Report - app.polishbox.pl/assets/files/ACPack.zip

Report Overview

Visited public
2024-01-28 11:27:28
Tags
URL
app.polishbox.pl/assets/files/ACPack.zip
Finishing URL
about:privatebrowsing
IP / ASN
172.67.164.174
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

23

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
app.polishbox.pl	unknown	2022-07-14	2023-08-01 19:57:08	2023-11-22 19:16:00	494 B	10 MB	172.67.164.174

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
app.polishbox.pl/assets/files/ACPack.zip
IP
172.67.164.174
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
10 MB (10507613 bytes)
Hash
1799b6ed988356ade1041c7f2be9f395
65f1f324ebdc564dcf150bdaf29f904d640d85e6
a041c81acf6e7a96b71a90f8e5a69d731adb36429cfe8225594ecdb81b30b4d9

Archive (19)

Filename

Md5

File type

journal-tool.exe

445fbbeb5d7ab4cf029200c856b20d05

PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 19 sections

Everything.exe

b98c70b0e0c08e7a4145c4aa397e3b97

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Everything.lng

f0a0e1f275ed1fbfef86948b14c3885f

data

kprocesshacker.sys

1b5c3c458e31bede55145d0644e88d75

PE32+ executable (native) x86-64, for MS Windows, 7 sections

peview.exe

dde1f44789cd50c1f034042d337deae3

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

DotNetTools.dll

b16ce8ba8e7f0ee83ec1d49f2d0af0a7

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

ExtendedNotifications.dll

be4dc4d2d1d05001ab0bb2bb8659bfad

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

ExtendedServices.dll

4858bdb7731bf0b46b247a1f01f4a282

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

ExtendedTools.dll

bc61e6fb02fbbfe16fb43cc9f4e949f1

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

HardwareDevices.dll

a46c8bb886e0b9290e5dbc6ca524d61f

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

NetworkTools.dll

d6bed1d6fdbed480e32fdd2dd4c13352

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

OnlineChecks.dll

12c25fb356e51c3fd81d2d422a66be89

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

SbieSupport.dll

37cbfa73883e7e361d3fa67c16d0f003

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

ToolStatus.dll

3788efff135f8b17a179d02334d505e6

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

Updater.dll

6976b57c6391f54dbd2828a45ca81100

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

UserNotes.dll

e48c789c425f966f5e5ee3187934174f

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

WindowExplorer.dll

0e8d04159c075f0048b89270d22d2dbb

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

ProcessHacker.exe

b365af317ae730a67c936f21432b9c71

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

WinPrefetchView.exe

0bda189b15f2fb42365d37ec8c6d77f7

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
Public Nextron YARA rules	malware	Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - kprocesshacker.sys
Elastic Security YARA Rules	malware	Windows.Hacktool.ProcessHacker
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 31/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

app.polishbox.pl/assets/files/ACPack.zip

172.67.164.174

200 OK

10 MB

URL User Request GET HTTP/2
app.polishbox.pl/assets/files/ACPack.zip
IP
172.67.164.174:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectpolishbox.pl
FingerprintAF:7C:16:74:A8:12:94:CF:01:61:B7:A1:98:69:B2:9F:A0:17:7A:5F
ValiditySun, 07 Jan 2024 13:39:59 GMT - Sat, 06 Apr 2024 13:39:58 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
10 MB (10507613 bytes)
Hash
1799b6ed988356ade1041c7f2be9f395
65f1f324ebdc564dcf150bdaf29f904d640d85e6
a041c81acf6e7a96b71a90f8e5a69d731adb36429cfe8225594ecdb81b30b4d9

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 31/65

HTTP Headers

GET /assets/files/ACPack.zip HTTP/1.1
Host: app.polishbox.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 28 Jan 2024 11:26:58 GMT
content-type: application/zip
content-length: 10507613
last-modified: Sun, 05 Nov 2023 21:43:20 GMT
etag: "65480c78-a0555d"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-robots-tag: none
content-security-policy: frame-ancestors 'self'
x-frame-options: DENY
referrer-policy: same-origin
cache-control: max-age=120
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V5d2A5MUDaBLM4X5KBptDXH1OTucghGkmSVGH5H5LuWtDEGhSkbGMY5qOwY707sX42j6C2UYjqrUISE0AYPcQGEJaV3gQ0fGjUsqvm%2B1yecp3tcULyPHJcnaiWW8EtC7airP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84c8e22dae1056bd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2