Report - ZeroBOX

ScreenShot

Info
Location map


Created	2023.03.05 04:10	Machine	s1_win7_x6401
Filename	doc10773776_660112299
Type	HTML document, Non-ISO extended-ASCII text, with very long lines, with LF, NEL line terminators
AI Score	Not founds	Behavior Score	4.6
ZERO API	file : clean
VT API (file)
md5	561634f90d2dea2ab9a08b6b54498081
sha256	6f046a8c8c10ed86fd5a76343b8bcda48a70594f38056614f11e2888dde607e3
ssdeep	1536:QME3X48lDGYksZzMUC/h/OOvWMILq/sthbtKx1iFALYNvplsY+08otXTscLz3FyO:Q9lDUUtBFywBFwkIFT3wU82QDoQ
imphash
impfuzzy

Network IP location

Signature (11cnts)

Level	Description
watch	Communicates with host for which no DNS query was performed
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	An application raised an exception which may be indicative of an exploit crash
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Creates executable files on the filesystem
notice	Performs some HTTP requests
notice	Potentially malicious URLs were found in the process memory dump
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	One or more processes crashed

Rules (34cnts)

Level	Name	Description	Collection
watch	Network_Downloader	File Downloader	memory
notice	Code_injection	Code injection with CreateRemoteThread in a remote process	memory
notice	Create_Service	Create a windows service	memory
notice	Escalate_priviledges	Escalate priviledges	memory
notice	Generic_PWS_Memory_Zero	PWS Memory	memory
notice	Hijack_Network	Hijack network configuration	memory
notice	KeyLogger	Run a KeyLogger	memory
notice	local_credential_Steal	Steal credential	memory
notice	Network_DGA	Communication using DGA	memory
notice	Network_DNS	Communications use DNS	memory
notice	Network_FTP	Communications over FTP	memory
notice	Network_HTTP	Communications over HTTP	memory
notice	Network_P2P_Win	Communications over P2P network	memory
notice	Network_TCP_Socket	Communications over RAW Socket	memory
notice	Persistence	Install itself for autorun at Windows startup	memory
notice	ScreenShot	Take ScreenShot	memory
notice	Sniff_Audio	Record Audio	memory
notice	Str_Win32_Http_API	Match Windows Http API call	memory
notice	Str_Win32_Internet_API	Match Windows Inet API call	memory
info	anti_dbg	Checks if being debugged	memory
info	antisb_threatExpert	Anti-Sandbox checks for ThreatExpert	memory
info	Check_Dlls	(no description)	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerCheck__RemoteAPI	(no description)	memory
info	DebuggerException__ConsoleCtrl	(no description)	memory
info	DebuggerException__SetConsoleCtrl	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	Microsoft_Office_File_Zero	Microsoft Office File	binaries (download)
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory
info	win_hook	Affect hook table	memory

Network (54cnts) ?

Request	ASN Co	IP4	ZERO ?
https://st6-22.vk.com/dist/web/ui_common.84e2442a05004320e11f.js?6245ba39b63448019203f2729b74d21f whois	VKontakte Ltd	95.142.206.2	clean
https://vk.com/dist/web/language.13cbd4193255cbaaab3a.js?c9e9113960ae98d68204079f43f790dd whois	VKontakte Ltd	87.240.132.67	clean
https://st6-22.vk.com/dist/web/polyfills/canvas_to_blob.e77dcc6129127456cc4f.js?6a4a06039f2295cdc4f936f4051ae4d3 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/polyfills/array_functions.5ed53e616feed60bc4e8.js?53b5630d9d361c93a7d8a918fd06d21d whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/react.6d787991b51243317269.js?cb151ae0d77e1fe8ca23 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/css/al/uncommon.431a60ba5d2797d2fdb1.css whois	VKontakte Ltd	95.142.206.2	clean
https://vk.com/js/lang17_0.js?27965938 whois	VKontakte Ltd	87.240.132.67	clean
https://st6-22.vk.com/css/al/fonts_cnt.a289ed70815ffbd082ae.css whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/vkcom-kit.a7d2347300fcdde7314f.js? whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/css/al/ui_common.0a29c544720bdcf89154.css whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/polyfills/other_functions.4de689b5f53cdbdebf7d.js?8c0d070969c2bdddf902 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/polyfills/cookie_manager.8cfe6896e33857a19781.js?0afee3c7b5f648f55648a21de4cfaae9 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/unauthorized.b7057b2c97d6727decd8.js?e26656d2ddb168519bdb1f04edf58369 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/polyfills/string_functions.d2f7aff1dc899fb950c4.js?06c31459c645dd6049c4d07642d01d54 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/common.ca1f22646967566b8a79.js?313ec3f775a31892f568f1d whois	VKontakte Ltd	95.142.206.2	clean
https://vk.com/js/lib/px.js?ch=2 whois	VKontakte Ltd	87.240.132.67	clean
https://vk.com/js/lib/px.js?ch=1 whois	VKontakte Ltd	87.240.132.67	clean
https://st6-22.vk.com/dist/web/polyfills/resize_observer.233e96db629d43de3623.js?685418a51d9509d705d3 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/css/al/base.1c25eeb7ac42cd36d08a.css whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/polyfills/intersection_observer.0062cad0ff26ba906a55.js?3651dae73da1d676cd37 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/page_layout.5672d3fc73a320a2be06.js?f032491390251591131dd5c0659e5ead whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/css/al/common.a393edc4164b1b81495c.css whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/vkcom-kit.1681489e5ef06505d479.css whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/common_web.3a98749ca45868f84306.css whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/css/al/fonts_utf.2546d253c69649b0561c.css whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/performance_observers.2498c067f2dd4f142b98.js?39ba189ff3c74982dba3105279a1e431 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/polyfills/element_functions.7f6f4401ad09c642705f.js?f88d496bc9aa020bbceb949a351fa85a whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/audioplayer.a025fbbc26f0baaf6890.js?31337e095824bcf8034a4f5 whois	VKontakte Ltd	95.142.206.2	clean
https://vk.com/badbrowser_stat.php?act=track&event=showAlert_atom whois	VKontakte Ltd	87.240.132.67	clean
https://st6-22.vk.com/dist/web/polyfills/promise_functions.66c5719129d3a45c5b29.js?c08a609e174e79347eaf8c692cf63cf3 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/state-management.a54b236ef99f71c730de.js?503a0b3068ebfc42423d whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/images/upload.gif whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/polyfills.1881adbf36454e07c9c6.js?a69ef34dc1979f8d5126 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/css_types.9345eb394b7d4d7e68a9.js?f6dbdbc1de537596e14e whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/polyfills/object_functions.06c76fa223949a027bf2.js?e8b681406f943258346d7925b82e6243 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/images/backlink.gif?4 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/common_web.c98533736ab3d5f6f60d.js? whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/palette.28ed80ebcd89c370bca4.js?ceacf32c0417ea87ee9e whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/css/al/vkui.9a6b5aa7dbb00c120b74.css whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/jobs_devtools_notification.eafd4d4aa0ae5bbfd7e6.js?a73adfb8fd6e0413085d78a67df5c20f whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/vkui.e4d670f36de4368e7b1a.js?53396daa49f4462b4a11 whois	VKontakte Ltd	95.142.206.2	clean
https://st6-22.vk.com/dist/web/docs.6d9ff04ed31e8fa804a8.js?cca036aa8769d40ddfa14e3fbd15949c whois	VKontakte Ltd	95.142.206.2	clean
https://vk.com/js/loader_nav20746467872_17.js whois	VKontakte Ltd	87.240.132.67	clean
https://vk.com/badbrowser_stat.php?act=nomodule whois	VKontakte Ltd	87.240.132.67	clean
https://st6-22.vk.com/dist/web/grip.16ff158c2e1e11fd3b80.js?28c136bb922051f2f6b95a6a08ccc41f whois	VKontakte Ltd	95.142.206.2	clean
https://vk.com/doc10773776_660112299?hash=I2VLI6zO1UlHlLAqxkcgyoPp4Hkne10esOuPGssj5tk&dl=GEYDONZTG43TM:1677317418:ZCN9zeL9nd2BautKyDoGqekAf2LqZudHP1fSmVyEffs&api=1&no_preview=1 whois	VKontakte Ltd	87.240.132.67	clean
https://vk.com/images/icons/favicons/fav_logo.ico?6 whois	VKontakte Ltd	87.240.132.67	clean
https://st6-22.vk.com/dist/web/likes.5170c24445a69da4da21.js?ec4d1f4027dfa57b38816d57a184cf8d whois	VKontakte Ltd	95.142.206.2	clean
st6-22.vk.com whois	VKontakte Ltd	95.142.206.2	clean
vk.com whois	VKontakte Ltd	87.240.132.67	clean
login.vk.com whois	VKontakte Ltd	87.240.129.135	clean
95.142.206.2 whois	VKontakte Ltd	95.142.206.2	clean
87.240.129.181 whois	VKontakte Ltd	87.240.129.181	clean
87.240.132.67 whois	VKontakte Ltd	87.240.132.67	clean

Report - doc10773776_660112299

Signature (11cnts)

Rules (34cnts)

Network (54cnts) ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure