popup

Report - ENC.zip

ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.07.01 15:06 Machine s1_win7_x6402
Filename ENC.zip
Type Zip archive data, at least v2.0 to extract
AI Score Not founds Behavior Score
1.6
ZERO API file : clean
VT API (file) 3 detected (malicious, moderate confidence, Rugmi, ccmw)
md5 34dd73380e19295eef9c195a9f35c9b3
sha256 208e322fe1e0e726aa69b3ac530da9ad4432dc046202cd06ce655148a73895a8
ssdeep 98304:XFRntzkol6g3ArKTgyI9e8Ki94nnNO+ahXk58GscjseUhtACE9uW:nntlCLenSuN4e6TIL
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
notice File has been identified by 3 AntiVirus engines on VirusTotal as malicious
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests
notice Sends data using the HTTP POST Method

Rules (1cnts)

Level Name Description Collection
info zip_file_format ZIP file format binaries (upload)

Network (10cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://kaylen.xyz//mozglue.dll
whois
US CLOUDFLARENET 104.21.94.78 clean
https://kaylen.xyz//freebl3.dll
whois
US CLOUDFLARENET 104.21.94.78 clean
https://kaylen.xyz//softokn3.dll
whois
US CLOUDFLARENET 104.21.94.78 clean
https://kaylen.xyz//nss3.dll
whois
US CLOUDFLARENET 104.21.94.78 clean
https://kaylen.xyz//msvcp140.dll
whois
US CLOUDFLARENET 104.21.94.78 clean
https://kaylen.xyz//sql.dll
whois
US CLOUDFLARENET 104.21.94.78 clean
https://kaylen.xyz/
whois
US CLOUDFLARENET 104.21.94.78 clean
https://kaylen.xyz//vcruntime140.dll
whois
US CLOUDFLARENET 104.21.94.78 clean
kaylen.xyz
whois
US CLOUDFLARENET 172.67.220.235 clean
104.21.94.78
whois
US CLOUDFLARENET 104.21.94.78 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure