Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 07:11
(g+) Datenschutz: Spor...
11.16 06:11
티오더, 메뉴 사진 무료 촬영 서비스 진행
11.16 06:11
WiFi Status Indicator ...
11.16 06:11
PAN-OS Firewall Vulner...
11.16 06:11
Dahua und Delo vereine...
11.16 05:11
NSO 그룹, 소송 중에도 ‘페가수스’로...
11.16 04:11
Warning: DEEPDATA Malw...
11.16 03:11
It’s a Soldering Iron!...
11.16 12:11
Critical Unauthenticat...
11.16 12:11
BASIC Co-Inventor Thom...

Dropped Files | ZeroBOX

Name	d1e8dc0fa4f927cc_590aee7bdd69b59b.customDestinations-ms~RFf7d05e.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RFf7d05e.TMP
Size	7.8KB
Processes	2512 (powershell.exe) 1788 (powershell.exe)
Type	data
MD5	`1e953e29eff5d92f13e16116026ca625`
SHA1	`3629deaa105975efa210c783a5b4e4c0c3fd7e5b`
SHA256	`d1e8dc0fa4f927cc69bf887b2046155ef028ee479c4bd7bd97e77b78ebfc8309`
CRC32	`27C1903C`
ssdeep	`96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworLtDHXyWlUVul:YtzXo9tzbHnorRTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	6b86b273ff34fce1_7B17.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7B05.tmp\7B15.tmp\7B17.tmp
Size	1.0B
Type	very short file (no magic)
MD5	`c4ca4238a0b923820dcc509a6f75849b`
SHA1	`356a192b7913b04c54574d18c28d46e6395428ab`
SHA256	`6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b`
CRC32	`83DCEFB7`
ssdeep	`3:U:U`
Yara	None matched
VirusTotal	Search for analysis

Name	ef2699ba677fcdb8_extd.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7B05.tmp\7B15.tmp\extd.exe
Size	326.0KB
Processes	2096 (1.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`c14ce13ab09b4829f67a879d735a10a1`
SHA1	`537e1ce843f07ce629699ef5742c42ee2f06e9b6`
SHA256	`ef2699ba677fcdb8a3b70a711a59a5892d8439e108e3ac4d27a7f946c4d01a4a`
CRC32	`494E78AB`
ssdeep	`6144:agVauqKTv7HzpsomYPYPMK7hXHJTI8EhZBSGgjgh1nf4hNRxPc3GdHh+FCda68oT:aEahKT/psoqbh5TNExngjgUhNfkGcCD8`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	7e2b329b1991b88b_mmserv32.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7877\mmserv32.exe
Size	28.0KB
Processes	1168 (extd.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`e0ef479792b1fbbea0b7504a910e186d`
SHA1	`24a27dddf7c328c0f6747da0730295ca30032dcc`
SHA256	`7e2b329b1991b88b8c665bdcb134022428c67e91dcac62b878af93d7257053a8`
CRC32	`5E17C500`
ssdeep	`768:zBFvj9unEcvbG2q+EKHA8HqUhnstdF9mMFNQ:9HEBvbG2+QBhsDF9mMFNQ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	9b2ea8f7a69447b4_7b16.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7B05.tmp\7B15.tmp\7B16.bat
Size	944.0B
Processes	2096 (1.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d129c1fa066f0d36b3c5a0af3b5c5896`
SHA1	`2a2565ef121c1ade98c86c7e9a2b96fff369e83f`
SHA256	`9b2ea8f7a69447b4f0d1611ecdcd959712dc169f6314c65a8a76ed70e3d25ca6`
CRC32	`960C34E2`
ssdeep	`24:LDjZJw+jnLLV4DADGUcF31yVgYcF3mHcTz77ICGzAky:fNJZnLVSzUcFQvcFqcTKG`
Yara	None matched
VirusTotal	Search for analysis

Name	9d3d13c55b2614c0_590aee7bdd69b59b.customDestinations-ms~RFf74bdc.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RFf74bdc.TMP
Size	7.8KB
Processes	2712 (powershell.exe) 2440 (powershell.exe)
Type	data
MD5	`3eb6fb80f9dbbc1201de9e762252141b`
SHA1	`c6d1e6ea5f2fef6f4458695b8ed7586aed429f1c`
SHA256	`9d3d13c55b2614c0615acea119139123b2a29f2a0daded7edd5146e4614a78e6`
CRC32	`23B7285A`
ssdeep	`96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCwor/tDHXyWlUVul:YtzXo9tzbHnorlTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_7B05.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\7B05.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	be7d34ad69a7a986_7B17.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7B05.tmp\7B15.tmp\7B17.tmp
Size	8.0B
Type	ASCII text, with no line terminators
MD5	`5d02ae0e6550022dd6bce8c118a64adb`
SHA1	`9fd2439826765ab04c4a2c3f61325218d6c1c8df`
SHA256	`be7d34ad69a7a986eccccb47268c3f91680927a386bbe6c04f49ecbdb90f0b08`
CRC32	`60D79B6F`
ssdeep	`3:neQTX:Pb`
Yara	None matched
VirusTotal	Search for analysis

Name	9a711072ff47cf3e_svchost32.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size	21.5KB
Processes	456 (mmserv32.exe) 2392 (cmd.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`a0cc3b1c37d230e19830c4b8a6903044`
SHA1	`8bc4137f495aab22bbbfd941311d4ade65a71dac`
SHA256	`9a711072ff47cf3e525436886d076e79c9baa31ba93871e7aa499005c6562100`
CRC32	`4A6A70FF`
ssdeep	`384:IH3w6IkBEQ5ap1nyERRVlk5KZwi9K6w2XUwFzwUj0jjrN:gHtapdyuVl39ftFMXrN`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware Malicious_Packer_Zero - Malicious Packer Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis