popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 386df600bcda88fe_CR_Debug_Log.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CR_Debug_Log.txt
Size 14.6MB
Processes 2444 (winsdk.exe)
Type 7-zip archive data, version 0.4
MD5 1d40a3f26c0133f0732f8682b749e92e
SHA1 a48bc3f6b3c6519c46c2d65dcd655d08b661f379
SHA256 386df600bcda88fe6671932b7384a57b9a29429f577991ee66ab9eee944ea734
CRC32 7A57893A
ssdeep 393216:QCxqAf+X3tn86ktYpZYhtoub5+eWoFSuWuaLdTK:FG36ltYH+O+UeZSeaL4
Yara None matched
VirusTotal Search for analysis
Name 0430d520f36b7e0e_64.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\64.exe
Size 8.4MB
Processes 2240 (CL_Debug_Log.txt) 2444 (winsdk.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 a652b2989f2fd37f3515809d29d45c1a
SHA1 4c8871f980ae07d037af7abefd836feb47fdc2da
SHA256 0430d520f36b7e0e5795bf028801a0c5d499a553d175b5615eb8d3fc0a3bc68a
CRC32 0D5FD752
ssdeep 196608:4b3TBovzHJvqHI1g75aoo5EIcD4jzYR5FQxJWhvs0rX:A3dKpng7Yoo5OqSKy1
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_http - Communications over HTTP
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • IsPE64 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • AutoIt - www.autoitscript.com/site/autoit/
VirusTotal Search for analysis
Name c882c6eca8d31260_aut652B.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\aut652B.tmp
Size 14.6MB
Processes 2444 (winsdk.exe)
Type data
MD5 67cf7a79753bc34fe37ac96bf368af94
SHA1 f6281fa701ef83baf665524e50232fae6f6c3e5b
SHA256 c882c6eca8d312603fd372110de0881b2dfb4e0d5348f9c5b71293341338da79
CRC32 64ADB1FC
ssdeep 393216:DCxqAf+X3tn86ktYpZYhtoub5+eWoFSuWuaLdTK:UG36ltYH+O+UeZSeaL4
Yara None matched
VirusTotal Search for analysis
Name ea308c76a2f927b1_CL_Debug_Log.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CL_Debug_Log.txt
Size 722.5KB
Processes 2444 (winsdk.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 43141e85e7c36e31b52b22ab94d5e574
SHA1 cfd7079a9b268d84b856dc668edbb9ab9ef35312
SHA256 ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d
CRC32 11ACFF72
ssdeep 12288:AwAxBpwU5gU+2/9dB5XlH1YAEa5OLW0TjLWG3rn0Yf5ogmn9X9Rf6TIALr22DIVM:AhY2gUfVH5XlVYzagW4/3rn0Y5zmzRfq
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • escalate_priv - Escalade priviledges
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • IsPE32 - (no description)
  • IsConsole - (no description)
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name 964e9c6a2e9f28ee_32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\32.exe
Size 7.4MB
Processes 2240 (CL_Debug_Log.txt) 2444 (winsdk.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2193a6fa8dfc18ffb2528b77882ff933
SHA1 d2f01c42b17fb5db2c216c3479f5f63f6e517d07
SHA256 964e9c6a2e9f28ee1935c461c5db513e31a05ce7440c964ddfe041a72b147ba9
CRC32 D63A3A37
ssdeep 196608:9CK/9fe/yMS1s9sMbwvDqtciikach5AWV/xAxrSJAabsX:UCc/S1UsNMpxh5pV5kaw
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Device_Check_Zero - Device Check Zero
  • Process_Snapshot_Kill_Zero - Process Kill Zero
  • CryptGenKey_Zero - CryptGenKey Zero
  • FindFirstVolume_Zero - FindFirstVolume Zero
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_http - Communications over HTTP
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • AutoIt - www.autoitscript.com/site/autoit/
VirusTotal Search for analysis
Name 2514b92213c76d20_winsdk.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\winsdk.exe
Size 15.9MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 35ab7b989418f63d814895500fe6617b
SHA1 0f95c134cdd370385fc04555185c735a8aae9c3f
SHA256 2514b92213c76d20d06d54f413f5becb994a27e07a01372356e770aadd450448
CRC32 96E2B2EA
ssdeep 393216:sPrZfV4KKaIFDyvFziyfiR+Zy6NByu/Sc:MVVKjxyhiYiMj8uz
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Device_Check_Zero - Device Check Zero
  • Process_Snapshot_Kill_Zero - Process Kill Zero
  • CryptGenKey_Zero - CryptGenKey Zero
  • FindFirstVolume_Zero - FindFirstVolume Zero
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_http - Communications over HTTP
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • AutoIt - www.autoitscript.com/site/autoit/
VirusTotal Search for analysis
Name 17b4e7a85169b27a_aut6B18.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\aut6B18.tmp
Size 490.0KB
Processes 2444 (winsdk.exe)
Type data
MD5 aac0958ecd2f69d8bd813d96d233bd3e
SHA1 5bf757fd20c74f7185e201b00bd9145734d3e3ae
SHA256 17b4e7a85169b27a7f92cdfa8d89bca739cebd15b17bc2d709517e3364ea886f
CRC32 2D94C020
ssdeep 12288:LG6Zgtvg5rBo85Q8pW3VQ3k8FujwH4edbV:LPQ0rm823ekwH4eVV
Yara None matched
VirusTotal Search for analysis
Name 0fe356f3d04bb43f_SystemCheck.xml
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\SystemCheck.xml
Size 2.1KB
Processes 2444 (winsdk.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 9160347bec74471e1a79edfd950629ae
SHA1 c149a7e5aab6e349a70b7b458d0eaaa9d301c790
SHA256 0fe356f3d04bb43f772604b049fd2b20f3038ca2ce84bf9778b8ccdd481d77ab
CRC32 18150F2E
ssdeep 48:cbfzDlAFpdE6pGQ4/0QydbQ9I3YODOLNdqmSwuMY:yfzDlAd94/hydbQ9ddqm8f
Yara None matched
VirusTotal Search for analysis