popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 753335bb464f2471_rns.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\rns.bat
Size 217.0B
Processes 2548 (베트남 녹지원 상춘재 행사 견적서.hwp .exe) 2612 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 4b61aa101bf307af1977348a9be281d5
SHA1 c8682a5f7e55df21faf775c2e1859a39561e5b48
SHA256 753335bb464f2471d168b14cf69c4c847a0d22d6f6fbec7941bedf360a4ae80b
CRC32 01BBE438
ssdeep 6:mRUQmQpcLJ23fdaHLsMD2UmQpcLJ23fdaHLa0qQmQpcLJ23fkYln:mRUmOLM1anOLM1aW3mOLMcYln
Yara None matched
VirusTotal Search for analysis
Name 6dfce07abc39e5d6_베트남 녹지원 상춘재 행사 견적서.hwp .exe
Submit file
Size 468.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 35d60d2723c649c97b414b3cb701df1c
SHA1 9944ce9354fb8961826339770ffc118000058271
SHA256 6dfce07abc39e5d6aebd74a1850ad65cc6ce10a8540b551c4f6d441ec4cf48ab
CRC32 5C17FF35
ssdeep 3072:Gbd/5pl6sI/8EOoulXCjiaOOsJpAG9BU1cdvjbE:sdrI/XOlVaOO4zUM0
Yara
  • HWP_file_format - HWP Document File
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Microsoft_Office_File_Zero - Microsoft Office File
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 1050935f6acee3af_newact.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\NewACt.dat
Size 109.0KB
Processes 2548 (베트남 녹지원 상춘재 행사 견적서.hwp .exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 e54b370d96ca0e2ecc083c2d42f05210
SHA1 03c35e4c6a641373db665e7d58cea421188fbc82
SHA256 1050935f6acee3afda3876478718632b968c986eb9c59fc2e27599c1515515f5
CRC32 C708522F
ssdeep 1536:EoBHmDG4ulAAVqSSQMyBaOOsJWGAEsuP9BU1QOkdR1jbEZWdddddddW:EOoulXCjiaOOsJpAG9BU1cdvjbE
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 11cfe19e43cb536c_f4fe.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\F4FE.tmp
Size 724.0B
Processes 2716 (rundll32.exe)
Type data
MD5 c20b220ddee2a5722727530a37e0d5eb
SHA1 be26de79434ad70240f9646b5d0b504fad665b19
SHA256 11cfe19e43cb536c22945463096ae103e05476fcc65284f558f732cef83d74da
CRC32 ED95ECD9
ssdeep 12:2/3s8qejqveE0Q2wQ5Wyyvbq1I+zbGn0zxgz8TNUCnZ/5yuM3yQ6/XlBnZZ/5OSm:oL3jc70j5W9W1DPGnKxgz8TNUgZ/YF3j
Yara None matched
VirusTotal Search for analysis