Malicious Archive / .ZIP — malware analysis report

Static analysis result for SHA-256 728752518c576614…

MALICIOUS

Archive / .ZIP

36.88 MB
MD5: 8ca2e3b5d2fb226e21dd44fdf61c9ef3 SHA-1: 8a5b4df24512421dd4eacf4c2fc1b90db41f092d SHA-256: 728752518c576614e254f7783dc11bb063234fa09ea6df88d59dbf8aadc32b19
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The archive exceeded its entry limit, indicating a large number of contained files. One of these members was identified as malicious, suggesting a multi-stage attack where the archive serves as a container for the actual payload. The presence of numerous URLs, though many are benign, could be part of a broader campaign or distraction.

Heuristics 3

  • Archive contains malicious member critical ARCHIVE_CHILD_MALICIOUS
    At least one extracted archive member was classified as malicious. The archive is a transport wrapper for that payload.
  • Archive entry limit reached (50) info ARCHIVE_LIMIT
    Only the first 50 files were scanned.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.blague.info/blagues/humour/drole-8889.html
    • http://www.blague.info/blagues/humour/drole-4664.html
    • http://www.blague.info/blagues/humour/drole-4667.html
    • http://www.blague.info/blagues/humour/drole-5795.html
    • http://www.blague.info/blagues/humour/drole-5885.html
    • http://www.blague.info/blagues/humour/drole-11836.html
    • http://www.blague.info/blagues/humour/drole-4666.html
    • http://www.blague.info/blagues/humour/drole-681.html
    • http://www.blague.info/blagues/humour/drole-679.html
    • http://www.blague.info/blagues/humour/drole-11816.html
    • http://www.blague.info/blagues/humour/drole-8669.html
    • http://www.blague.info/blagues/humour/drole-10909.html
    • http://bm95.kmu.edu.tw/PHPBB3/styles/getexe.php?spl=pdf
    • http://beancountercity.in/cgi-bin/uiq/eH6ff17324V0100f060006Rb223753a102Tbe84082b203l0019
    • http://stdsclick5.com/cgi-bin/terro.php/n003106201r0409Xb46cbb9aY498ba4e5
    • http://gikyliel.info/page/index/n002106201r0409Ra027ccd2Xd9cb1debY319324b6
    • http://www.zeustech.net/
    • http://]hostname[:port]/path
    • http://07.autdh.in/x/l.php?s=printf_ie&&
    • http://07.autdh.in/x/l.php?s=email_ie&&
    • http://07.autdh.in/x/l.php?s=gicon_ie&&
    • http://07.autdh.in/x/l.php?s=newp_&&
    • http://google.analytics.com.yhaidebpfltr.info/nte/avorp1kav3%20.asp/eU230d9c2eHdc43d357V0100f070006Re2d762fb102T973e81b3201l0409Keb03d7b2
    • http://beancountercity.in/cgi-bin/uiq/eH218e36e2V0100f060006R4b94b76c102Td86b8f26201l0019
    • http://offnews.cn/1/getexe.php?spl=pdf_exp
    • http://ajnuocfdrukv.com/nte/trest1.exe/eH25f1e919V01001f50006R88b4ce93106T50bce9ba201l0019K7786646c
    • http://www.laas02.org/.temp/load.php?e=2
    • http://grasma.com/spl6/load.php
    • http://217.23.14.25/cont/load.php?spl=pdf_new
    • http://217.23.14.25/cont/load.php?spl=pdf_pack
    • http://188.190.98.79/z.php?f=7&e=3
    • http://crypt.im/test.php
    • http://beancountercity.in/cgi-bin/uiq/eH7c2bc4daV0100f060006R97f3b4e5102Tc1149e8e201l0019
    • http://betapopup.com/cgi-bin/cliche/n002106201r001fR2da17996X61bab9edY5d522797Z0100f080
    • http://ajnuocfdrukv.com/nte/trest1.py/eH39796bb3V0100f060006Rdad556cf102T81b25f49201l0019Kd0989078
    • http://beancountercity.in/cgi-bin/uiq/eH3ace9b51V0100f060006R4eb18285102T8518d9ec203l0019
    • http://beancountercity.in/cgi-bin/uiq/eH1d0e7495V0100f055006R97f3b4e5105Tf11b5754201l0019
    • http://googleinru.in/cgi-bin/etn/z002106201r0019R94326c2aXb40168b5Y7e66e8a6Z0100f060
    • http://ajxpeehuvpcv.com/nte/trest1.html/eH3e5b936eV0100f060006R3cc7e520102Tc8c07815201l0019K517a412d
    • http://click-reklama.com/cgi-bin/plt/z002106201r0019R91a70146Xb8a4d1bbY2e1e5f5eZ0100f060
    • http://beancountercity.in/cgi-bin/uiq/eH33dace91V0100f060006R2fe157d3106Ta2e6e0c7203l0019
    • http://mysterio.info/cgi-bin/worker/z002106201r0019R54e74d92X9a73829fY6e6f24adZ0100f060
    • http://efxhifatwe.com/nte/trest11/eH7a5b30d0V0100f060006R00000000102T15adffd2201l0409K5630e71b
    • http://www.dns4.dynamicdnspro.net//load.php?spl=pdf_exp
    • http://googleinru.in/cgi-bin/etn/z002106201r0019R1b8685b4Xb4fa3a6eY6e673489Z0100f060
    • http://mavr-best.com/load.php?stat=Windows/load.php&s=1
    • http://mavr-best.com/load.php?stat=Windows/load.php&s=2
    • http://mavr-best.com/load.php?stat=Windows/load.php&s=3
    • http://ajnuocfdrukv.com/nte/TREST1.php/eH78da99a3V0100f060006R93be8c07102Td3439930201l0019Kdaeabcc6
    • http://dbcavsaddve.com/nte/indep8.html/eH51ac71b2V0100f060006R5783f090102Tda6e7a53203l000cK525e8b4b
    +41 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.