popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name b4f5de4777388fce_ .zip
Submit file
Size 633.8KB
Type Zip archive data, at least v2.0 to extract
MD5 6622a631ac8aa51628c53f57e11aea89
SHA1 7d7ce414b0365fdebbcc7b10a5524eca12f8c908
SHA256 b4f5de4777388fcebd2fb934b99df8f9f9b23b9f180f3ef8868995f83d823bda
CRC32 837763D0
ssdeep 12288:B58ULiLZTX8N2iDsca/2iUFcYvWr9K3Bg9db2ZBKfRH98U/CZ30l+i:vPtNTsjbU7vWrKBtZBORd8zC7
Yara None matched
VirusTotal Search for analysis
Name 5024d7e43e99b6df_arrow1.cur
Submit file
Filepath C:\Users\test22\AppData\Roaming\arrow1.cur
Size 4.2KB
Processes 2664 (1y7.exe)
Type MS Windows cursor resource - 1 icon, 32x32, hotspot @0x0
MD5 4e3d5cc1a3234dbf9fcc8ef18f159455
SHA1 438b552efe7545da5c19ee324e8e062ae4df6617
SHA256 5024d7e43e99b6df822d0530ab988d0bce02fbbc33ddbdd76aea6b997a9a5c84
CRC32 459CF34C
ssdeep 12:C+iAMse7j1auE66Bn5B99MMM84byU3XbCAb6dPbBBNy169MU3:D3MdauE6qn5BPMMMR3mRzNy169MU3
Yara None matched
VirusTotal Search for analysis
Name 79d795916ec94364_local state
Submit file
Filepath C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
Size 173.9KB
Processes 2664 (1y7.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 57944a1886cbe19a8ddca00c64067d8d
SHA1 217e68facf5c9c1d12ed3c3d712ad78bb034d532
SHA256 79d795916ec94364c15223e35707bea447d39523651dbc949c5edb62f808ca3c
CRC32 2DE5ECCE
ssdeep 3072:kG4h+sTIVZfS/7BmpH+753klu9kOblyiq6heT67fAA7pdcB:HOliZfrp+SYemrAJ
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name e63f6337f1c55f20_setup
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8z7n4w8w3h\setup
Size 114.2KB
Processes 1468 (Nfe03092021.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 c859304f6996c4db5abf5dbd3305046c
SHA1 d1f62e3736365d7f7a9a9c39932d39e8356cbd9c
SHA256 e63f6337f1c55f2090dd9cda8b6a0fe80f07c2b1e62dcb8d0f23fc9f6f469935
CRC32 9A214117
ssdeep 3072:0yrt3s77Iu8OG5MfvmYC5JQn7aIoAPRlwV25zNknC+s5:5hL5amnJQdvzN3+6
Yara
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name bf79bffdba70f456_semtitulo.cur
Submit file
Filepath C:\Users\test22\AppData\Roaming\semtitulo.cur
Size 326.0B
Processes 2664 (1y7.exe)
Type MS Windows cursor resource - 1 icon, 32x32, hotspot @0x0
MD5 dbd44c4ac444d2e0448ec0ad24ec0698
SHA1 371d786818f0a4242d2fced0c83412caa6c17a28
SHA256 bf79bffdba70f456cb406fd1ece8652750363b94188510b5d73f36c8ea6e7ae9
CRC32 7689CDB6
ssdeep 3:GlFFXlGFllfl/t+lklel/e/hRD:Gl/Nls62bD
Yara None matched
VirusTotal Search for analysis
Name b1e5c5d23e7c43b2_chrme.zip
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8z7n4w8w3h\chrme.zip
Size 11.9MB
Processes 1468 (Nfe03092021.exe)
Type Zip archive data, at least v2.0 to extract
MD5 2eab7cc0428e681bbe3b0b240734abdb
SHA1 bde9309c95b595a0c72691d71b297bb07a5b95ef
SHA256 b1e5c5d23e7c43b2c4d6c0f16cb1ab84136d995ed2298b79c025ecbd999d7718
CRC32 FE8644A8
ssdeep 196608:91oP3JcciN5DT9eyrNThDEIznQacJW5jf1eRRIlOGZuZ9lxleoDqB83FknmMS:WHAGyrZzzQ7or1KOlfkl+v+1L
Yara None matched
VirusTotal Search for analysis
Name e7d973bffd7c966b_link1.cur
Submit file
Filepath C:\Users\test22\AppData\Roaming\link1.cur
Size 4.2KB
Processes 2664 (1y7.exe)
Type MS Windows cursor resource - 1 icon, 32x32, hotspot @9x2
MD5 2d274883962409c27cca3f1a741e1114
SHA1 3fe9011420fa9ffb84d92bc38de077d4aee35b29
SHA256 e7d973bffd7c966b677f05b51f322679abdb5a9373cc4a2a2821c839bc56bbbe
CRC32 2A58447E
ssdeep 24:NY+jH14SSSaSv7j1L6itoyAIM+U9t5EBtO4NRTHOTJ/nI/X8ZSU06Top:NHjH14SSSBJ6itoxCfuT5I/XAVxop
Yara None matched
VirusTotal Search for analysis
Name 9442ee6220a4d140_chrme.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8z7n4w8w3h\chrme.exe
Size 11.4MB
Processes 1468 (Nfe03092021.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 55ae03dbb0c00cefe5b36b1103ec7d53
SHA1 61ceff466e4780d285d3e8a9ffda110548dcfdb4
SHA256 9442ee6220a4d140bbab4904c0b8e88c97a00e0c67e13f2d7a878626710a2fb1
CRC32 AA1AF135
ssdeep 196608:Vf75n2rTLIzUCN6ZldGAtadbWshhEU16lQRVvlUGdtZUykz/K:dBOsULdGAwWs8Ucl8JdtS/+
Yara
  • ASPack_Zero - ASPack packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 409186d21c7ed0ea_Local State
Submit file
Filepath C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
Size 173.9KB
Type ASCII text, with very long lines, with no line terminators
MD5 28a533942aab6fb3d66f76caa867618e
SHA1 f98da69b7345fcbaaaa1fc0c62fa7cf7493a0cf6
SHA256 409186d21c7ed0ea21b6f598ba3f9f3ba2a8f078c94ce03b14cf5ab77a769ef1
CRC32 DE8D906C
ssdeep 3072:kG4h+sTIVZfS/7BmpH+753klu9kOblyiq6heT67fAA7pdcM:HOliZfrp+SYemrA0
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name fcb24b98942d8b04_select1.cur
Submit file
Filepath C:\Users\test22\AppData\Roaming\select1.cur
Size 326.0B
Processes 2664 (1y7.exe)
Type MS Windows cursor resource - 1 icon, 32x32, hotspot @15x16
MD5 b08f3cca0040d6275d905e929547c88c
SHA1 94d59420ccbb8b813f4f6951833964a99ba8bfb4
SHA256 fcb24b98942d8b040127e5f831d23b3c7ed31d4d78f1ba474951f1f273dd849c
CRC32 FE33A36A
ssdeep 3:GlFFG1ULFllfl/t+lklel/e/hRGX8:Gl/GCgls62bb
Yara None matched
VirusTotal Search for analysis