popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name ebe7523ce20774d1_~wrs{67ecba5d-f207-4eb3-9b2b-41f75598f748}.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{67ECBA5D-F207-4EB3-9B2B-41F75598F748}.tmp
Size 4.0KB
Processes 1620 (WINWORD.EXE)
Type data
MD5 0f393717b9a276bd95e4077e416f9b38
SHA1 b4d17396dcebcb22dac29f0dcbc8353328530ea5
SHA256 ebe7523ce20774d14df9452694db05cef783cff0020f99af65c68a631bcad135
CRC32 BAE3E888
ssdeep 24:yU+aTAq9LDKLW59PWtR9PzLWPjaqSp9Sqp9qSpz9LDi3TPbig8uEzqp8yK9WSWqw:p+obKjOPD37qWXTrDfyjzvbKjOPXAnxH
Yara None matched
VirusTotal Search for analysis
Name 24222300c78180b5_Trast.bat
Submit file
Filepath C:\Users\Public\Trast.bat
Size 34.0B
Processes 2428 (credit.exe)
Type ASCII text, with no line terminators
MD5 4068c9f69fcd8a171c67f81d4a952a54
SHA1 4d2536a8c28cdcc17465e20d6693fb9e8e713b36
SHA256 24222300c78180b50ed1f8361ba63cb27316ec994c1c9079708a51b4a1a9d810
CRC32 7F4F9BF9
ssdeep 3:LjTnaHF5wlM:rnaHSM
Yara None matched
VirusTotal Search for analysis
Name a186dfd732aaaa04_wlulpob.url
Submit file
Filepath C:\Users\Public\Libraries\wlulpoB.url
Size 96.0B
Processes 2428 (credit.exe)
Type MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Boplulw\\Boplulw.exe">), ASCII text, with CRLF line terminators
MD5 3934ce976f7140245ec2d091318d332e
SHA1 d66a1913a01da541570b057f3d17d768b86a9626
SHA256 a186dfd732aaaa04fbb671958ab5bda4268463b13399851b66f49de3b2f7c66f
CRC32 F0146596
ssdeep 3:HRAbABGQYmTWAX+rSF55i0XMeVeJKtJPbsGKd7ovn:HRYFVmTWDyzicPbsb7yn
Yara None matched
VirusTotal Search for analysis
Name ea5c46c989d46367_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2200 (powershell.exe)
Type data
MD5 faed47fd8f345d57eccff8b99d3f21fa
SHA1 2bb129fe2938e8cfb49b29e00b4e426cc4682ced
SHA256 ea5c46c989d463676db524b6f528ec8db44629be6bb801b8c54e487754f11102
CRC32 5EB47B78
ssdeep 96:YtuCuGCPDXBqvsqvJCwo9tuCuGCPDXBqvsEHyqvJCworo7HwxWlUVul:YtPXo9tPbHnorTxo
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 37c59c8398279916_KDECO.bat
Submit file
Filepath C:\Users\Public\KDECO.bat
Size 155.0B
Processes 2428 (credit.exe)
Type ASCII text, with no line terminators
MD5 213c60adf1c9ef88dc3c9b2d579959d2
SHA1 e4d2ad7b22b1a8b5b1f7a702b303c7364b0ee021
SHA256 37c59c8398279916cfce45f8c5e3431058248f5e3bef4d9f5c0f44a7d564f82e
CRC32 42292F53
ssdeep 3:LjT5LJJFIf9oM3KN6QNb3DM9bWQqA5SkrF2VCceGAFddGeWLCXlRA3+OR:rz81R3KnMMQ75ieGgdEYlRA/R
Yara None matched
VirusTotal Search for analysis
Name 4826c0d860af884d_~wrs{9cbe028d-7cc4-40a3-87ac-68a381890b4b}.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9CBE028D-7CC4-40A3-87AC-68A381890B4B}.tmp
Size 1.0KB
Processes 1620 (WINWORD.EXE)
Type data
MD5 5d4d94ee7e06bbb0af9584119797b23a
SHA1 dbb111419c704f116efa8e72471dd83e86e49677
SHA256 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
CRC32 23C03491
ssdeep 3:ol3lYdn:4Wn
Yara None matched
VirusTotal Search for analysis
Name e1686c75b6d0982c_credit.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\credit.exe
Size 1.0MB
Processes 2200 (powershell.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 821e75318f291ec08bafe26ceb1eeeff
SHA1 2bd4d57b0092e8641c42b8a562942a57bc55cc9f
SHA256 e1686c75b6d0982c533063557289dd24d66ba74a9dd37cd5d328c3451035a01f
CRC32 686630BB
ssdeep 12288:Emt6Xn/fYF7E9rTdcDNVn14ZNBehaSXYG0aAJ92PHiLeN0aSy3V6+1G6W:xt0XnVcDNcm7JBa2HKaLFt
Yara
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 8844025e1ebe81e6_~$m_payment_remittance_505693.docm
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\~$M_Payment_Remittance_505693.docm
Size 162.0B
Processes 1620 (WINWORD.EXE)
Type data
MD5 1b11cfeaa3286cd0ed62b89015395326
SHA1 045f2373da87af988a76e3445b5151536bd6c15f
SHA256 8844025e1ebe81e6b7a43138cf0937022e34f7029b501909c6a7ebd6619a9916
CRC32 EBA82EAB
ssdeep 3:yW2lWRdvL7YMlbK7g7lxIt50iSjlVt3mXtK:y1lWnlxK7ghqqF3mX4
Yara None matched
VirusTotal Search for analysis
Name 64945e24d8dde382_~$normal.dotm
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
Size 162.0B
Processes 1620 (WINWORD.EXE)
Type data
MD5 797c7420742d78d0fd110487ec24e23f
SHA1 147b40c75c6511449cd7ac2d520f5b68c7b4c7c3
SHA256 64945e24d8dde38214db0bd81dde27d1962c3c2dd5d32c5d158ddcde9ac791c1
CRC32 516D8F88
ssdeep 3:yW2lWRdvL7YMlbK7g7lxIt50iSjlVt9n99K:y1lWnlxK7ghqqFdS
Yara None matched
VirusTotal Search for analysis
Name 14d198a6258f69a4_nest
Submit file
Filepath C:\Users\Public\nest
Size 9.0B
Processes 2428 (credit.exe)
Type ASCII text, with CRLF line terminators
MD5 39f2a403d2791c3a3b71e6f91adddde7
SHA1 b5b4c3996bd7fc4fabe6848debdb00a307149c25
SHA256 14d198a6258f69a4d8943ff4cfd386fb4b556e3aa29f76c871f5aa93123899c9
CRC32 C8FF5CB0
ssdeep 3:Osn:Osn
Yara None matched
VirusTotal Search for analysis
Name f35f2658455a2e40_UKO.bat
Submit file
Filepath C:\Users\Public\UKO.bat
Size 250.0B
Processes 2428 (credit.exe)
Type ASCII text, with CRLF line terminators
MD5 eaf8d967454c3bbddbf2e05a421411f8
SHA1 6170880409b24de75c2dc3d56a506fbff7f6622c
SHA256 f35f2658455a2e40f151549a7d6465a836c33fa9109e67623916f889849eac56
CRC32 8C4E367F
ssdeep 6:rgnMXd1CQnMXd1COm8hnaHNHIXUnMXd1CoD9c1uOw1H1gOvOBAn:rgamIHIXUaXe1uOeVqy
Yara None matched
VirusTotal Search for analysis
Name 45aa3957c2986526_nest.bat
Submit file
Filepath C:\Users\Public\nest.bat
Size 53.0B
Processes 2428 (credit.exe)
Type ASCII text, with CRLF line terminators
MD5 8ada51400b7915de2124baaf75e3414c
SHA1 1a7b9db12184ab7fd7fce1c383f9670a00adb081
SHA256 45aa3957c29865260a78f03eef18ae9aebdbf7bea751ecc88be4a799f2bb46c7
CRC32 989CB101
ssdeep 3:LjT9fnMXdemzCK0vn:rZnMXd1CV
Yara None matched
VirusTotal Search for analysis