Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.20 09:11
mainbas.bat
11.20 09:11
dll007.dll
11.20 09:11
exe004.exe
11.20 09:11
exe010.exe
11.20 09:11
blecher.exe
11.20 09:11
GetAdapterInfo.exe
11.20 09:11
dll004.dll
11.20 09:11
dll008.dll
11.20 09:11
bestthingsalwaysgetbes...
11.20 09:11
DKM-9067291.pdf.lnk

Latest News
11.20 01:11
Anyone Can Buy Data Tr...
11.20 12:11
ISC Stormcast For Wedn...
11.20 12:11
코막힘 해결사 올바스 브랜드, 바르는 ‘...
11.20 12:11
Batteries Not Included...
11.20 12:11
AI 딥테크 스타트업 폴리머라이즈, ‘폴...
11.20 11:11
62만 유튜버 연츄, 인천 노인주간보호센...
11.20 11:11
Unveiling LIMINAL PAND...
11.20 11:11
이천청솔기숙학원, 2025 입시 준비 조...
11.20 11:11
모즈 탄소매트, 전자파 없는 원적외선 매...
11.20 11:11
유어네스트 ‘이터널 라이트’ 아틀리에 투...

Summary | ZeroBOX

DKM-9067291.pdf.lnk

GIF Format Lnk Format

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Nov. 20, 2024, 9:11 a.m.	Nov. 20, 2024, 9:14 a.m.

Size	1.9KB
Type	MS Windows shortcut, Points to a file or directory, Icon number=11, Archive, ctime=Sun Nov 17 08:56:53 2024, mtime=Sun Nov 17 08:56:44 2024, atime=Sun Nov 17 08:56:44 2024, length=153, window=hidenormalshowminimized
MD5	`ec59f33659d0f4d2b1cddc76d82c9556`
SHA256	`45d00dc1fa18402b7062f11116e11d0267a8abcf341893d66854bac17b2624ee`
CRC32	`10F7FB80`
ssdeep	`24:8koHdFgrWncY6/wHcmBnR1E583nK5Cj+7S/TIU2JQvMcCvDxIU2SKs:8lUWcf0cc31K578EU2JYC6U2SK`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "LJgTOk" C:\Users\test22\AppData\Local\Temp\DKM-9067291.pdf.lnk
3052

Name	Response	Post-Analysis Lookup
ni-olympic-forests-invoice.trycloudflare.com

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:63709 -> 8.8.8.8:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic
UDP 192.168.56.102:63709 -> 8.8.8.8:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic
UDP 192.168.56.102:63709 -> 8.8.8.8:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic
UDP 192.168.56.102:63709 -> 164.124.101.2:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic
UDP 192.168.56.102:63709 -> 8.8.8.8:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic
UDP 192.168.56.102:63709 -> 164.124.101.2:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic
UDP 192.168.56.102:63709 -> 164.124.101.2:53	2034552	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Nov. 20, 2024, 9:11 a.m.	computer_name: TEST22-PC	1	1	0

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Nov. 20, 2024, 9:12 a.m.	buffer: Access is denied. console_handle: 0x0000000b	1	1	0

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\DKM-9067291.pdf.lnk

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Nov. 20, 2024, 9:11 a.m.	flags: 15 family: 0		111	0

File has been identified by 10 AntiVirus engines on VirusTotal as malicious (10 events)

ESET-NOD32	LNK/TrojanDownloader.Agent.CDU
Sophos	Troj/DownLnk-CN
Google	Detected
Kingsoft	Win32.Troj.Undef.a
GData	Win32.Trojan.Agent.8I32DT
Ikarus	Trojan-Downloader.LNK.Agent
Tencent	Win32.Trojan-Downloader.Der.Zmhl
huorong	TrojanDownloader/LNK.Agent.en
Fortinet	LNK/Agent.CDU!tr
alibabacloud	Trojan[downloader]:Win/Agent.CFW

Harvests credentials from local email clients (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Capabilities\Hidden