popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name af8a2dcd211398a5_public.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\Public.LNK
Size 793.0B
Processes 2364 (WINWORD.EXE)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Mon Jul 13 18:20:08 2009, mtime=Fri Oct 22 16:21:15 2021, atime=Fri Oct 22 16:21:15 2021, length=4096, window=hide
MD5 d3faaa017c67fa7877422f08e2493140
SHA1 cd9cb3186fd63a3c45fabd4b7c2b14aae1dd2f44
SHA256 af8a2dcd211398a5f1fefd64554d8c20ea50fe6228a24793250aed3a1980b944
CRC32 78865019
ssdeep 12:8iL78hgXo1vyCPCHesk5YCACmRizCV5v5v4t2YLEPKzlX8ySKkKH:8iEvyvgzkv3PyWHO
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 44509ecf63c8aa61_~$dlovecaroline.hta
Submit file
Filepath C:\Users\Public\~$dLoveCaroline.hta
Size 162.0B
Processes 2364 (WINWORD.EXE)
Type data
MD5 7d4d534a68ca07e6d7695ada887e8927
SHA1 10134829ee47280c0777e800672d71e45b7b16a2
SHA256 44509ecf63c8aa61cc96ebb6b263b41c61e923139248381d0cc20120a687ac3b
CRC32 8650E349
ssdeep 3:yW2lWRdI/t/W6L7TtvZJK7d2tpuItQmLl3ipC:y1lWE/WmXdXK7QbVQmxiM
Yara None matched
VirusTotal Search for analysis
Name dace5ad59099429d_desktop.ini
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\History\History.IE5\desktop.ini
Size 145.0B
Processes 3024 (regsvr32.exe)
Type Windows desktop.ini, ASCII text, with CRLF line terminators
MD5 ba96961f5e22882527919e19daea510f
SHA1 e10e8bebbd0573e3a1494ea3f21682f7490c427b
SHA256 dace5ad59099429d8aed4ee279f1263efb65d64456931398465a396cf0e79bd7
CRC32 53D69EBC
ssdeep 3:0NdQDjotjIAXNam+p28jqGiEI7fOLyovZeLhzUzYcB:0NwoyAXNxW28CEI7QyyZeNUzxB
Yara None matched
VirusTotal Search for analysis
Name 47b1d078160ba527_~wrs{42cc708e-fb11-4d68-98dd-300b6c6d0b1c}.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{42CC708E-FB11-4D68-98DD-300B6C6D0B1C}.tmp
Size 20.5KB
Processes 2364 (WINWORD.EXE)
Type data
MD5 83be01f8a22b5c3b96bea6d58d81c5e3
SHA1 335945de50bbde762f2706e909fb408b952be12c
SHA256 47b1d078160ba527108dc5251fcd308fde542a69cbdefdc8790bca47bb40922f
CRC32 F8019094
ssdeep 96:T9ygpf1i6bKKYYK0h27lJfZcucCzIzkJrvNj8NWkXtNwIXFXM40bdz8CLI3OXTA4:nxF0KwpqRFiFzFvFAmFfqwu94
Yara None matched
VirusTotal Search for analysis
Name 338e677c571d6aa1_index.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat
Size 147.0B
Processes 2364 (WINWORD.EXE)
Type ASCII text, with CRLF line terminators
MD5 a578962dc7be1252c3a3f3e162eae22e
SHA1 ac1fc8543ca4b3e1a864b6d36e6e4b67d052c1d3
SHA256 338e677c571d6aa1c861d2fa50871c6f80e6021c7c5954a99a1f001d4acf18b3
CRC32 4F0A3B27
ssdeep 3:bDuMJlwcXAlWCtYrSPrAzXKJMeSXCmxWqJHp6rp2PrAzXKJMeSXCv:bCkAkUYrmr6ScXK9qr6ScXs
Yara None matched
VirusTotal Search for analysis
Name 80082de061283932_redlovecaroline.hta.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\redLoveCaroline.hta.LNK
Size 965.0B
Processes 2364 (WINWORD.EXE)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Oct 22 16:21:15 2021, mtime=Fri Oct 22 16:21:15 2021, atime=Fri Oct 22 16:21:15 2021, length=3276, window=hide
MD5 e7262d34f0681ca84bd762511fd0a6d4
SHA1 fdaae939cea710549f6273928ef1ea77e2a575cb
SHA256 80082de0612839327b968de8c7682e0ace2d6eebc6dd85deeb3dc9f807a1e465
CRC32 817F498A
ssdeep 12:8i7za0gXo1vyCPCHesk5YCACmTWRWZLd8juizCWvWsL0v5v4t2YLEPKzlX8yoVO:8CvyvyGdYNzX0v3Pyt
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 2842973d15a14323_desktop.ini
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini
Size 67.0B
Processes 3024 (regsvr32.exe)
Type Windows desktop.ini, ASCII text, with CRLF line terminators
MD5 4a3deb274bb5f0212c2419d3d8d08612
SHA1 fa52f823b821155cf0ec527d52ce9b1390ec615e
SHA256 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
CRC32 6C4EDE16
ssdeep 3:0NdQDjo8hzUzYcB:0NwosUzxB
Yara None matched
VirusTotal Search for analysis
Name 4826c0d860af884d_~wrs{7541d934-6ee9-4090-bbeb-8cb2184430e2}.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7541D934-6EE9-4090-BBEB-8CB2184430E2}.tmp
Size 1.0KB
Processes 2364 (WINWORD.EXE)
Type data
MD5 5d4d94ee7e06bbb0af9584119797b23a
SHA1 dbb111419c704f116efa8e72471dd83e86e49677
SHA256 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
CRC32 23C03491
ssdeep 3:ol3lYdn:4Wn
Yara None matched
VirusTotal Search for analysis
Name 17f59e648ce1f3bb_kingyoulove.jpg
Submit file
Filepath C:\Users\Public\kingYouLove.jpg
Size 840.1KB
Processes 2648 (mshta.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 f765b46337f86c3252a29d4100796c84
SHA1 30fd36fe59256ec29e07e790dd97b73619cfa4d6
SHA256 17f59e648ce1f3bb8967cfc0d4962f86807d00c73b97475f074eb561d2279754
CRC32 426E5453
ssdeep 12288:Y0DgYq89aJyKXwAmliposlBT0sVxVTrU7RnVhGqYtZsUSdEPGv:Y0DgRiUAzFsD35TrU7RnzS3sUcv
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 87617128fe8ee966_~$normal.dotm
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
Size 162.0B
Processes 2364 (WINWORD.EXE)
Type data
MD5 0b3e8d3ff50d91ecf8b0ca74777e871b
SHA1 15174c93043ea3386b51c1b437a0437ebbabab7a
SHA256 87617128fe8ee9660911b180253e320076171c73073f18500a7219067c15a371
CRC32 65E46E64
ssdeep 3:yW2lWRdI/t/W6L7TtvZJK7d2tpuItQmLl37/:y1lWE/WmXdXK7QbVQmx7/
Yara None matched
VirusTotal Search for analysis