Report - navitas_employee_survey.hta

ScreenShot

Info
Location map


Created	2021.09.22 22:27	Machine	s1_win7_x6402
Filename	navitas_employee_survey.hta
Type	HTML document, ASCII text
AI Score	Not founds	Behavior Score	1.8
ZERO API	file : mailcious
VT API (file)	25 detected (Valyria, Malscript, Rozena, CobaltStrike, MacroDisable, druvzi, HackTool, MacroRunner, CLASSIC, VBSInj, ai score=83)
md5	537363b3738a8e0726ae15e6bc4fc314
sha256	189f65faae56bbf7a53e507d8797c9bb30f8c00fdb8431ad1961820cebabbd03
ssdeep	192:fgVwLjUJpJf0t59KLKnV45J22j9SomaWXO:YVwLjmpJfC59KLKnV45J22j9SomaWXO
imphash
impfuzzy

Network IP location

Signature (4cnts)

Level	Description
warning	File has been identified by 25 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Performs some HTTP requests
info	Checks amount of memory in system

Rules (0cnts)

Level	Name	Description	Collection

Network (4cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://www.healthsouthdothan.com/tab_home_active whois		AMAZON-02	13.59.208.38		clean
http://www.healthsouthdothan.com/components/tab_home.ico whois		AMAZON-02	13.59.208.38		clean
www.healthsouthdothan.com whois		AMAZON-02	13.59.208.38		mailcious
13.59.208.38 whois		AMAZON-02	13.59.208.38		mailcious

Suricata ids

Similarity measure (PE file only) - Checking for service failure