Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 08:09
Google Judge Questions...
09.21 08:09
US Leans on Shipbuildi...
09.21 08:09
Mechanical Logic Gates...
09.21 08:09
Sarah Silverman Lawyer...
09.21 07:09
September 21, 2024
09.21 06:09
GAO to unveil findings...
09.21 06:09
Snowflake Hacker Still...
09.21 06:09
SEC Blasts Musk for At...
09.21 06:09
Silicon Valley Investo...
09.21 06:09
Shroombots, pagers, To...

Summary | ZeroBOX

MS_calendar.lnk

GIF Format Lnk Format

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 6, 2024, 3:03 p.m.	Aug. 6, 2024, 3:05 p.m.

Size	2.3KB
Type	MS Windows shortcut, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sun Aug 4 14:17:22 2024, mtime=Sun Jun 30 18:33:05 2024, atime=Sun Jun 30 18:33:05 2024, length=101888, window=hidenormalshowminimized
MD5	`88a0d644536b00f6d49bd9891223784c`
SHA256	`bd61dfd251ec841aa098482542125798e34d7382a4b3a730dafe4ffef571a6ed`
CRC32	`DBD94128`
ssdeep	`48:8qDuui7Z6RIZDuu2A/TDuuh3PN73c8Duup/TDuu:8qDhIZDh28DhhVDc8DhVDh`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "VsKcnZWobLf" C:\Users\test22\AppData\Local\Temp\MS_calendar.lnk
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
216.9.224.58	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49163 -> 216.9.224.58:5555	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 216.9.224.58:5555	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49163 -> 216.9.224.58:5555	2047742	ET HUNTING WebDAV Retrieving .exe	Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 216.9.224.58:5555	2047742	ET HUNTING WebDAV Retrieving .exe	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Aug. 6, 2024, 3:03 p.m.	computer_name: TEST22-PC	1	1	0

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Aug. 6, 2024, 3:03 p.m.	buffer: Access is denied. console_handle: 0x0000000b	1	1	0

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceW Aug. 6, 2024, 3:03 p.m.	number_of_free_clusters: 3252842 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \\?\Volume{c2d901c4-0706-11e8-912e-806e6f6e6963}\ total_number_of_clusters: 8362495	1	1	0

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\MS_calendar.lnk

File has been identified by one AntiVirus engine on VirusTotal as malicious (1 event)

DrWeb

LNK.Downloader.406

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Aug. 6, 2024, 3:03 p.m.	flags: 15 family: 0		111	0

Communicates with host for which no DNS query was performed (1 event)

host

216.9.224.58