Dropped Files | ZeroBOX

Name	5a055f478cb431d8_tmpBE43.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpBE43.tmp.bat
Size	150.0B
Processes	804 (None) 888 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`130b4e3998a0da746c4d0c326f2e9ff4`
SHA1	`a820f2248748d78e8e6e2dd39f27e1b149133fd6`
SHA256	`5a055f478cb431d8ddc5d16c4f499b543ef1f02551507e7b383a39bff9b5cc6a`
CRC32	`A0A68F86`
ssdeep	`3:mKDDCMNqTtvL5omWxpcL4EaKC5r3vmqRDmWxpcL4E2J5xAInTRINu5ZPy:hWKqTtT6mQpcLJaZ5r3vmq1mQpcLJ23G`
Yara	None matched
VirusTotal	Search for analysis

Name	e7f9943b5cb9f121_webs.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\webs.exe
Size	482.5KB
Processes	804 (None)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`95e139735fcadfffda99648b935c7d26`
SHA1	`56f2c66bbb3685eb900380fb7f5ecedaca1ead3d`
SHA256	`e7f9943b5cb9f121f20b20b93f1a31a5fe3006754f100b77557e76f827f1b140`
CRC32	`6BC53AF9`
ssdeep	`6144:OGGjuz9Ye0WHbk+S7B78WbpF90VeDuguoLQxdFbkppKIQWRfOmYLv4eQSiwDWDOf:Tnh7krBNkbguoLQ/5xJsuZQZFYuw`
Yara	Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description)
VirusTotal	Search for analysis