popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 804e1ed2f28690d9_osservava.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\yxCcpbjCXZXLo\Osservava.txt
Size 921.8KB
Processes 6420 (appsetup.exe)
Type data
MD5 c9392a06382c0d1580c0704bbaedfefa
SHA1 a8522804b75e2603f95f5f69772def35b98bb9c8
SHA256 804e1ed2f28690d9948c022aead1dba8a24e602fe1e425925b04d81d7ab4231b
CRC32 72879B54
ssdeep 24576:bJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:bC7hGOSPT/PxebaiO
Yara
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_http - Communications over HTTP
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • AutoIt - www.autoitscript.com/site/autoit/
VirusTotal Search for analysis
Name a75eadfb68e3b546_fede.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\yxCcpbjCXZXLo\Fede.txt
Size 580.6KB
Processes 6420 (appsetup.exe)
Type ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5 ecef1abd13420e6746dee90300144bf7
SHA1 e3812e640069a394ffbaf339bc51f7ad62a2dd78
SHA256 a75eadfb68e3b546ed72adc1b59789810255a1052564b8447a9b40e9ff06b376
CRC32 FDDBD47A
ssdeep 6144:vuncV99jHR+UwgAwHwUpLSVTb805FR4SwwJGhEe9dvKVIoGVR9KEb:WY9jHR+Uw7+qTb805FbwwDe9uG3
Yara None matched
VirusTotal Search for analysis
Name 93872aa77dc507f5_esemplare.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\yxCcpbjCXZXLo\Esemplare.txt
Size 887.5KB
Processes 6420 (appsetup.exe)
Type data
MD5 5584854179ac8552e968c1948cb5be89
SHA1 17a1e7bea9e8c2d5d56792c2957349a1b2f59fcf
SHA256 93872aa77dc507f5ab316ae61a3b4e7f8082b4b6db3a2bbc5845614cb79b9d04
CRC32 943CA9A7
ssdeep 24576:bfFXNn6bxof8ZZ9Y5sXQYCi92zkFsyvIl:bNXZ6/jY5sTC+kkvIl
Yara None matched
VirusTotal Search for analysis
Name b9bc138bd2be85c7_nei.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\yxCcpbjCXZXLo\Nei.txt
Size 118.4KB
Processes 6420 (appsetup.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 1d6ffc491075b566d90911abc6532952
SHA1 e54a791084160e8924dbde5acc8082a18c96229c
SHA256 b9bc138bd2be85c7e187b72a611ad62eae2992376cc7e3c15a18f36e4d5b8443
CRC32 FD7076E9
ssdeep 3072:CzxIjvf+JCBCpUglwdWtLUDhwfX9sEKo3MT37B1Xr5ow/KzOHTA:CzxIjvmgC9HeDqC6MT37B1Xr5ow/KzOM
Yara None matched
VirusTotal Search for analysis