Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	e3fa1ef18094694c_tmp728.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp728.tmp
Size	1.3KB
Processes	1972 (InstallUtil.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`4386ac3d9bca272121bfea60023b104a`
SHA1	`99704cc6316d4d8548b8f2024e27e006d5b35a18`
SHA256	`e3fa1ef18094694c18d7c2e0292619d8d47b6f5f951711481a7d2e4192b5da3d`
CRC32	`C45CE82C`
ssdeep	`24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0ZKxtn:cbk4oL600QydbQxIYODOLedq3YKj`
Yara	None matched
VirusTotal	Search for analysis

Name	bb9181b3935b8681_tmp871.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp871.tmp
Size	1.3KB
Processes	1972 (InstallUtil.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`be81f72fa4dbc827132836ee2af92c96`
SHA1	`fe5ded04ab4932dea6cf414e9e4428f43da70d03`
SHA256	`bb9181b3935b8681a71b578f8166883e61380de6181df82d05f14829323fbf0f`
CRC32	`7AA438E3`
ssdeep	`24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Rb5xtn:cbk4oL600QydbQxIYODOLedq3Sb5j`
Yara	None matched
VirusTotal	Search for analysis

Name	0bd3aac12623520c_storage.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\storage.dat
Size	319.8KB
Processes	1972 (InstallUtil.exe)
Type	data
MD5	`7e8f4a764b981d5b82d1cc49d341e9c6`
SHA1	`d9f0685a028fb219e1a6286aefb7d6fcfc778b85`
SHA256	`0bd3aac12623520c4e2031c8b96b4a154702f36f97f643158e91e987d317b480`
CRC32	`F31C2239`
ssdeep	`6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm`
Yara	None matched
VirusTotal	Search for analysis

Name	5101b6efbebf5994_run.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\run.dat
Size	8.0B
Processes	1972 (InstallUtil.exe)
Type	data
MD5	`1c9c2a03f343a2d26e98d672462fecbd`
SHA1	`51144d9cb51cc4e952d512cd5de9f0077fffe08e`
SHA256	`5101b6efbebf5994f2b9e17137030d875c0b1348fff07a984b5b73da06983488`
CRC32	`A01D98A5`
ssdeep	`3:a3A:aw`
Yara	None matched
VirusTotal	Search for analysis

Name	5ab99263d0101e00_ammero.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\ammero.exe
Size	216.5KB
Processes	1892 (explooor.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`605e939e44cd9b02c55ce0a09019ad47`
SHA1	`9ac8ff474631ed0c3d27a7290979b4880b9784f6`
SHA256	`5ab99263d0101e00809c2fe1f068bbcb601208c3fb0efd753b36169a3a69c589`
CRC32	`D5377F11`
ssdeep	`3072:Q9WEWiW0bRq1Do6UFJ7YjJhUi3EmkM7Gw+MevJgm3hHyT+rsXngL4J1tShtUh/q:Qoq6UoPU+n7AMOXBCXgC1EXU`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Win_Trojan_AgentTesla_IN_Zero - Win Trojan AgentTesla Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c492babfd9a1e676_task.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\task.dat
Size	50.0B
Processes	1972 (InstallUtil.exe)
Type	ASCII text, with no line terminators
MD5	`a891b64e388cfff7d0f64c25bb06897f`
SHA1	`768afb095e85c1bbf7a250ebcbcd2283dfbeff2f`
SHA256	`c492babfd9a1e6767e001e936206c55f5f7952d3cefd603e171277856dbbee33`
CRC32	`3EFD409B`
ssdeep	`3:oNmWxpcL4E2J5xAIOWRxRI0dAn:oNmQpcLJ23f5RndA`
Yara	None matched
VirusTotal	Search for analysis

Name	5347661365e7ad2c_catalog.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\catalog.dat
Size	232.0B
Processes	1972 (InstallUtil.exe)
Type	data
MD5	`32d0aae13696ff7f8af33b2d22451028`
SHA1	`ef80c4e0db2ae8ef288027c9d3518e6950b583a4`
SHA256	`5347661365e7ad2c1acc27ab0d150ffa097d9246bb3626fca06989e976e8dd29`
CRC32	`36FCB1A3`
ssdeep	`6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9`
Yara	None matched
VirusTotal	Search for analysis

Name	73b0b92179c61c26_settings.bin Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\settings.bin
Size	40.0B
Processes	1972 (InstallUtil.exe)
Type	data
MD5	`ae0f5e6ce7122af264ec533c6b15a27b`
SHA1	`1265a495c42eed76cc043d50c60c23297e76cce1`
SHA256	`73b0b92179c61c26589b47e9732ce418b07edee3860ee5a2a5fb06f3b8aa9b26`
CRC32	`7C56D530`
ssdeep	`3:9bzY6oRDMjmPl:RzWDMCd`
Yara	None matched
VirusTotal	Search for analysis