Report - ZeroBOX

ScreenShot


Created	2024.07.09 10:10	Machine	s1_win7_x6401
Filename	file
Type	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
AI Score	Not founds	Behavior Score	6.6
ZERO API	file : mailcious
VT API (file)
md5	4808c478a3cf9d6fae1e1dcb10f4be33
sha256	8280b4e6dbbf9615ddea8ab49733ca1ce4101ed2836c30070641efa8cc1e8f2d
ssdeep	3072:Ki/gAkHnjPIQ6KSEX/THZPaW+LN7DxRLlzglKfVaqs:ZgAkHnjPIQBSEr5PCN7jBfVaqs
imphash
impfuzzy

Network IP location

Level	Description
danger	Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
warning	Generates some ICMP traffic
watch	Communicates with host for which no DNS query was performed
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	An application raised an exception which may be indicative of an exploit crash
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Creates executable files on the filesystem
notice	Performs some HTTP requests
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	One or more processes crashed

Level	Name	Description	Collection
notice	Javascript_Blob	use blob(Binary Large Objec) javascript	binaries (download)
info	anti_dbg	Checks if being debugged	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	ftp_command	ftp command	binaries (upload)
info	Microsoft_Office_File_Zero	Microsoft Office File	binaries (download)
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory

Request	ASN Co	IP4	ZERO ?
https://www.googletagmanager.com/gtag/js?id=UA-829541-1 whois	GOOGLE	142.250.76.232	clean
https://the.gatekeeperconsent.com/cmp.min.js whois	CLOUDFLARENET	172.67.199.186	clean
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 whois	CLOUDFLARENET	104.16.80.73	clean
https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T whois	GOOGLE	142.250.76.232	clean
https://btloader.com/tag?o=5678961798414336&upapi=true whois	CLOUDFLARENET	104.22.75.216	clean
www.googletagmanager.com whois	GOOGLE	142.250.206.232	clean
the.gatekeeperconsent.com whois	CLOUDFLARENET	172.67.199.186	clean
translate.google.com whois	GOOGLE	142.250.206.206	clean
static.mediafire.com whois	CLOUDFLARENET	104.16.114.74	clean
cdn.amplitude.com whois		54.230.61.103	clean
static.cloudflareinsights.com whois	CLOUDFLARENET	104.16.80.73	clean
www.ezojs.com whois	CLOUDFLARENET	104.21.63.106	clean
btloader.com whois	CLOUDFLARENET	104.22.75.216	clean
142.250.207.78 whois	GOOGLE	142.250.207.78	clean
172.67.199.186 whois	CLOUDFLARENET	172.67.199.186	clean
172.67.170.144 whois	CLOUDFLARENET	172.67.170.144	clean
104.16.113.74 whois	CLOUDFLARENET	104.16.113.74	mailcious
142.251.220.46 whois	GOOGLE	142.251.220.46	clean
104.16.80.73 whois	CLOUDFLARENET	104.16.80.73	clean
54.230.61.127 whois		54.230.61.127	clean
104.16.114.74 whois	CLOUDFLARENET	104.16.114.74	mailcious
104.22.75.216 whois	CLOUDFLARENET	104.22.75.216	clean
142.250.76.232 whois	GOOGLE	142.250.76.232	clean
104.21.63.106 whois	CLOUDFLARENET	104.21.63.106	clean

Report - file