Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Dropped Files | ZeroBOX

Name	744d7fa3ec60e83e_redkingin.hta.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\redKingIn.hta.LNK
Size	935.0B
Processes	2280 (WINWORD.EXE)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Oct 21 00:25:32 2021, mtime=Thu Oct 21 00:25:32 2021, atime=Thu Oct 21 00:25:32 2021, length=3118, window=hide
MD5	`2a4098c14ff730ee7115f52a877ddc2c`
SHA1	`731420a315598af7ba078d4bb21a738a38e3765f`
SHA256	`744d7fa3ec60e83e0c5a3949199f3e2da8df81c2ecf6950ccb309d2ee3f716f4`
CRC32	`20EFBD16`
ssdeep	`12:8Mlc20gXo1vyCPCHeY7E7YCACmDJcqe4izCIu5WsHv5v4t2YLEPKzlX8yoVO:8MCvyMwDJFQzwv3Pyt`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	3b99611a6aa69483_index.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat
Size	135.0B
Processes	2280 (WINWORD.EXE)
Type	ASCII text, with CRLF line terminators
MD5	`2af81900c3e32d59cadf1a382634a2e5`
SHA1	`c80eae3020ec49e0db1ae5f71f682f40bc54bd31`
SHA256	`3b99611a6aa69483baa90b80144840b8c9daf0184f252b0f9a96309cf4da82c7`
CRC32	`3683E19C`
ssdeep	`3:bDuMJlwcXAlWCtYrSPZq5SXCmxWqJHp6rp2PZq5SXCv:bCkAkUYrmZ4SXK9qZ4SXs`
Yara	None matched
VirusTotal	Search for analysis

Name	d4f4a5241a9f68f2_carolinelineline.jpg Submit file
Filepath	C:\Users\Public\carolineLineLine.jpg
Size	10.1MB
Processes	2612 (mshta.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`68bdeb85fdd67ffd40a1b80e8027b841`
SHA1	`a1f1b2d7e42e09d98acaaac22f721926d83b8e5f`
SHA256	`d4f4a5241a9f68f2441704131d318409fca2ce0f9f134373b53c1f56823ea56a`
CRC32	`48F0AA6F`
ssdeep	`196608:BpYVxTIyqNt7t5zj/cx4UoxLKnpCpbmhA7x2vSKLu69MeG4id9rxm2FintDyLQV7:BqdGpFkaUoeC0hAF2vSKySGtddxEoK`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b75069bcdf57a396_public.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\Public.LNK
Size	793.0B
Processes	2280 (WINWORD.EXE)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Mon Jul 13 18:20:08 2009, mtime=Thu Oct 21 00:25:32 2021, atime=Thu Oct 21 00:25:32 2021, length=4096, window=hide
MD5	`08d19ceee0c11e71a7652eb7eb1fdf1f`
SHA1	`15ccbd379133f0d324120c3a6f97b5692f739e1b`
SHA256	`b75069bcdf57a39657796785293495c3caa99e583b4130ef769bba9d34e084ec`
CRC32	`95BBD813`
ssdeep	`12:8yehgXo1vyCPCHeAb6bP5YCACmRizCV5v5v4t2YLEPKzlX8y6SR:8yCvyKagzkv3PyeSR`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	3f8189a3949ab4bf_~$normal.dotm Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
Size	162.0B
Processes	2280 (WINWORD.EXE)
Type	data
MD5	`d29367bcffdbf430b0baaedbbc5c4134`
SHA1	`3f7fa96c489836b942a295271504984aae5f997a`
SHA256	`3f8189a3949ab4bff175c6fe865ae385fd03721d82a45af36a73c4480389e20d`
CRC32	`55E9025B`
ssdeep	`3:yW2lWRdV0lvW6L7AmXK7iOZ9FItd/lRpNX:y1lWSvWm0aK7i29WdJNX`
Yara	None matched
VirusTotal	Search for analysis

Name	363760b10eea91f8_~$dkingin.hta Submit file
Filepath	C:\Users\Public\~$dKingIn.hta
Size	162.0B
Processes	2280 (WINWORD.EXE)
Type	data
MD5	`9754c958496d37e0c892a68941965d2c`
SHA1	`2453ba69eba5d7856f86befc41341621efe5c532`
SHA256	`363760b10eea91f8cfb58c47c5919230b23df444412c698ad52790c96bda3cb4`
CRC32	`A4DCE292`
ssdeep	`3:yW2lWRdV0lvW6L7AmXK7iOZ9FItd/lRzz/l:y1lWSvWm0aK7i29WdTzt`
Yara	None matched
VirusTotal	Search for analysis

Name	4826c0d860af884d_~wrs{bec92089-1fe2-4cb7-bf7b-0f533a636222}.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BEC92089-1FE2-4CB7-BF7B-0F533A636222}.tmp
Size	1.0KB
Processes	2280 (WINWORD.EXE)
Type	data
MD5	`5d4d94ee7e06bbb0af9584119797b23a`
SHA1	`dbb111419c704f116efa8e72471dd83e86e49677`
SHA256	`4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1`
CRC32	`23C03491`
ssdeep	`3:ol3lYdn:4Wn`
Yara	None matched
VirusTotal	Search for analysis

Name	261235b5b0f2d2a1_~wrs{6d71f81f-8570-412b-9c6f-d7cf464a878c}.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D71F81F-8570-412B-9C6F-D7CF464A878C}.tmp
Size	19.6KB
Processes	2280 (WINWORD.EXE)
Type	data
MD5	`aa958d8b3e253fb00bd4eae9dfb880b4`
SHA1	`c1f348ac1eed97e5ab8dee568c732c6a12e824fd`
SHA256	`261235b5b0f2d2a18b6f96d3ea69dc1fab87185026cc69d45d8e5adfbfd4b2e8`
CRC32	`CC50A958`
ssdeep	`192:Ci9ugy0ijQTPyqHMSUcnAm3synFFmmEPT7vgsMs7sOsrFR0cSR0cjSR0cv2pmzZa:BqsAm+`
Yara	None matched
VirusTotal	Search for analysis