Overview

overview

4

Static

static

4

Windows Se...nt.pdf

windows7-x64

1

Windows Se...nt.pdf

windows10-2004-x64

1

Windows Se...2.xlsx

windows7-x64

1

Windows Se...2.xlsx

windows10-2004-x64

1

Windows Se...2.xlsx

windows7-x64

1

Windows Se...2.xlsx

windows10-2004-x64

1

Windows Se...ter.js

windows7-x64

1

Windows Se...ter.js

windows10-2004-x64

1

Windows Se...ser.js

windows7-x64

1

Windows Se...ser.js

windows10-2004-x64

1

Windows Se...rus.js

windows7-x64

1

Windows Se...rus.js

windows10-2004-x64

1

Windows Se...ler.js

windows7-x64

1

Windows Se...ler.js

windows10-2004-x64

1

Windows Se...ler.js

windows7-x64

1

Windows Se...ler.js

windows10-2004-x64

1

Windows Se...ity.js

windows7-x64

1

Windows Se...ity.js

windows10-2004-x64

1

Windows Se...ard.js

windows7-x64

1

Windows Se...ard.js

windows10-2004-x64

1

Windows Se...ver.js

windows7-x64

1

Windows Se...ver.js

windows10-2004-x64

1

Windows Se...rt.ps1

windows7-x64

1

Windows Se...rt.ps1

windows10-2004-x64

1

Windows Se...ll.ps1

windows7-x64

1

Windows Se...ll.ps1

windows10-2004-x64

1

Windows Se...gs.ps1

windows7-x64

1

Windows Se...gs.ps1

windows10-2004-x64

1

Windows Se...es.ps1

windows7-x64

1

Windows Se...es.ps1

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    49590cc694626d171fc934fafea6494f13ecd3843086704b7a5b98355909b8e0.zip.zip

  • Size

    1.2MB

  • MD5

    d2e191c354cc7f575e3160288816361f

  • SHA1

    26a592cc30756f32b666e6c893b3f080c2ca703e

  • SHA256

    22ebe7a4af7dae2931c78315f3db9d58ba9554c154da1cd423ad1b0a0091c859

  • SHA512

    2fb03473e529355a687e78a93ce78727916c15f2972bd51db9dcfe3b04cb2bf53521c59daeeded6d77e50aaf35d1b2d6b4d98dcf907255e36eafe8160981cef4

  • SSDEEP

    24576:6asLwJnK5PkXiD1VdFRk9PkXdmreAF45g5lnKoGyeZ0aJkj8QeizrR:6asPcAXnkKNKeAm5KeZ0+kj8QNR

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • 49590cc694626d171fc934fafea6494f13ecd3843086704b7a5b98355909b8e0.zip.zip
    .zip

    Password: infected

  • 49590cc694626d171fc934fafea6494f13ecd3843086704b7a5b98355909b8e0.zip
    .zip
  • Windows Server-2022-Security-Baseline-FINAL/Documentation/Announcement.pdf
    .pdf

    • https://www.microsoft.com/download/details.aspx?id=55319

    • https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7

    • https://techcommunity.microsoft.com/t5/Microsoft-Security-Baselines/bd-p/Security-Baselines

  • Windows Server-2022-Security-Baseline-FINAL/Documentation/FINAL-MS Security Baseline Windows Server 2022.xlsx
    .xlsx office2007
  • Windows Server-2022-Security-Baseline-FINAL/Documentation/MSFT-WS2022-FINAL.PolicyRules
  • Windows Server-2022-Security-Baseline-FINAL/Documentation/New Settings in Windows Server 2022.xlsx
    .xlsx office2007
  • Windows Server-2022-Security-Baseline-FINAL/GP Reports/MSFT Internet Explorer 11 - Computer.htm
    .js
  • Windows Server-2022-Security-Baseline-FINAL/GP Reports/MSFT Internet Explorer 11 - User.htm
    .js
  • Windows Server-2022-Security-Baseline-FINAL/GP Reports/MSFT Windows Server 2022 - Defender Antivirus.htm
    .js
  • Windows Server-2022-Security-Baseline-FINAL/GP Reports/MSFT Windows Server 2022 - Domain Controller Virtualization Based Security.htm
    .js
  • Windows Server-2022-Security-Baseline-FINAL/GP Reports/MSFT Windows Server 2022 - Domain Controller.htm
    .js
  • Windows Server-2022-Security-Baseline-FINAL/GP Reports/MSFT Windows Server 2022 - Domain Security.htm
    .js
  • Windows Server-2022-Security-Baseline-FINAL/GP Reports/MSFT Windows Server 2022 - Member Server Credential Guard.htm
    .js
  • Windows Server-2022-Security-Baseline-FINAL/GP Reports/MSFT Windows Server 2022 - Member Server.htm
    .js
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/manifest.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{0A531EAC-7B92-4E02-9877-1FB7CBE41398}/Backup.xml
    .xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{0A531EAC-7B92-4E02-9877-1FB7CBE41398}/DomainSysvol/GPO/Machine/comment.cmtx
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{0A531EAC-7B92-4E02-9877-1FB7CBE41398}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{0A531EAC-7B92-4E02-9877-1FB7CBE41398}/DomainSysvol/GPO/Machine/registry.pol
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{0A531EAC-7B92-4E02-9877-1FB7CBE41398}/bkupInfo.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{0A531EAC-7B92-4E02-9877-1FB7CBE41398}/gpreport.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{20FAD6FB-7C6D-496E-801C-0434769847FF}/Backup.xml
    .xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{20FAD6FB-7C6D-496E-801C-0434769847FF}/DomainSysvol/GPO/Machine/comment.cmtx
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{20FAD6FB-7C6D-496E-801C-0434769847FF}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{20FAD6FB-7C6D-496E-801C-0434769847FF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{20FAD6FB-7C6D-496E-801C-0434769847FF}/DomainSysvol/GPO/Machine/registry.pol
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{20FAD6FB-7C6D-496E-801C-0434769847FF}/DomainSysvol/GPO/User/comment.cmtx
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{20FAD6FB-7C6D-496E-801C-0434769847FF}/DomainSysvol/GPO/User/registry.pol
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{20FAD6FB-7C6D-496E-801C-0434769847FF}/bkupInfo.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{20FAD6FB-7C6D-496E-801C-0434769847FF}/gpreport.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{64059F15-E999-4E2F-865D-C0766B886266}/Backup.xml
    .xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{64059F15-E999-4E2F-865D-C0766B886266}/DomainSysvol/GPO/Machine/comment.cmtx
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{64059F15-E999-4E2F-865D-C0766B886266}/DomainSysvol/GPO/Machine/registry.pol
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{64059F15-E999-4E2F-865D-C0766B886266}/bkupInfo.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{64059F15-E999-4E2F-865D-C0766B886266}/gpreport.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{8104AFEB-D49C-4125-92F9-748F50407A6B}/Backup.xml
    .xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{8104AFEB-D49C-4125-92F9-748F50407A6B}/DomainSysvol/GPO/Machine/comment.cmtx
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{8104AFEB-D49C-4125-92F9-748F50407A6B}/DomainSysvol/GPO/Machine/registry.pol
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{8104AFEB-D49C-4125-92F9-748F50407A6B}/bkupInfo.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{8104AFEB-D49C-4125-92F9-748F50407A6B}/gpreport.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{966B53AB-4B25-43F6-BACA-9738F0053331}/Backup.xml
    .xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{966B53AB-4B25-43F6-BACA-9738F0053331}/DomainSysvol/GPO/Machine/comment.cmtx
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{966B53AB-4B25-43F6-BACA-9738F0053331}/DomainSysvol/GPO/Machine/registry.pol
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{966B53AB-4B25-43F6-BACA-9738F0053331}/bkupInfo.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{966B53AB-4B25-43F6-BACA-9738F0053331}/gpreport.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{AAC7C960-51D3-4BEE-89BD-7FB10361AA16}/Backup.xml
    .xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{AAC7C960-51D3-4BEE-89BD-7FB10361AA16}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{AAC7C960-51D3-4BEE-89BD-7FB10361AA16}/bkupInfo.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{AAC7C960-51D3-4BEE-89BD-7FB10361AA16}/gpreport.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{BEA08B79-482E-4216-B5DE-8528F3688DD5}/Backup.xml
    .xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{BEA08B79-482E-4216-B5DE-8528F3688DD5}/DomainSysvol/GPO/User/comment.cmtx
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{BEA08B79-482E-4216-B5DE-8528F3688DD5}/DomainSysvol/GPO/User/registry.pol
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{BEA08B79-482E-4216-B5DE-8528F3688DD5}/bkupInfo.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{BEA08B79-482E-4216-B5DE-8528F3688DD5}/gpreport.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{E2B8214C-729F-4324-A876-F067E58B740B}/Backup.xml
    .xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{E2B8214C-729F-4324-A876-F067E58B740B}/DomainSysvol/GPO/Machine/comment.cmtx
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{E2B8214C-729F-4324-A876-F067E58B740B}/DomainSysvol/GPO/Machine/microsoft/windows nt/Audit/audit.csv
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{E2B8214C-729F-4324-A876-F067E58B740B}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{E2B8214C-729F-4324-A876-F067E58B740B}/DomainSysvol/GPO/Machine/registry.pol
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{E2B8214C-729F-4324-A876-F067E58B740B}/DomainSysvol/GPO/User/comment.cmtx
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{E2B8214C-729F-4324-A876-F067E58B740B}/DomainSysvol/GPO/User/registry.pol
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{E2B8214C-729F-4324-A876-F067E58B740B}/bkupInfo.xml
  • Windows Server-2022-Security-Baseline-FINAL/GPOs/{E2B8214C-729F-4324-A876-F067E58B740B}/gpreport.xml
  • Windows Server-2022-Security-Baseline-FINAL/Scripts/Baseline-ADImport.ps1
  • Windows Server-2022-Security-Baseline-FINAL/Scripts/Baseline-LocalInstall.ps1
    .ps1
  • Windows Server-2022-Security-Baseline-FINAL/Scripts/ConfigFiles/DeltaForNonDomainJoined.inf
  • Windows Server-2022-Security-Baseline-FINAL/Scripts/ConfigFiles/DeltaForNonDomainJoined.txt
  • Windows Server-2022-Security-Baseline-FINAL/Scripts/ConfigFiles/EP-reset.xml
  • Windows Server-2022-Security-Baseline-FINAL/Scripts/Remove-EPBaselineSettings.ps1
  • Windows Server-2022-Security-Baseline-FINAL/Scripts/Tools/LGPO.txt
  • Windows Server-2022-Security-Baseline-FINAL/Scripts/Tools/MapGuidsToGpoNames.ps1
    .ps1
  • Windows Server-2022-Security-Baseline-FINAL/Templates/AdmPwd.admx
  • Windows Server-2022-Security-Baseline-FINAL/Templates/MSS-legacy.admx
  • Windows Server-2022-Security-Baseline-FINAL/Templates/SecGuide.admx
    .xml
  • Windows Server-2022-Security-Baseline-FINAL/Templates/en-US/AdmPwd.adml
  • Windows Server-2022-Security-Baseline-FINAL/Templates/en-US/MSS-legacy.adml
  • Windows Server-2022-Security-Baseline-FINAL/Templates/en-US/SecGuide.adml
    .xml