popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 2fc86c9db4fa365d_222.xlsx.LNK
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\222.xlsx.LNK
Size 1.0KB
Processes 2332 (EXCEL.EXE)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed May 8 17:00:10 2024, mtime=Wed May 8 17:00:10 2024, atime=Wed May 8 17:00:10 2024, length=9715, window=hide
MD5 690d56faeeb9c9d07639d7ca5c03c2b7
SHA1 bcd7a75448d54d385acd44bcb6c277dfabed43e9
SHA256 2fc86c9db4fa365d3f2c4ae54c09ab90e290ea37cf96750ca58c2cb716f28827
CRC32 0888C5E2
ssdeep 12:8RvgXo1vyCPCH2fvqVPR8EvSomyo+6SLr2zmkizCCOLAHqqXFzmNfB34t2YLEPKR:8jvyuvqVRdEyo+Lr2zczNMqtCLPyR
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name d6431d5645fffd05_d93f411851d7c929.customDestinations-ms~RF1b969c5.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1b969c5.TMP
Size 7.8KB
Processes 2176 (powershell.exe) 2864 (powershell.exe)
Type data
MD5 260d23ce04a8f8555a73b7d2dc15e911
SHA1 ebad746fb7de847c50f7502a44f6e35534733efd
SHA256 d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588
CRC32 11D6B213
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name e5f468932fc8256b_index.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012021080920210810\index.dat
Size 32.0KB
Type Internet Explorer cache file version Ver 5.2
MD5 2f2f139ef1a4056ee881cf3ef7364375
SHA1 2c9d556695905b8fc7e7148c61c085262881629c
SHA256 e5f468932fc8256b6f719cb60416c081d0ec560f17866c53c0658704cf270a56
CRC32 02A2F02B
ssdeep 24:qjEOs9Dot2EP3fXJq8QoaZwt+njEUbIostoS:qZGM7/w8QxM+kF
Yara None matched
VirusTotal Search for analysis
Name 7c797bc3c700354b_xd.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\xD.bat
Size 65.1KB
Processes 2176 (powershell.exe)
Type DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5 2e34e0ab9244719305821c38fe213c37
SHA1 9cb80851613191b21ebc40ad985b47fa68d8774c
SHA256 7c797bc3c700354b531d7b0aa4fbcfe6f3221e580d398037cb4ac8f632a9743c
CRC32 69F92E33
ssdeep 1536:dJJD1eHAwt3VtHZh/YIkdmwahCqtPlnHROQbXC1B2qv:i3VtHZhgIWmwahCqVx0QbXk2qv
Yara None matched
VirusTotal Search for analysis
Name 19319db09bd978a3_222.xlsx
Submit file
Filepath C:\Users\test22\AppData\Roaming\222.xlsx
Size 9.5KB
Processes 2176 (powershell.exe)
Type Microsoft Excel 2007+
MD5 8d257f42a0aaa7bf961edf339c3cb5c2
SHA1 264cd05859ca3c8f6fb6200a00cd20291a32ea1b
SHA256 19319db09bd978a341ce0a38c5884b1f6af5a6e8a920f3ca0a5dcb3c9f4bc9af
CRC32 83849B0A
ssdeep 96:wkd8A9V+iuKhvPis/Yi3UnoDF+gThNkPnB+gtmIywB6BtKMoekfygOqInD6/zap7:wc8mVFb3Un68gsB+sfyp/2HbdBUhBoFK
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name c432a4971f309dcd_index.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat
Size 111.0B
Processes 2332 (EXCEL.EXE)
Type ASCII text, with CRLF line terminators
MD5 7f0af6f2b32b4c6870fa9cec4935afdf
SHA1 195beb2afefa40460d2efd6e442521ac246828a2
SHA256 c432a4971f309dcd390eac14be3164e1ebf44b0926f8594a4ebfc0b18ca5afd3
CRC32 7C8313E7
ssdeep 3:bDuMJlwcXAlWCzdJadrXCmxWqJHp6rp2zdJadrXCv:bCkAko+dG9s+dI
Yara None matched
VirusTotal Search for analysis
Name 1c8ba4952119bdd0_roaming.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\Roaming.lnk
Size 583.0B
Processes 1236 (explorer.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Jan 31 20:32:29 2018, mtime=Wed May 8 17:00:15 2024, atime=Wed May 8 17:00:15 2024, length=4096, window=hide
MD5 b5ac053381ecf90297d82d691b8d593c
SHA1 eeabe25b89fa950230fe95eed645c31dcaac44a9
SHA256 1c8ba4952119bdd0fa68359c01acf53183281aac6636bb5863e2c1083e9e19d9
CRC32 F58F95F3
ssdeep 12:8pMhfh4cZCrR8EvSEBT8SLHizCCOLAwgDuu:8pMhmsERdDRCzN+y
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1b93845.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1b93845.TMP
Size 7.8KB
Type data
MD5 b0c9ff441742f3847ea27da9dee7f2cd
SHA1 c42a1eb32ba953a0ce5d8635caabf71b5b281495
SHA256 a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4
CRC32 0BBCAB1A
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name fc14f686e2f40a2c_222.xlsx.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\222.xlsx.lnk
Size 760.0B
Processes 1236 (explorer.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed May 8 17:00:10 2024, mtime=Wed May 8 17:00:10 2024, atime=Wed May 8 17:00:10 2024, length=9715, window=hide
MD5 707364f4d3d417319f43a3466a907471
SHA1 4adf039889ba5b69cc556046c62ac2e643161af6
SHA256 fc14f686e2f40a2c22e9deb87db0d1dbd23ef18b1e41c47baa34a15947b6cce1
CRC32 0785D5B7
ssdeep 12:8Ggu4cZCrR8EvSEBT8SLr2zmkizCCOLAHqqXtd/MJCg9:8GCsERdDRr2zczNMqUIK
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis