popup

Report - EHSU.zip

ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.11.07 09:46 Machine s1_win7_x6402
Filename EHSU.zip
Type Zip archive data, at least v2.0 to extract
AI Score Not founds Behavior Score
1.4
ZERO API file : clean
VT API (file)
md5 056f1e5e64d6246b96f5fa6b3322f3e1
sha256 e62a3ff01cc8506f823372acfa552f39e5cd91ec6f8665614a850958e2aa7880
ssdeep 3072:f2UuzhQAkeZP1cwsr90DyU8j01n8hUhYE5d3VnC:OUuFQAkqawFDC018hUaQd3hC
imphash
impfuzzy
  Network IP location

Signature (3cnts)

Level Description
watch Communicates with host for which no DNS query was performed
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (5cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://167.235.241.120/jogX/Olluc
whois
Unknown 167.235.241.120 clean
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
whois
US AMAZON-AES 3.209.197.161 clean
www.ssl.com
whois
US AMAZON-AES 3.213.199.135 clean
3.213.199.135
whois
US AMAZON-AES 3.213.199.135 clean
167.235.241.120
whois
Unknown 167.235.241.120 clean

Suricata ids

ET POLICY curl User-Agent Outbound
ET HUNTING curl User-Agent to Dotted Quad

Similarity measure (PE file only) - Checking for service failure