popup

Report - 6462c9b83536b.zip

ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.05.16 11:22 Machine s1_win7_x6402
Filename 6462c9b83536b.zip
Type Zip archive data, at least v2.0 to extract
AI Score Not founds Behavior Score
0.8
ZERO API file : clean
VT API (file)
md5 70692b4fc4b50e7ad88a36c78af7ba2c
sha256 be59c32aaa293f76d50a1fbdb47f95b77c92433f5bf2584bbfc247171be75fa4
ssdeep 49152:6Q6J3WM202p5GutgAJuIxyxWCIZsS85PWZ5FvcBK:p89i7JDmWgzP+UK
imphash
impfuzzy
  Network IP location

Signature (2cnts)

Level Description
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://176.124.198.7:5222/http://176.124.198.7/fakeurl.htm
whois
RU Dji Com Ltd. 176.124.198.7 clean
http://geo.netsupportsoftware.com/location/loca.asp
whois
GB MICROSOFT-CORP-MSN-AS-BLOCK 51.142.119.24 clean
geo.netsupportsoftware.com
whois
GB MICROSOFT-CORP-MSN-AS-BLOCK 51.142.119.24 clean
blahadfurtik.com
whois
RU Dji Com Ltd. 176.124.198.7 mailcious
62.172.138.67
whois
GB British Telecommunications PLC 62.172.138.67 clean
176.124.198.7
whois
RU Dji Com Ltd. 176.124.198.7 clean

Suricata ids

ET POLICY NetSupport GeoLocation Lookup Request
ET INFO NetSupport Remote Admin Checkin
ET INFO NetSupport Remote Admin Response

Similarity measure (PE file only) - Checking for service failure