{"report_id":"d0935be3-2189-4671-9f23-de551c1b043d","version":6,"status":"done","tags":[],"date":"2024-03-19T05:44:57Z","url":{"schema":"http","addr":"help.nextech.net/customer/Remote%20Support-windows32-online.exe","fqdn":"help.nextech.net","domain":"nextech.net","tld":"net"},"ip":{"addr":"20.245.212.70","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T21:32:23Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"help.nextech.net","ip":{"addr":"20.245.212.70","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"1996-12-02","domain_rank":0,"first_seen":"2021-02-26 22:07:46","last_seen":"2024-03-17 04:46:35","alert_count":1,"request_count":1,"received_data":7260941,"sent_data":517,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"b539d3a10672557d24b866acc17f6b76","sha1":"12fb3bd0e7aee0b244338deaa5496858b81ae3a8","sha256":"45abfb2a123949a1889d0e08a5a3d65dc89ce42b3d13a7d6a828de6fded665bb","sha512":"72eec3cc4badd1cfb6a3229128d8dd5b278e2f3816aba1a1bb05fa3226c5d351586c50ab21203e46d7cae919f3a84ab95930d59682bc58e4dfe6ad01f391412f","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":7260624,"url":{"schema":"https","addr":"help.nextech.net/customer/Remote%20Support-windows32-online.exe","fqdn":"help.nextech.net","domain":"nextech.net","tld":"net"},"ip":{"addr":"20.245.212.70","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-03-17","alert":"Scan result 30/73","trigger":"45abfb2a123949a1889d0e08a5a3d65dc89ce42b3d13a7d6a828de6fded665bb","verdict":"malicious","severity":"","comment":"malicious - 30/73","link":"https://www.virustotal.com/gui/file/45abfb2a123949a1889d0e08a5a3d65dc89ce42b3d13a7d6a828de6fded665bb","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"help.nextech.net/customer/Remote%20Support-windows32-online.exe","fqdn":"help.nextech.net","domain":"nextech.net","tld":"net"},"ip":{"addr":"20.245.212.70","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-03-19T05:44:31.173Z","timestamp":1710827071173,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"help.nextech.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 12 Feb 2024 06:50:01 GMT","end":"Sun, 12 May 2024 06:50:00 GMT"},"fingerprint":{"sha1":"83:EB:8C:48:9C:2B:90:7D:3E:18:5C:01:F7:00:6E:22:2D:0E:01:3E","sha256":"86:68:B2:AF:89:65:58:E0:16:41:E3:4D:A8:13:28:80:30:80:D3:5C:5F:91:85:6D:07:86:43:7A:2E:50:38:4E"}}},"request":{"raw":"GET /customer/Remote%20Support-windows32-online.exe HTTP/1.1\r\nHost: help.nextech.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/octet-stream\r\nContent-Disposition: attachment; filename=\"_Nextech Support_-windows32-online.exe\"\r\nContent-Length: 7260624\r\nLast-Modified: Tue, 10 Oct 2023 13:45:29 GMT\r\nCache-Control: private, must-revalidate\r\nPragma: private\r\nServer: SimpleHelp/SSuite-5-4-20231010-143523\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7260624,"size_decoded":7260624,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","md5":"b539d3a10672557d24b866acc17f6b76","sha1":"12fb3bd0e7aee0b244338deaa5496858b81ae3a8","sha256":"45abfb2a123949a1889d0e08a5a3d65dc89ce42b3d13a7d6a828de6fded665bb","sha512":"72eec3cc4badd1cfb6a3229128d8dd5b278e2f3816aba1a1bb05fa3226c5d351586c50ab21203e46d7cae919f3a84ab95930d59682bc58e4dfe6ad01f391412f","ssdeep":"98304:DwIm3vc0p5at/7rTM9n8fl/tIi5A/K83k3fYChTkxAPljwl5ShlnAb3u7luV:DxWvtC9TM90tFYk3XPljwlIhmb","tlshash":"7d762324e6928e7dde175afda04e45ebaa6f9de313c5003327f095d18aa42d0c41fe2d","first_seen":"2024-03-15T05:31:37Z","last_seen":"2024-08-20T07:50:17.469166Z","times_seen":6,"resource_available":false,"data":null}},"time_used":3355,"timings":{"blocked":695,"dns":0,"connect":160,"send":0,"wait":162,"receive":1802,"ssl":534},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-03-17","alert":"Scan result 30/73","trigger":"45abfb2a123949a1889d0e08a5a3d65dc89ce42b3d13a7d6a828de6fded665bb","verdict":"malicious","severity":"","comment":"malicious - 30/73","link":"https://www.virustotal.com/gui/file/45abfb2a123949a1889d0e08a5a3d65dc89ce42b3d13a7d6a828de6fded665bb","meta":null}],"urlquery":null}}]}