Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	f4d5102e6a715bb0_k Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\k
Size	899.0KB
Type	ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5	`95348e495b854dd00d5f81724f0985e0`
SHA1	`a897826faa9353e2d69446a4e2970930d150ea5c`
SHA256	`f4d5102e6a715bb092a0a713a13c0d781dd414fbea0bf10934b8c1bc69311cf6`
CRC32	`4E4EA079`
ssdeep	`12288:N07r+mxEL5k8+66/EWFAlddOO053xb26pX1:Nw+cEL510/EzldqJsYX1`
Yara	NPKI_Zero - File included NPKI
VirusTotal	Search for analysis

Name	bf56ad2e27f3247f_sapete.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Sapete.tmp
Size	872.8KB
Processes	1684 (yad.exe)
Type	data
MD5	`07365a54e26d939427f3bfb1d18ea1fc`
SHA1	`80235bb22741f2464ee380ca7642c35a0c3e895c`
SHA256	`bf56ad2e27f3247fce9d4e0312e8b7bd93076e431a45c83f1b9b85de4f22e828`
CRC32	`B1314EC1`
ssdeep	`12288:1pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:1T3E53Myyzl0hMf1tr7Caw8M01`
Yara	OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	237d1bca6e056df5_Acre.exe.com Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Acre.exe.com
Size	872.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c56b5f0201a3b3de53e561fe76912bfd`
SHA1	`2a4062e10a5de813f5688221dbeb3f3ff33eb417`
SHA256	`237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d`
CRC32	`76090EE7`
ssdeep	`12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01`
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	bca4ba96debe0110_zzehznpgjpwjv.js Submit file
Filepath	C:\Users\test22\AppData\Roaming\CkHbIUedkm\ZZEhznPgjpwjv.js
Size	273.0B
Processes	1940 (Acre.exe.com)
Type	ASCII text, with no line terminators
MD5	`8279f25beb9ab08834d018cd97f060d5`
SHA1	`da5be2c1855537283a6a768ff972d93e1deb71ba`
SHA256	`bca4ba96debe01100271f2e5585f4524b609222cfa169d7d425538ded6a7896c`
CRC32	`A0A82B9E`
ssdeep	`6:5AThIH8CYM2h2sUS4tRZDbRXp+NI5B1QwNbRXp+NI5B0RWDbRXp+NI5Bt:5GS6R4t7vVUw9VywvVL`
Yara	None matched
VirusTotal	Search for analysis

Name	f9924fd7bc2e9e78_sorrisi.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Sorrisi.tmp
Size	465.0B
Processes	1684 (yad.exe)
Type	ASCII text, with CRLF line terminators
MD5	`03411c71265e2cadd0e36be6aee47ca6`
SHA1	`ec75ae243b9dc3401e5a26a873d2c7a84133c5f0`
SHA256	`f9924fd7bc2e9e78d93785a9eb1a5642ec7073c37b3e7e2f6cbda6561806a3cd`
CRC32	`162836B1`
ssdeep	`12:1YYKzC5fIxKKT7tWWLVKzChqS9BM0Gw7spZei/3gG9lIIS90n:6YiSM7tJRihwMQspZZlf`
Yara	None matched
VirusTotal	Search for analysis

Name	9ec2584f5c7b233e_erntmwarsh.url Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eRntMwARsh.url
Size	172.0B
Processes	1940 (Acre.exe.com)
Type	MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\CkHbIUedkm\ZZEhznPgjpwjv.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`f2ac1b2286a49971f22b4ab1127b8497`
SHA1	`ead408cb60954b9cb96719bec2a0963e31908082`
SHA256	`9ec2584f5c7b233e92f34f8db7a6ea96405ec6251de5cb182fc547e6950b8b59`
CRC32	`B16C0F32`
ssdeep	`3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl7HtEwlvl8/AfmlqVrw:Q+2lJglZyKm/UEZglJPZywVLSqxw`
Yara	None matched
VirusTotal	Search for analysis

Name	783758f5b90c894c_RegAsm.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
Size	62.9KB
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`53690d6dbf8e3f7bd54529131f1be127`
SHA1	`b28ab7d6a4f0fba872310d0dd60bf9bb233b5cff`
SHA256	`783758f5b90c894c7d57d6dd257683194b4f4d3bc470e0fd51b1b8c6171494d8`
CRC32	`C59F6165`
ssdeep	`768:Z+R1Viwqkh+tGi6HYDKnJzQOgFQ04mzGnvclLz3oWK6Iq8rAOzWipD6BXl:ELiwrh+tL64DKnJJAzGvchUCQFa6D6B1`
Yara	IsPE32 - (no description) Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	f0987cfbf8c1848e_Seduce.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Seduce.tmp
Size	96.0KB
Processes	1684 (yad.exe) 1940 (Acre.exe.com)
Type	data
MD5	`9ed18f6b197ec767fa9320a566cdd134`
SHA1	`0bb4c1445d779b3de4808b9ef6d0fe56158412dc`
SHA256	`f0987cfbf8c1848e181354a2b5d7aa4ec1010d2c9513036a0e67643bb992001c`
CRC32	`9CDAF07D`
ssdeep	`1536:KBtOnR7NBLL7n8Vt66PGTNaxT2CU6OGgEu0TEVYprzozO4CeWb0VwWL5e8:hxn8VNGI5D13gdPYRziBC/4Vwu5e8`
Yara	None matched
VirusTotal	Search for analysis