Report - ies.inquirer.com.ph/advprod03/assets/images/Advisory23-UCDMS04-11-01.zip

Report Overview

Submitted URL
ies.inquirer.com.ph/advprod03/assets/images/Advisory23-UCDMS04-11-01.zip
IP
103.62.30.52
ASN
#134431 News and Entertainment Network Corp
Submitted
2024-05-10 16:52:40
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ies.inquirer.com.ph	unknown	unknown	No data	No data	526 B	1.6 MB	121.58.195.156

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ies.inquirer.com.ph/advprod03/assets/images/Advisory23-UCDMS04-11-01.zip
IP
121.58.195.156
ASN
#17639 Converge ICT Solutions Inc.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.6 MB (1637012 bytes)
Hash
1c024b92f8e164e031fe5e4fff77ea61
3b1adffb8605760af23c3b480825e02ceaf836d6
c2618fb013135485f9f9aa27983df3371dfdcb7beecde86d02cee0c258d5ed7f

Archive (1)

Filename

Md5

File type

Advisory23-UCDMS04-11-01.pdf.lnk

005c762a3c39b1114c6521f52acb66c3

MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=0, Archive, ctime=Sun Sep 3 12:54:49 2023, mtime=Fri Dec 29 07:40:13 2023, atime=Sun Sep 3 12:54:49 2023, length=486400, window=hide

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	check for LNKs that have a screen buffer size and WindowSize dimensions of 1x1
Public Nextron YARA rules	malware	detect LNK files used in Janicab infection chain
Public Nextron YARA rules	malware	Detects a suspiciously big LNK file - maybe with embedded content
Public InfoSec YARA rules	malware	Identifies PowerShell artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies scripting artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies execution artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies download artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies Adobe Acrobat artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file larger than 100KB. Most goodware LNK files are smaller than 100KB.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with equal or higher entropy than 6.5. Most goodware LNK files have a low entropy, lower than 6.
VirusTotal	suspicious	VirusTotal - Scan result 3/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

ies.inquirer.com.ph/advprod03/assets/images/Advisory23-UCDMS04-11-01.zip

121.58.195.156

200 OK

1.6 MB

URL User Request GET HTTP/1.1
ies.inquirer.com.ph/advprod03/assets/images/Advisory23-UCDMS04-11-01.zip
IP
121.58.195.156:443
ASN
#17639 Converge ICT Solutions Inc.

Certificate
IssuerGlobalSign nv-sa
Subject*.inquirer.com.ph
Fingerprint7A:66:39:A0:68:DD:13:0C:7D:A5:3B:47:20:AE:E8:6C:84:09:11:08
ValidityFri, 30 Jun 2023 01:47:06 GMT - Mon, 15 Jul 2024 07:26:05 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.6 MB (1637012 bytes)
Hash
1c024b92f8e164e031fe5e4fff77ea61
3b1adffb8605760af23c3b480825e02ceaf836d6
c2618fb013135485f9f9aa27983df3371dfdcb7beecde86d02cee0c258d5ed7f

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/63

HTTP Headers

GET /advprod03/assets/images/Advisory23-UCDMS04-11-01.zip HTTP/1.1
Host: ies.inquirer.com.ph
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:42:54 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Tue, 02 Jan 2024 06:49:43 GMT
ETag: "5a05b4-18fa94-60df0e748fd0c"
Accept-Ranges: bytes
Content-Length: 1637012
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (1)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers