popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 789c71729549a8b6_fede.wmd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Fede.wmd
Size 872.8KB
Processes 1616 (174.exe)
Type data
MD5 e47a9d316b596cfeacf331b5dc0f3bdb
SHA1 731b315796a76ead41460c2ea97a64edcec4fb4a
SHA256 789c71729549a8b67601073c70dab775fd8dc6932d3c7033d2c22338d2798f36
CRC32 1D39F823
ssdeep 12288:VpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:VT3E53Myyzl0hMf1tr7Caw8M01
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 3101b7eda4b1822d_solleva.wmd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Solleva.wmd
Size 2.3MB
Processes 1616 (174.exe)
Type ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5 7dbfac927541d3e997c0946ced19cd6a
SHA1 2573d7938fe135ce24260bec692617b29aa1d2b2
SHA256 3101b7eda4b1822d55f2ed12f034b57296555160fbe694d5f8ca204e06a7f6a9
CRC32 FF386731
ssdeep 24576:bnaISemEzvU/+UBqtSjea7D3S5nHNU4NVfvibJMwrBGIuuqWveIvgvkFhJhRwvQE:bTSga6F
Yara
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name aea72114306ed324_perde.wmd
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Perde.wmd
Size 377.0B
Processes 1616 (174.exe)
Type ASCII text, with CRLF line terminators
MD5 c907c39a623c3791303ba7464b898127
SHA1 1abe75c0379fc60e45f8d1e18c1a005fc74109d3
SHA256 aea72114306ed324533949f7846b91397e0a831aff8dbd57a5ddeb91a9c89895
CRC32 80FC8D26
ssdeep 6:jkSrKPhOSL9uFiggrHKW9FigzEUGgw+EMaZ1OxW6i7QgtDuymChEUGF4UG2nKPCy:fOPhOSLgGtSgIfgw1fOxu7Q8pvh+2fxT
Yara None matched
VirusTotal Search for analysis