Report - ZeroBOX

ScreenShot


Created	2025.05.05 23:23	Machine	s1_win7_x6401
Filename	University of Alberta.html
Type	HTML document, UTF-8 Unicode text, with very long lines
AI Score	Not founds	Behavior Score	5.4
ZERO API	file : clean
VT API (file)
md5	d763b968a101facc819f37a294322d9c
sha256	7554674c6a7c896dcacd275dcf1e557690545f520fd2793f8d824dc8fd825991
ssdeep	6144:sEY0ci7WB7zI7WIn7DyjoPMm7NUPPfTLm9boN7VcWqN979KvIpqqx7MKeA6qdp77:XYbA9MPXm9bWI
imphash
impfuzzy

Network IP location

Level	Description
danger	Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
warning	Generates some ICMP traffic
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Creates executable files on the filesystem
notice	Performs some HTTP requests
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory

Level	Name	Description	Collection
info	anti_dbg	Checks if being debugged	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	JPEG_Format_Zero	JPEG Format	binaries (download)
info	Microsoft_Office_File_Zero	Microsoft Office File	binaries (download)
info	PNG_Format_Zero	PNG Format	binaries (download)
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory

Request	ASN Co	IP4	ZERO ?
http://crt.rootg2.amazontrust.com/rootg2.cer whois		3.171.185.128	clean
https://connect.facebook.net/en_US/fbevents.js whois	FACEBOOK	157.240.215.14	clean
https://live.clive.cloud/page-views/track/162 whois		3.171.185.60	clean
www.googletagmanager.com whois	GOOGLE	142.250.206.200	clean
snap.licdn.com whois	GTT Communications Inc.	23.43.82.19	clean
crt.rootg2.amazontrust.com whois		3.171.185.65	clean
static.ads-twitter.com whois	FASTLY	151.101.108.157	clean
connect.facebook.net whois	FACEBOOK	157.240.215.14	clean
live.clive.cloud whois		3.171.185.78	clean
s3.amazonaws.com whois		16.15.216.174	malware
analytics.tiktok.com whois	Akamai International B.V.	23.67.53.72	clean
sc-static.net whois		3.163.245.4	clean
146.75.112.157 whois		146.75.112.157	clean
16.15.184.15 whois		16.15.184.15	clean
3.171.185.5 whois		3.171.185.5	clean
23.46.155.22 whois	AKAMAI-AS	23.46.155.22	clean
3.5.24.67 whois		3.5.24.67	clean
157.240.215.14 whois	FACEBOOK	157.240.215.14	clean
3.171.185.65 whois		3.171.185.65	clean
52.217.91.110 whois	AMAZON-02	52.217.91.110	clean
52.217.194.104 whois		52.217.194.104	clean
3.163.245.4 whois		3.163.245.4	clean
142.250.197.200 whois	GOOGLE	142.250.197.200	clean
52.217.125.16 whois		52.217.125.16	clean
3.171.185.60 whois		3.171.185.60	clean
52.217.113.16 whois		52.217.113.16	clean
23.67.53.211 whois	Akamai International B.V.	23.67.53.211	clean
52.217.72.198 whois	AMAZON-02	52.217.72.198	clean
3.5.24.131 whois		3.5.24.131	clean
52.216.144.165 whois	AMAZON-02	52.216.144.165	clean

Report - University of Alberta.html