd0sn7PSL8x7PP whois	RAMNODE	107.161.23.204		clean
http://www.scott-re.online/nnmd/?uZi0=YoDjfv9GFAPxmC/m/YrXEnPJINgN/ZGcUJt6czxWwkNRV1BAm2Kb0tXyCx+SX/c+MMPjJ8db&Vnt4_=GTd0sn7PSL8x7PP whois	GOOGLE	34.102.136.180	630	mailcious
http://www.7985699.com/nnmd/?uZi0=5eMcWOIRhRBDg7AFbH6T6n9ePY1bhRzkU2oAA9D0h2F0eFvVxskwV2U654U3C4UMb8hOzpd5&Vnt4_=GTd0sn7PSL8x7PP whois	CNSERVERS	45.142.156.44	631	mailcious
http://www.xn--v1bmo9dufsb.com/nnmd/?uZi0=cDaDwtSEh/5bc2FeeSIiUcUr+mpY/3xbz64LVgZ45maSnMiNTbYqd99xhwdI+uHxijdOlda1&Vnt4_=GTd0sn7PSL8x7PP whois	AS-26496-GO-DADDY-COM-LLC	184.168.131.241		clean
http://www.vegrebel.com/nnmd/?uZi0=iedGY0/jFY2caMs7ufAPjCijJp09b4Pnd9J45dLvz29YUuAPrQ24EB7QdiStDbxe7UevWaqL&Vnt4_=GTd0sn7PSL8x7PP whois	UNIFIEDLAYER-AS-1	50.87.195.61	780	mailcious
http://www.ikoyisland.net/nnmd/ whois	RAMNODE	107.161.23.204		clean
http://www.elpis-catering.com/nnmd/ whois	LIQUIDWEB	67.225.129.56		clean
http://www.ueoxx.com/nnmd/?uZi0=tRQiX2tnIcR1+0C/rREkw+oZ8fYp7zrYt8/OoSFyZqkjizznZx3g6RXGoToit+qONbwCpa2o&Vnt4_=GTd0sn7PSL8x7PP whois	AMAZON-02	3.13.255.157		clean
http://www.ekolucky.com/nnmd/ whois	OVH SAS	213.32.10.111		clean
http://www.ekolucky.com/nnmd/?uZi0=2ELq5eNBSeN+85ZFfjQj/2xpbhe81hF7Lx3GgMrXOl3ZzRDKfjz/x0EKuhMKdwtM2WWmtAp6&Vnt4_=GTd0sn7PSL8x7PP whois	OVH SAS	213.32.10.111		clean
http://www.xn--v1bmo9dufsb.com/nnmd/ whois	AS-26496-GO-DADDY-COM-LLC	184.168.131.241		clean
http://www.elticrecruit.com/nnmd/?uZi0=kngYRuVfLuuPny+4CliufAMPT2DrkHQGtZ529sxu6AZ+mjDb8TOV5Kb0i+tB46tvYkYEaNVD&Vnt4_=GTd0sn7PSL8x7PP whois	GOOGLE	216.239.34.21	633	mailcious
http://www.sorelaxedmassage.com/nnmd/ whois	UCloud (HK) Holdings Group Limited	103.72.145.203		clean
www.vr-club.site whois	GMO Internet,Inc	163.44.185.224		clean
www.7985699.com whois	CNSERVERS	45.142.156.44		clean
www.scott-re.online whois	GOOGLE	34.102.136.180		clean
www.xn--v1bmo9dufsb.com whois	AS-26496-GO-DADDY-COM-LLC	184.168.131.241		clean
www.sorelaxedmassage.com whois	UCloud (HK) Holdings Group Limited	103.72.145.203		clean
www.valid8.network whois	AS-26496-GO-DADDY-COM-LLC	182.50.132.242		clean
www.ueoxx.com whois	AMAZON-02	52.15.160.167		clean
www.vinegret.com whois	CLOUDFLARENET	104.21.89.165		clean
www.ekolucky.com whois	OVH SAS	213.32.10.111		clean
www.ikoyisland.net whois	RAMNODE	107.161.23.204		clean
www.elticrecruit.com whois	GOOGLE	216.239.34.21		clean
www.vegrebel.com whois	UNIFIEDLAYER-AS-1	50.87.195.61		clean
www.elpis-catering.com whois	LIQUIDWEB	67.225.129.56		clean
www.clonegrandma.com whois				clean
www.acernoxsas.com whois	CLOUDFLARENET	104.21.63.177		clean
163.44.185.224 whois	GMO Internet,Inc	163.44.185.224		mailcious
23.95.122.25 whois	AS-COLOCROSSING	23.95.122.25		clean
188.164.131.200 whois	Prometeus di Daniela Agro	188.164.131.200		mailcious
184.168.131.241 whois	AS-26496-GO-DADDY-COM-LLC	184.168.131.241		mailcious
103.72.145.203 whois	UCloud (HK) Holdings Group Limited	103.72.145.203		clean
213.32.10.111 whois	OVH SAS	213.32.10.111		malware
34.102.136.180 whois	GOOGLE	34.102.136.180		mailcious
50.87.195.61 whois	UNIFIEDLAYER-AS-1	50.87.195.61		mailcious
45.142.156.44 whois	CNSERVERS	45.142.156.44		mailcious
67.225.129.56 whois	LIQUIDWEB	67.225.129.56		phishing
104.21.89.165 whois	CLOUDFLARENET	104.21.89.165		clean
104.21.63.177 whois	CLOUDFLARENET	104.21.63.177		clean
3.13.255.157 whois	AMAZON-02	3.13.255.157		clean
216.239.36.21 whois	GOOGLE	216.239.36.21		phishing
182.50.132.242 whois	AS-26496-GO-DADDY-COM-LLC	182.50.132.242		mailcious

Report - .............................................................dot

Signature (10cnts)

Rules (1cnts)

Network (59cnts) ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure