Report - oig

ZIP Format

ScreenShot

Info
Location map


Created	2023.05.31 22:26	Machine	s1_win7_x6403
Filename	oig
Type	Zip archive data, at least v2.0 to extract
AI Score	Not founds	Behavior Score	0.6
ZERO API	file : clean
VT API (file)
md5	ff7e3106b49aed84ccf0cc485ddb5ee8
sha256	60c29a70fca45f7384c3e78906e0e5ea64b109f192eb1624007d2f22ed4f43dd
ssdeep	24:92XoHAzxOFW/lu7X1hWGyuFgmhMD2f7KSby4jz5jadirqUCEntX6dCUVR3rDN1QM:92XoHA0cluT1gQKCjdqirRHXtU/N1YeT
imphash
impfuzzy

Network IP location

Signature (1cnts)

Level	Description
watch	Communicates with host for which no DNS query was performed

Rules (1cnts)

Level	Name	Description	Collection
info	zip_file_format	ZIP file format	binaries (upload)

Network (18cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
89.161.136.188 whois		home.pl S.A.	89.161.136.188		mailcious
164.92.82.47 whois			164.92.82.47		clean
153.122.24.177 whois		GMO CLOUD K.K.	153.122.24.177		mailcious
135.125.108.170 whois		AVAYA	135.125.108.170		mailcious
13.225.131.58 whois		AMAZON-02	13.225.131.58		clean
91.201.52.102 whois		Internet-Pro LLC	91.201.52.102		clean
99.86.207.125 whois		AMAZON-02	99.86.207.125		clean
77.78.104.3 whois		Casablanca INT	77.78.104.3		phishing
153.122.170.15 whois		GMO CLOUD K.K.	153.122.170.15		clean
79.96.161.192 whois		home.pl S.A.	79.96.161.192		clean
49.12.155.123 whois		Hetzner Online GmbH	49.12.155.123		clean
5.134.13.210 whois		UKDedicated LTD	5.134.13.210		mailcious
216.177.137.32 whois		1P-WSS	216.177.137.32		mailcious
62.122.170.171 whois		Serverel Inc.	62.122.170.171		clean
133.125.38.187 whois		SAKURA Internet Inc.	133.125.38.187		mailcious
80.82.115.227 whois		34SP.com Limited	80.82.115.227		mailcious
104.21.48.207 whois		CLOUDFLARENET	104.21.48.207		clean
79.96.32.254 whois		home.pl S.A.	79.96.32.254		mailcious

Suricata ids

Similarity measure (PE file only) - Checking for service failure