Report - 2907.zip

ZIP Format

ScreenShot

Info
Location map


Created	2023.07.31 17:19	Machine	s1_win7_x6402
Filename	2907.zip
Type	Zip archive data, at least v2.0 to extract
AI Score	Not founds	Behavior Score	2.4
ZERO API
VT API (file)	13 detected (RemoteAdmin, Artemis, Tool, EQYN, NetSup, GenCBL, Detected, Tiggre, HackTool, NetSupport, CLASSIC, susgen)
md5	d8491c2201483a1c75ff76fe08e17e2c
sha256	8d8387b1a4374853020ad43af4ed738bfd6538738c448b7b4fbc61b61da79ba4
ssdeep	49152:slLUXP5qRroZT5YNdzlIbnNsOF1FLbCN8UlVe5PWZ5FvcBU:slLUf5qRroGKsOnFLC8UbAP+UU
imphash
impfuzzy

Network IP location

Signature (4cnts)

Level	Description
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
watch	File has been identified by 13 AntiVirus engines on VirusTotal as malicious
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests

Rules (1cnts)

Level	Name	Description	Collection
info	zip_file_format	ZIP file format	binaries (upload)

Network (6cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://geo.netsupportsoftware.com/location/loca.asp whois		MICROSOFT-CORP-MSN-AS-BLOCK	51.142.119.24
sambireact2.com whois
sambireact1.com whois		AS-CHOOPA	95.179.150.54
geo.netsupportsoftware.com whois		British Telecommunications PLC	62.172.138.67
51.142.119.24 whois		MICROSOFT-CORP-MSN-AS-BLOCK	51.142.119.24
95.179.150.54 whois		AS-CHOOPA	95.179.150.54

Suricata ids

Similarity measure (PE file only) - Checking for service failure