popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d4c3dd27bf9b4c29_f3b6ecef712a24f33798f5d2fb3790c3d9b894c4
Submit file
Filepath C:\Windows\System32\timedate\f3b6ecef712a24f33798f5d2fb3790c3d9b894c4
Size 37.0B
Processes 2508 (DCRAT.exe)
Type ASCII text, with no line terminators
MD5 521f77824fc39884da65592e9a35ff15
SHA1 304b0ab5055f38d968a60dfd770612992c3cc4d4
SHA256 d4c3dd27bf9b4c299ae5682d8ab1bc9e2dca3b6ba53dbb14f5f5c96a0f5b22ef
CRC32 2503FBB5
ssdeep 3:VzVRSJCfKwCIzrP:UMhb
Yara None matched
VirusTotal Search for analysis
Name 71a42c4be4d88e1f_886983d96e3d3e31032c679b2d4ea91b6c05afef
Submit file
Filepath C:\Windows\System32\sppuinotify\886983d96e3d3e31032c679b2d4ea91b6c05afef
Size 852.0B
Processes 2536 (DCRAT.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 f0bd19d27671744a58462e228b4b2350
SHA1 9d4d6b74db5c831238edb1bbe84576940e25c0cf
SHA256 71a42c4be4d88e1f6e96e90aa12adbfb865962a7997e3ef4ca46fc571be47f3b
CRC32 D5E0BBE9
ssdeep 24:qcGO6muS+XaCLMl0Eq/rIfxrXW+r4EMCfjke2tuF:qcGbrS7CNAHr4MjX
Yara None matched
VirusTotal Search for analysis
Name 47e5b97068ec4de1_U3pzyFjnZG
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\U3pzyFjnZG
Size 25.0B
Processes 2536 (DCRAT.exe)
Type ASCII text, with no line terminators
MD5 510eca78eeca18afa578d7257fcfed0d
SHA1 8540668f8a09f369fa4c4b07e529820d24966823
SHA256 47e5b97068ec4de1404800766cd1b5c523742f3bd2961f5bfb4761f0cfe7cc73
CRC32 2BC90BA0
ssdeep 3:tEagx2Un:tEa62U
Yara None matched
VirusTotal Search for analysis
Name bfd91ae8f84301df_y2c07uXShI.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\y2c07uXShI.bat
Size 262.0B
Processes 2508 (DCRAT.exe) 108 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 b158bf9721cfa04fdc97a7f6036bb9c6
SHA1 540eae4506328aba4ab744ddbeed784bd019a757
SHA256 bfd91ae8f84301df17846fc76068eec0aa8c3b296c0b56722c8a0b4de4a0dee4
CRC32 CB5688F1
ssdeep 6:hCijTg3Nou11r2mQpcLJ23fkE1mQpcLJ23fmBvKOZG1mQpcLJ23fJ27hn:HTg92OLMMEJOLMsWOLMo
Yara None matched
VirusTotal Search for analysis
Name 8642be686d38d54c_0a1fd5f707cd16ea89afd3d6db52b2da58214a6c
Submit file
Filepath C:\Windows\System32\hidserv\0a1fd5f707cd16ea89afd3d6db52b2da58214a6c
Size 817.0B
Processes 2508 (DCRAT.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 4204760651bf2f5b180bb602210472b9
SHA1 a1f9f97386b02c407c28b82d07534fa02c19d5e0
SHA256 8642be686d38d54c5a9875c2d868e950926eb0d8b94c3723acd05e3671c53a6b
CRC32 9616CC3E
ssdeep 12:RhLfEEe+/5D0GPUQyK2PFQaSQZ2vXhWLGeF4sZTOkmF5+zvk3zMiXMgsEADEHEiu:7r5tUpdA33OTmcz8xFsEMHZ
Yara None matched
VirusTotal Search for analysis
Name b4a8b32691c18b65_f3b6ecef712a24f33798f5d2fb3790c3d9b894c4
Submit file
Filepath C:\GPKI\f3b6ecef712a24f33798f5d2fb3790c3d9b894c4
Size 384.0B
Processes 2508 (DCRAT.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 bbcf822fd402339fe8376b6f8120d17f
SHA1 fc2cba0dcec9f543a408d1308a5c8ac8000196c2
SHA256 b4a8b32691c18b658e64d31ff07418f618c7e97d80770fb6511c0ceeb5a9c395
CRC32 20582FFE
ssdeep 6:SwSRq6m4fMdH8yEcBSCavAyPLq6xiA5P1Vxq4n//bMWT02kQCaAsbtgHJUjChsF:DSRU40ducyvA4rqq/zf4VetgHsKsF
Yara None matched
VirusTotal Search for analysis
Name 1c26d9e0954fbaef_cc11b995f2a76da408ea6a601e682e64743153ad
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\cc11b995f2a76da408ea6a601e682e64743153ad
Size 516.0B
Processes 2536 (DCRAT.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 4d1eb7dc3fe35feff7c4358b4deebec1
SHA1 72ff7357486cd7f8a56e4ebd9fd6edd82469ab29
SHA256 1c26d9e0954fbaef369dc712f71b3498ce412ff0b6dd18c06994af1894a35beb
CRC32 0531CE03
ssdeep 12:SNsCqyJfgEj4TzyZCWF1KWd8KAdSdiPpJk9xr1/Lt:S2wJ4EjRN1KWd81dSYJk991zt
Yara None matched
VirusTotal Search for analysis
Name 169292f5aed98dba_eoyVb9BqpK.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\eoyVb9BqpK.bat
Size 260.0B
Processes 2536 (DCRAT.exe) 2744 (cmd.exe)
Type DOS batch file, UTF-8 Unicode text, with CRLF line terminators
MD5 19420acaed8335007ddd5f880b92b05e
SHA1 839d86492e658bec2103f0cce70b0eb171297b5a
SHA256 169292f5aed98dba289c49984f04229b4bb557fdddb1594f790846230a82d675
CRC32 4D316737
ssdeep 6:hCijTg3Nou11r2mQpcLJ23fkE1mQpJ0fMRHBvKOZG1mQpcLJ23fLcbH:HTg92OLMMEJTtBWOLMeH
Yara None matched
VirusTotal Search for analysis
Name 9a652034777fcfb9_886983d96e3d3e31032c679b2d4ea91b6c05afef
Submit file
Filepath C:\Windows\System32\sppinst\886983d96e3d3e31032c679b2d4ea91b6c05afef
Size 43.0B
Processes 2508 (DCRAT.exe)
Type ASCII text, with no line terminators
MD5 90d795767dfcadf165a49610bdbd1dbe
SHA1 83d176a36d2404b0251a95f0b2933743eec37238
SHA256 9a652034777fcfb99757817b3b00137bb83257266cb88320f9f3405c8a2d6b40
CRC32 21CB2A7E
ssdeep 3:AqSgZpG+sEm3BOT+VVn:AuzmdBOT+VV
Yara None matched
VirusTotal Search for analysis
Name d6e4d914dcb50a54_8vcpgrTOTK
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8vcpgrTOTK
Size 25.0B
Processes 2508 (DCRAT.exe)
Type ASCII text, with no line terminators
MD5 a7186e8bc6dbb5a53e7de6b7f486c2d0
SHA1 540f38ab607760f98b5ca401f4e2d199bc61d925
SHA256 d6e4d914dcb50a54af78c5fbd750e6b8669e878b628d2f06de5a9f15a418ef28
CRC32 28C54784
ssdeep 3:8QBVqmeGcSKn:8QXzpK
Yara None matched
VirusTotal Search for analysis
Name 9fa090370032a39d_b290bc132574b6469dd13835ab23b37bd232ab60
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\{1C306CB1-771E-4B4B-A902-86E897877F5B}\b290bc132574b6469dd13835ab23b37bd232ab60
Size 371.0B
Processes 2536 (DCRAT.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 7b431f18c1e73c7ac7716b04f5e174e3
SHA1 ee21c97dffde620a055f820b1de9261ab04ac961
SHA256 9fa090370032a39df3ed7ef5518a8d30fee8a2eb2214a7d5f84e8f32ccb2a10b
CRC32 972546C8
ssdeep 6:sGQ+0irJwiX2RU+0OprUBw4sc8saI8kg/5zksEizCQLE8P9RB9zjWj+fOzEuOnkN:sGQNiredRz5prUB59XaxpmsEi5w8P196
Yara None matched
VirusTotal Search for analysis
Name 7c849c5035db8d59_6cb0b6c459d5d3455a3da700e713f2e2529862ff
Submit file
Filepath C:\Windows\System32\TpmInit\6cb0b6c459d5d3455a3da700e713f2e2529862ff
Size 632.0B
Processes 2508 (DCRAT.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 ba2bb4ef3fc10ca396a2b8e41130f06e
SHA1 92780573072e437538d89febe1a27b00f8a311e7
SHA256 7c849c5035db8d59c6798e69f101e3e966174a12a6a09111180730d9942933b7
CRC32 305A8763
ssdeep 12:fQMfqkBJbFiXMSKuQdA9Up7GHmeSW/cDfiTxv/MvLvh6Yq5woa2:ZyLmp7GGel/c2wLZ3qx
Yara None matched
VirusTotal Search for analysis
Name bc484eee5764c394_b75386f1303e64d8139363b71e44ac16341adf4e
Submit file
Filepath C:\MSOCache\All Users\{90150000-002C-0409-0000-0000000FF1CE}-C\b75386f1303e64d8139363b71e44ac16341adf4e
Size 763.0B
Processes 2508 (DCRAT.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 89314eb16f390cdab3c4d4e034b20501
SHA1 2aa77e5b8b0fc26f03790b08a91c4839bf0099d6
SHA256 bc484eee5764c394355f22cdef88dc662c96504cd913e03edf619a4ced51bdf6
CRC32 7B8978F5
ssdeep 12:Hl59VGp7snhH+aTOMuhum436rKidtlGFF8xJSMQl2HeUSoQu2hzRwhx30h7pZ/AR:FH4p7yheaSnhum4K+inlGFE4Z2+xWx3/
Yara None matched
VirusTotal Search for analysis
Name 3f5af8ae4d028c99_cc11b995f2a76da408ea6a601e682e64743153ad
Submit file
Filepath C:\Windows\System32\dskquota\cc11b995f2a76da408ea6a601e682e64743153ad
Size 378.0B
Processes 2536 (DCRAT.exe)
Type HIT archive data
MD5 b6f08af610f454a7b47920a752885908
SHA1 14401d0ef9afc03df429e015eeaa08b4cc569bc1
SHA256 3f5af8ae4d028c993d89328744b5a73ce2c0f8c6e20433a53ababbf8da42f1ec
CRC32 79834D14
ssdeep 6:0aLI9txFAnvX1KoAD+f2Py2cdg0uJDJKpNt2Gx+Z0el8XnOWsaFlmDHKR:A9txFgvXcoADoCy2M60pNt2JcOPaFEDq
Yara None matched
VirusTotal Search for analysis