popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

E9DF1F28CFBC831B89A404816A0242EAD5BB142C.hwp

PS PostScript Lnk Format GIF Format MSOffice File HWP
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 25, 2024, 1:53 p.m. Jan. 25, 2024, 1:55 p.m.
Size 75.0KB
Type Hangul (Korean) Word Processor File 5.x
MD5 e5a10df3734802a63d6f10a63ff0054c
SHA256 8510b40c23826fb3ee9cbc0a7b58b5176338020e6524bf9938f1efaadcbf973c
CRC32 3761BB36
ssdeep 1536:MmmxF9l4IgrVY9dHux2OHiBjavjIEfpTdg:MZD9pCuGTHiVabIGp
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
  • HWP_file_format - HWP Document File
  • Win32_HWP_PostScript_Zero - Detect a HWP with embedded Post Script code

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2676
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dd2000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Roaming\HNC\Office\Recent\E9DF1F28CFBC831B89A404816A0242EAD5BB142C.hwp.lnk
file C:\Users\test22\AppData\Roaming\HNC\Office\Recent\Temp.folder.lnk
file C:\Users\test22\AppData\Roaming\HNC\Office\Recent\E9DF1F28CFBC831B89A404816A0242EAD5BB142C.hwp.lnk
file C:\Users\test22\AppData\Roaming\HNC\Office\Recent\Temp.folder.lnk
Skyhigh Artemis
ALYac Trojan.Downloader.HWP.Agent
Symantec Trojan.Mdropper
ESET-NOD32 HWP/TrojanDownloader.Agent.N
TrendMicro-HouseCall Trojan.W97M.FRS.VSNW09A24
Avast Other:Malware-gen [Trj]
TrendMicro Trojan.W97M.FRS.VSNW09A24
ViRobot HWP.S.Downloader.76800
AhnLab-V3 Downloader/HWP.Agent
AVG Other:Malware-gen [Trj]