Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	88f9dc0b9a633e43_tmpF3A9.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF3A9.tmp
Size	512.0KB
Type	SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5	`dd47ebe6866ad2ab59d0caa1de28d09e`
SHA1	`afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663`
SHA256	`88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3`
CRC32	`8DEE9EEA`
ssdeep	`24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm`
Yara	None matched
VirusTotal	Search for analysis

Name	ff9ac62756b1e4b3_tmpF96A.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF96A.tmp
Size	669.1KB
Type	data
MD5	`cc6eedea9866e7d7392c358c7eac4c80`
SHA1	`0c75dc1b226109f4cdb9ad2f0918d220563bbb5d`
SHA256	`ff9ac62756b1e4b3fc4c1cff1847b6e4ed4927628c690f605f6d8b11e55691b7`
CRC32	`00E12955`
ssdeep	`12288:F2ASrdDRylvBhHHQ3mZXLzcQxsIecKYSIy0gk/WWf7Ly/NJbRoAPoPUVBOF9I7u5:kYl5e3mZHcQFSYSr9kuNJ7zsFy7y1GTK`
Yara	None matched
VirusTotal	Search for analysis

Name	12b0e9178895ce07_Carne.cab Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Carne.cab
Size	100.0KB
Processes	2456 (tonys1008.exe) 508 (Sapete.exe.com)
Type	data
MD5	`0c427e6f16dc32614a39500f504cb381`
SHA1	`d55fe1964be896f2d8ca7a99d05474e5c4b53646`
SHA256	`12b0e9178895ce07ca693db69f66e02c2b82fdc226c1b26875858914ab8e63c5`
CRC32	`53CA6B08`
ssdeep	`3072:99XNq38U5iMSGgrfzYxrQaqgdjAvpx3yCA:TNqTiMSGgrzY1HTAv7iCA`
Yara	None matched
VirusTotal	Search for analysis

Name	237d1bca6e056df5_phwbeogcsr.exe.com Submit file
Filepath	C:\Users\test22\AppData\Roaming\NsBzZCJRyI\pHWBEogcsR.exe.com
Size	872.7KB
Processes	508 (Sapete.exe.com)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c56b5f0201a3b3de53e561fe76912bfd`
SHA1	`2a4062e10a5de813f5688221dbeb3f3ff33eb417`
SHA256	`237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d`
CRC32	`76090EE7`
ssdeep	`12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e5c7931e871678ae_tmpF32A.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF32A.tmp
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`8e36f9cfbb4e98a1ea4cb31b1dfd18ba`
SHA1	`271e10b8bb5623e6552f2be568b01ae93b3e5a3a`
SHA256	`e5c7931e871678ae9bf44ed496a03ba8524a3d7600a44b29a60847ddda90eb86`
CRC32	`C73EAD8F`
ssdeep	`24:TLea0RlPbXaFpEO5bNmISHdL6UwcOxvyUU3Z:TYLOpEO5J/KdGU1EyU2Z`
Yara	None matched
VirusTotal	Search for analysis

Name	dd08a926408b1e7d_Ogni.cab Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Ogni.cab
Size	528.0B
Processes	2456 (tonys1008.exe)
Type	ASCII text, with CRLF line terminators
MD5	`f942cd7ee1aa109106ad0de627cd56a9`
SHA1	`46ab21a3270770b9510f594fc33ff7628a17540c`
SHA256	`dd08a926408b1e7d0687f45fe57dcdb0d5e6d04e25a8c4de383ee2b2b69da009`
CRC32	`EE66E192`
ssdeep	`12:2gbE8EsJ5Hy68gfUoEsJ4a/y3CvwGhnIUT2TymCJCzPVnsJJn:zJ9UKJ4aK3mnI09myEKJJ`
Yara	None matched
VirusTotal	Search for analysis

Name	8e7ccbba58b08ef4_tmpF97B.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF97B.tmp
Size	419.5KB
Type	data
MD5	`8008d98b1a60b8791a9f74cbbbf8e016`
SHA1	`e19a96a2db1f20482eaa9f366b0177a1f92d8e79`
SHA256	`8e7ccbba58b08ef44fd948411989c8a4f36a17f7abaab493918a8c24a27ef732`
CRC32	`AFA884B4`
ssdeep	`12288:nqIG3a6Rt8MLlUqLzSsSPJFYmeMjOLYS6UIpKl/cc7M:n5GFgML6qL2TfiMy8SK0d5M`
Yara	None matched
VirusTotal	Search for analysis

Name	cbbaf382f5002681_tmpF968.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF968.tmp
Size	906.3KB
Type	data
MD5	`ecba12e3cb4faf4227744ece49fa2370`
SHA1	`75935c90a56720e22e6519ec5de1546df607c1a8`
SHA256	`cbbaf382f5002681e12f33f3b455f6fd3f0fcb5c0c033ffdb026495a8e20f52d`
CRC32	`0F6C24B7`
ssdeep	`24576:o44BMfLiIOuka8QsDS6IrgJvTWM7D68S9:oRML1OukaHXovTrD68c`
Yara	None matched
VirusTotal	Search for analysis

Name	650d93ef205a2a36_tmpF97D.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF97D.tmp
Size	72.8KB
Type	data
MD5	`9c44532213d20a919f658fb8ba2a8994`
SHA1	`ec0329492918a254b7db35c404f14ec4cb7c17e7`
SHA256	`650d93ef205a2a369acee0065705427363f24dde7374de219029c49b259b0184`
CRC32	`2EBA6D9C`
ssdeep	`1536:GBQLxzjUJPL63cgC5El3/Snk2ycDcILtjCk6561lb2P1zm:pLVM63sEp6n0cDc6jlEP1C`
Yara	None matched
VirusTotal	Search for analysis

Name	079473a1752fb5e1_tmpF34F.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF34F.tmp
Size	80.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`5f98cfac1d9c02587e0db4a6e5a20739`
SHA1	`be4f97d8544c22d01a1b941fe835d91ffc8a5efd`
SHA256	`079473a1752fb5e18f755627476b14192bb76894459f1430888e6ae3d07bd763`
CRC32	`B01FA20E`
ssdeep	`96:JBc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9ul:JBPOUNlCTJMb3rEDFA867/`
Yara	None matched
VirusTotal	Search for analysis

Name	7c1594b00cc334b0_L Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\L
Size	932.8KB
Type	ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5	`42b8dfcab48c591aa8038a87be160269`
SHA1	`e458c1f76385ac9429bc108b20212c386f36a6d9`
SHA256	`7c1594b00cc334b037f1659bbe8862da2c14d8bd21ed88ec47754152d034eb0c`
CRC32	`F4039772`
ssdeep	`24576:K12GuHQvOCiTzwfFqvuntQfEh+Vw5gOazI3pEL5Kw7t:t7`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques NPKI_Zero - File included NPKI
VirusTotal	Search for analysis

Name	9e6e4772050998a5_tmpF957.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF957.tmp
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	030478b5b044e701_phwbeogcsr.url Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pHWBEogcsR.url
Size	170.0B
Processes	508 (Sapete.exe.com)
Type	MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\NsBzZCJRyI\djAYVhPBpBlh.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`241a4f729dbd61cbc10b8d613cf865ab`
SHA1	`036c72fc2a0d8cf246eed08418d2a1fcc3fa44ba`
SHA256	`030478b5b044e701e1c865eecbe6269cbedefa3d55c04bdc58e8bfc63ed33caa`
CRC32	`045EC37C`
ssdeep	`3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl7Sftl+lDv19pNDPls:Q+2lJglZyKm/UEZglJPZI/L`
Yara	None matched
VirusTotal	Search for analysis

Name	d1b196714edee779_Mette.cab Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Mette.cab
Size	872.7KB
Processes	2456 (tonys1008.exe)
Type	data
MD5	`023ac056066caccddddf89f9f2d82f75`
SHA1	`bb84162b4c7faca2191e7337564ab6bb77c15c86`
SHA256	`d1b196714edee779c2b81c5c5ba32ca0ddbd4818d17df7ad00967eadcc8b8bbe`
CRC32	`EE308939`
ssdeep	`12288:LpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:LT3E53Myyzl0hMf1tr7Caw8M01`
Yara	OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	824fae3331b95e2f_tmpF2F5.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF2F5.tmp
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	783758f5b90c894c_RegAsm.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
Size	62.9KB
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`53690d6dbf8e3f7bd54529131f1be127`
SHA1	`b28ab7d6a4f0fba872310d0dd60bf9bb233b5cff`
SHA256	`783758f5b90c894c7d57d6dd257683194b4f4d3bc470e0fd51b1b8c6171494d8`
CRC32	`C59F6165`
ssdeep	`768:Z+R1Viwqkh+tGi6HYDKnJzQOgFQ04mzGnvclLz3oWK6Iq8rAOzWipD6BXl:ELiwrh+tL64DKnJJAzGvchUCQFa6D6B1`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	e94d5bdf30acaf30_djayvhpbpblh.js Submit file
Filepath	C:\Users\test22\AppData\Roaming\NsBzZCJRyI\djAYVhPBpBlh.js
Size	273.0B
Processes	508 (Sapete.exe.com)
Type	ASCII text, with no line terminators
MD5	`de47a94aed023329c26007b18dbce369`
SHA1	`e875c2ec0a2780e58ed3e272e8ec16aeaa6badc1`
SHA256	`e94d5bdf30acaf3070c2805864d9a6cbdff532747175263adf222077bb4d0568`
CRC32	`2DA4313A`
ssdeep	`6:5AThIH8CYM2h2sUS4tRZDbRXp+NI5D0s3ZNbRXp+NI5SmYWDbRXp+NI53LK:5GS6R4t7vVDdZ9VSsvV3LK`
Yara	None matched
VirusTotal	Search for analysis