popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

NASA Database.lnk

GIF Format Lnk Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 18, 2023, 4:21 p.m. Sept. 18, 2023, 4:23 p.m.
Size 181.3KB
Type MS Windows shortcut, Item id list present, Icon number=16288, Hidden, Volume Label, Directory, Compressed, ctime=Mon Oct 25 03:41:43 2973, mtime=Fri Apr 21 01:19:25 3217, atime=Thu Oct 6 01:26:12 4360, length=286266138, window=hide
MD5 4a7768c7ca725f7ec70694d807c7f739
SHA256 c7aa272fb423722879b8b3f80d992618f0e1ce9e51366430452282e1500be770
CRC32 15331F69
ssdeep 3072:TSTuTHGHdf8Aen87WcKUEHwLlP6jLECfzSIiG7dydH/Jy3pFyjufkL9ereLFLl2/:TrHAfreBcKlslijBrziGJydH/JyZXm9Y
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
94.131.99.140 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Access is denied.
console_handle: 0x0000000b
1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 3020
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73dd2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3020
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02e80000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3020
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73d13000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\NASA Database.lnk
host 94.131.99.140
dead_host 94.131.99.140:445
dead_host 94.131.99.140:139