popup

Report - Adscouponcode.hta

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.08.06 10:56 Machine s1_win7_x6403
Filename Adscouponcode.hta
Type HTML document, ASCII text
AI Score Not founds Behavior Score
1.8
ZERO API file : clean
VT API (file)
md5 822fb233e4614239ae79d9f901d98821
sha256 386920ea6252af6feb7947fb1053018d4fe23325bbcc27455b6cc32a039cc6c1
ssdeep 24:AzK3qc522ZYdEybUJLMsU05x8dwNV40eKB4n+g/RJrAcNRNxVHfbv+GOBneHQdRt:rkddbaU069n99NzTWfe9+QdLfM
imphash
impfuzzy
  Network IP location

Signature (5cnts)

Level Description
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates executable files on the filesystem
notice Performs some HTTP requests
info Checks amount of memory in system

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
whois
US GOOGLE 172.217.174.202 clean
ajax.googleapis.com
whois
US GOOGLE 172.217.175.234 clean
172.217.174.202
whois
US GOOGLE 172.217.174.202 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure