popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 95cfd76bfea8839d_msword[1].exe
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\MsWord[1].exe
Size 8.3MB
Processes 3016 (iexplore.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 de6717de7bd1daa595c0b00887c25f05
SHA1 f70cc94796e6f89499a3958d7fd2001e50a984f0
SHA256 95cfd76bfea8839d2c545cc10d1c94131868471d51ccb8a4525058f591f92b44
CRC32 898A2714
ssdeep 196608:a2OqTXrTaX8jgp1Dm9onJ5hrZERYxQ3jo4UR7+8ezH2o1wTFX5:3TXarpNm9c5hlERYxA2RSlz31w
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • network_tcp_socket - Communications over RAW socket
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • IsPE64 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name 04c8fd2973e4f818_{d539a3f8-8b62-11eb-bde1-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D539A3F8-8B62-11EB-BDE1-94DE278C3274}.dat
Size 4.5KB
Processes 1224 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 e04c6654fd5dd340fa21fad02adab840
SHA1 f2641167b3d06ec3834d8396ae63ed2b23abf0af
SHA256 04c8fd2973e4f818a8a4f0eaa4625e8d2f96b04172fc3f72dc8e43e6bb7a4d94
CRC32 452143C2
ssdeep 12:rlxAF7rEgm8GL7KFZ1DrEgm8GD7qsLNl26abax1NlIfRbax1QjMOw:rQG8rG8+LNlIoNlEc
Yara
  • Microsoft_Office_Document_Zero - Microsoft Office Document Signature Zero
VirusTotal Search for analysis
Name 855175392065d2f9_recoverystore.{d539a3f7-8b62-11eb-bde1-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D539A3F7-8B62-11EB-BDE1-94DE278C3274}.dat
Size 5.0KB
Processes 1224 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 11c70474409ca45eb93353b4ba1cf891
SHA1 b157029a266c2c0f96052ca0122c5aa88e62da58
SHA256 855175392065d2f93f99a4e536d6630a00a778619d6c44cfe2d0ce020439e2eb
CRC32 5AD662E8
ssdeep 12:rlfF2irEg5+IaCrI0CI7eF2daTrEgmZ+IaCrI0CIc8GmRVOeMiqI771NlTqbax/5:rqi5/fdaTG5/k85jBM+NlWzNlW
Yara
  • Microsoft_Office_Document_Zero - Microsoft Office Document Signature Zero
VirusTotal Search for analysis