Report - download.winandoffice.com/Volume/office/2024/EN/Office_2024_EN

Report Overview

Visitedpublic

2024-07-25 02:15:47

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-24 18:12:02	2.9 kB	8.0 kB	23.33.119.57
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-07-24 18:12:19	327 B	888 B	23.33.119.27
download.winandoffice.com	unknown	2019-10-14	2020-09-11 13:19:24	2024-03-18 22:08:19	527 B	2.9 MB	199.85.209.82

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-07-25	medium	download.winandoffice.com/Volume/office/2024/EN/Office_2024_EN_64Bits.exe	Detects an SFX archive with automatic script execution

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

download.winandoffice.com/Volume/office/2024/EN/Office_2024_EN_64Bits.exe

IP / ASN

199.85.209.82

#22612 NAMECHEAP-NET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

Size2.9 MB (2939800 bytes)

MD57408133e63aa3d775beedba6ea6ed3e9

SHA1c0c98105a43f1478e659ca675be30ac56fe0bcb7

SHA2560157afe7fbb8757a5f92bbb9d2dfbc2f06d9a1a8493b6d25e64a1735ac455811

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects an SFX archive with automatic script execution

JavaScript (0)

HTTP Transactions (11)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen8450

Size504 B (504 bytes)

MD58ee91f15329e1523b1f6bd250d539943

SHA16972bcf5758adc1f49f957cace3db5a9946258f9

SHA256817924c0d86deb9a192c4ec3aa86ff6468fd399272a429ad872b4f0b6c73b73e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "817924C0D86DEB9A192C4EC3AA86FF6468FD399272A429AD872B4F0B6C73B73E"
Last-Modified: Wed, 24 Jul 2024 18:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5887
Expires: Thu, 25 Jul 2024 03:53:28 GMT
Date: Thu, 25 Jul 2024 02:15:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen14052

Size504 B (504 bytes)

MD5559312780d7c69aabb31f612abe74b95

SHA10d0356dc28789b5b2b0164783f2c79b6b7b82f6a

SHA25620293009653baaf415bde5c2223feb0a6562281a1dfbcc6af42d844341da6d26

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "20293009653BAAF415BDE5C2223FEB0A6562281A1DFBCC6AF42D844341DA6D26"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9477
Expires: Thu, 25 Jul 2024 04:53:18 GMT
Date: Thu, 25 Jul 2024 02:15:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-24

Last Seen2024-08-19

Times Seen14863

Size504 B (504 bytes)

MD553c120d8bd28a824c423b6b51e6a5f07

SHA18c8f9015ddb4e7bbd18c0b35103ff1e8a0b7d5c1

SHA2560ef528831322336534e6b28ac3db61ac793b2b52f700672aee09ee5b1c92a2c7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0EF528831322336534E6B28AC3DB61AC793B2B52F700672AEE09EE5B1C92A2C7"
Last-Modified: Wed, 24 Jul 2024 18:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15551
Expires: Thu, 25 Jul 2024 06:34:32 GMT
Date: Thu, 25 Jul 2024 02:15:21 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen13091

Size504 B (504 bytes)

MD50b6f864b0a3d0cf483b0830bdb98cded

SHA112564f2826ce74a640c3b65ef52d12f21c8e6f3c

SHA256d32892cb09f33f4057712b1c1b511af5ea5528cd0f23ba90858d659ec4fcd190

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D32892CB09F33F4057712B1C1B511AF5EA5528CD0F23BA90858D659EC4FCD190"
Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15771
Expires: Thu, 25 Jul 2024 06:38:12 GMT
Date: Thu, 25 Jul 2024 02:15:21 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL

r11.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-08-19

Times Seen5

Size504 B (504 bytes)

MD5b78010c4817374139d5c4d24e78bcb05

SHA1091e8391a3d23ac95ec961836b5749a1b22a13f2

SHA2564100c3593ea3869fc6a58872a9c3c98400de1598dd0f9400cf6c9ca59408a83c

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4100C3593EA3869FC6A58872A9C3C98400DE1598DD0F9400CF6C9CA59408A83C"
Last-Modified: Wed, 24 Jul 2024 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21575
Expires: Thu, 25 Jul 2024 08:14:56 GMT
Date: Thu, 25 Jul 2024 02:15:21 GMT
Connection: keep-alive

GET download.winandoffice.com/Volume/office/2024/EN/Office_2024_EN_64Bits.exe

199.85.209.82

200 OK

2.9 MB

URL

download.winandoffice.com/Volume/office/2024/EN/Office_2024_EN_64Bits.exe

IP / ASN

199.85.209.82

#22612 NAMECHEAP-NET

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

First Seen2024-08-19

Last Seen2025-05-24

Times Seen33

Size2.9 MB (2939800 bytes)

MD57408133e63aa3d775beedba6ea6ed3e9

SHA1c0c98105a43f1478e659ca675be30ac56fe0bcb7

SHA2560157afe7fbb8757a5f92bbb9d2dfbc2f06d9a1a8493b6d25e64a1735ac455811

Certificate Info

IssuerLet's Encrypt

Subjectdownload.winandoffice.com

Fingerprint7A:08:48:6B:A1:B0:72:D3:FE:58:9E:CA:B5:D4:A9:06:75:20:BE:0B

ValidityMon, 08 Jul 2024 15:02:18 GMT - Sun, 06 Oct 2024 15:02:17 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects an SFX archive with automatic script execution

HTTP Headers

GET /Volume/office/2024/EN/Office_2024_EN_64Bits.exe HTTP/1.1
Host: download.winandoffice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 25 Jul 2024 02:15:21 GMT
Content-Type: application/octet-stream
Content-Length: 2939800
Last-Modified: Wed, 05 Jun 2024 15:03:29 GMT
Connection: keep-alive
ETag: "66607e41-2cdb98"
Accept-Ranges: bytes

r10.o.lencr.org/

23.33.119.57

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen12057

Size504 B (504 bytes)

MD5edb57be0536524541d7ac5d4ee6b5585

SHA1a34a54318477c70e34c9f5e27cba428b4530b05b

SHA256895b01022c914d4f0facb78182c6ed0ee5c7b3c6b10516327dc5f08a54dc0204

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "895B01022C914D4F0FACB78182C6ED0EE5C7B3C6B10516327DC5F08A54DC0204"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12297
Expires: Thu, 25 Jul 2024 05:40:20 GMT
Date: Thu, 25 Jul 2024 02:15:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen12057

Size504 B (504 bytes)

MD5edb57be0536524541d7ac5d4ee6b5585

SHA1a34a54318477c70e34c9f5e27cba428b4530b05b

SHA256895b01022c914d4f0facb78182c6ed0ee5c7b3c6b10516327dc5f08a54dc0204

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "895B01022C914D4F0FACB78182C6ED0EE5C7B3C6B10516327DC5F08A54DC0204"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12297
Expires: Thu, 25 Jul 2024 05:40:20 GMT
Date: Thu, 25 Jul 2024 02:15:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen12057

Size504 B (504 bytes)

MD5edb57be0536524541d7ac5d4ee6b5585

SHA1a34a54318477c70e34c9f5e27cba428b4530b05b

SHA256895b01022c914d4f0facb78182c6ed0ee5c7b3c6b10516327dc5f08a54dc0204

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "895B01022C914D4F0FACB78182C6ED0EE5C7B3C6B10516327DC5F08A54DC0204"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12297
Expires: Thu, 25 Jul 2024 05:40:20 GMT
Date: Thu, 25 Jul 2024 02:15:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen12057

Size504 B (504 bytes)

MD5edb57be0536524541d7ac5d4ee6b5585

SHA1a34a54318477c70e34c9f5e27cba428b4530b05b

SHA256895b01022c914d4f0facb78182c6ed0ee5c7b3c6b10516327dc5f08a54dc0204

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "895B01022C914D4F0FACB78182C6ED0EE5C7B3C6B10516327DC5F08A54DC0204"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12297
Expires: Thu, 25 Jul 2024 05:40:20 GMT
Date: Thu, 25 Jul 2024 02:15:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-25

Last Seen2024-08-19

Times Seen12057

Size504 B (504 bytes)

MD5edb57be0536524541d7ac5d4ee6b5585

SHA1a34a54318477c70e34c9f5e27cba428b4530b05b

SHA256895b01022c914d4f0facb78182c6ed0ee5c7b3c6b10516327dc5f08a54dc0204

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "895B01022C914D4F0FACB78182C6ED0EE5C7B3C6B10516327DC5F08A54DC0204"
Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12297
Expires: Thu, 25 Jul 2024 05:40:20 GMT
Date: Thu, 25 Jul 2024 02:15:23 GMT
Connection: keep-alive