{"report_id":"1418bd9f-ca8e-4b48-b237-29f43937476a","version":6,"status":"done","tags":[],"date":"2025-01-25T23:03:44Z","url":{"schema":"http","addr":"download.winandoffice.com/Volume/office/2024/FR/Office_2024_FR_64Bits.exe","fqdn":"download.winandoffice.com","domain":"winandoffice.com","tld":"com"},"ip":{"addr":"199.85.209.82","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-04-05T23:03:44Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"download.winandoffice.com","ip":{"addr":"199.85.209.82","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2019-10-14","domain_rank":0,"first_seen":"2020-09-11T11:19:24Z","last_seen":"2025-01-20T07:31:48.650749Z","alert_count":2,"request_count":1,"received_data":2940051,"sent_data":527,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"bea9ea1316e62d53a5866dbde430675f","sha1":"de148358b73d7fa882b00524173f365c57710380","sha256":"1755b137f874391a5c06beeff42ea384c94d23d0ae923e828ea57bc351689192","sha512":"bcd8ce925046472455b01995cb58b9bba8677ea157e633a4f598faa60268fd2e0ff6b3053e939e938511b0b530e6de638275c15ed0f865b5861c0e57d0befb24","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":2939800,"url":{"schema":"https","addr":"download.winandoffice.com/Volume/office/2024/FR/Office_2024_FR_64Bits.exe","fqdn":"download.winandoffice.com","domain":"winandoffice.com","tld":"com"},"ip":{"addr":"199.85.209.82","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-25","alert":"Detects an SFX archive with automatic script execution","trigger":"download.winandoffice.com/Volume/office/2024/FR/Office_2024_FR_64Bits.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 1/70","trigger":"1755b137f874391a5c06beeff42ea384c94d23d0ae923e828ea57bc351689192","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/1755b137f874391a5c06beeff42ea384c94d23d0ae923e828ea57bc351689192","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"bea9ea1316e62d53a5866dbde430675f","sha1":"de148358b73d7fa882b00524173f365c57710380","sha256":"1755b137f874391a5c06beeff42ea384c94d23d0ae923e828ea57bc351689192","sha512":"bcd8ce925046472455b01995cb58b9bba8677ea157e633a4f598faa60268fd2e0ff6b3053e939e938511b0b530e6de638275c15ed0f865b5861c0e57d0befb24","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":2939800,"url":{"schema":"https","addr":"download.winandoffice.com/Volume/office/2024/FR/Office_2024_FR_64Bits.exe","fqdn":"download.winandoffice.com","domain":"winandoffice.com","tld":"com"},"ip":{"addr":"199.85.209.82","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-25","alert":"Detects an SFX archive with automatic script execution","trigger":"download.winandoffice.com/Volume/office/2024/FR/Office_2024_FR_64Bits.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 1/70","trigger":"1755b137f874391a5c06beeff42ea384c94d23d0ae923e828ea57bc351689192","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/1755b137f874391a5c06beeff42ea384c94d23d0ae923e828ea57bc351689192","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-25","alert":"Detects an SFX archive with automatic script execution","trigger":"download.winandoffice.com/Volume/office/2024/FR/Office_2024_FR_64Bits.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"download.winandoffice.com/Volume/office/2024/FR/Office_2024_FR_64Bits.exe","fqdn":"download.winandoffice.com","domain":"winandoffice.com","tld":"com"},"ip":{"addr":"199.85.209.82","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-25T23:03:18.975Z","timestamp":1737846198975,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"download.winandoffice.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 05 Jan 2025 21:30:48 GMT","end":"Sat, 05 Apr 2025 21:30:47 GMT"},"fingerprint":{"sha1":"E2:37:6D:0A:B5:D2:60:DF:C6:47:42:24:1A:23:38:7B:CA:7D:D6:E9","sha256":"9E:CA:5C:6F:E1:02:63:61:D1:E5:98:A3:E5:F9:B3:31:EE:12:1D:01:CA:DB:D9:F0:CA:C5:20:7D:BA:61:96:BD"}}},"request":{"raw":"GET /Volume/office/2024/FR/Office_2024_FR_64Bits.exe HTTP/1.1\r\nHost: download.winandoffice.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 25 Jan 2025 23:03:19 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2939800\r\nLast-Modified: Wed, 05 Jun 2024 15:03:15 GMT\r\nConnection: keep-alive\r\nETag: \"66607e33-2cdb98\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2939800,"size_decoded":2939800,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","md5":"bea9ea1316e62d53a5866dbde430675f","sha1":"de148358b73d7fa882b00524173f365c57710380","sha256":"1755b137f874391a5c06beeff42ea384c94d23d0ae923e828ea57bc351689192","sha512":"bcd8ce925046472455b01995cb58b9bba8677ea157e633a4f598faa60268fd2e0ff6b3053e939e938511b0b530e6de638275c15ed0f865b5861c0e57d0befb24","ssdeep":"49152:5sv2dypEIJFS6G/9nQ0Ra15r80+qRnmMbYgtLg93bBhYo0Z043k17t6OXoCiq:5su4WuFSH9nQ0wF+snmMpLgdwo0ZcxVr","tlshash":"55d52353b3c080b2d4712b315a79da50517dbc941f72cbef63e6a82e96205d28b32b97","first_seen":"2024-08-19T15:50:22.300414Z","last_seen":"2025-05-26T16:59:10.20187Z","times_seen":15,"resource_available":false,"data":null}},"time_used":2209,"timings":{"blocked":458,"dns":0,"connect":147,"send":0,"wait":294,"receive":998,"ssl":308},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-25","alert":"Detects an SFX archive with automatic script execution","trigger":"download.winandoffice.com/Volume/office/2024/FR/Office_2024_FR_64Bits.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 1/70","trigger":"1755b137f874391a5c06beeff42ea384c94d23d0ae923e828ea57bc351689192","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/1755b137f874391a5c06beeff42ea384c94d23d0ae923e828ea57bc351689192","meta":null}],"urlquery":null}}]}