Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	1808e2ae9756d99c_install.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS62D9.tmp\Install.exe
Size	6.1MB
Processes	3024 (installer.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`58f46ade75af024b91d995f3e2a0ca90`
SHA1	`16536a1a963ffec5a4da7e70cd8df2f8adc15ff7`
SHA256	`1808e2ae9756d99c90fc93ee5ce55eeef3987fa2441d465cc0192b1a8a0f581e`
CRC32	`63F6F23A`
ssdeep	`98304:91OSifpsM4Ypm43obrDKnCfOlYY098mpKWRqXIL0b2P9E2zhrONWoc:91O3SWB/2ieWmpBRIIeo9Hz9ONWN`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3480987db0769046_config.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zS62D9.tmp\__data__\config.txt
Size	1.0MB
Processes	3024 (installer.exe)
Type	data
MD5	`7d0562852d0aecd7c5e821e89dcf4c0f`
SHA1	`04545a792a0aa81e44d98dfc3966cfe385c328c0`
SHA256	`3480987db0769046d2b39aac23ba77ae708b74320a74b7b12d60d89d8bc488f5`
CRC32	`485444F4`
ssdeep	`24576:O/eTmd2btjhr83DTH5dg6TlW7BQJ2VWqGHkXKuGK8xezY:H6iHAz9+OW7BhWqGwKuGK8xd`
Yara	None matched
VirusTotal	Search for analysis

Name	9f2cd4acf23d565b_gpt.ini Submit file
Filepath	C:\Windows\System32\GroupPolicy\gpt.ini
Size	268.0B
Processes	2744 (Install.exe)
Type	ASCII text
MD5	`a62ce44a33f1c05fc2d340ea0ca118a4`
SHA1	`1f03eb4716015528f3de7f7674532c1345b2717d`
SHA256	`9f2cd4acf23d565bc8498c989fccccf59fd207ef8925111dc63e78649735404a`
CRC32	`25DA65CC`
ssdeep	`6:1QnMzYHxbnPonn3dXsMzYHxbnn/JIAuNhUHdhJg+5Rnn3dzC:1QM0HxbnIV0Hxbn/JnumuuzC`
Yara	None matched
VirusTotal	Search for analysis

Name	cf11d6b3c18d4c02_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	3308 (powershell.exe)
Type	data
MD5	`f2f5505600e2895c007b3ff3cfe3d4aa`
SHA1	`f0235a3c8056872d55eeef803d1bc33bac37a753`
SHA256	`cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c`
CRC32	`9AF5ED3C`
ssdeep	`96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	5b9e0b2f84df7986_semcqwk.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\prNnatYmCsQFEeCzn\OFTJvYQhcKRKyYZ\SemCqwk.exe
Size	6.6MB
Processes	2744 (Install.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1974434738cb39f639e84abce4eac613`
SHA1	`fc918330e3c1a67570af1cbb64d441eb404b29cf`
SHA256	`5b9e0b2f84df7986a95c4990f2fc33cd5a7727552dbdf858b97c1723d2b45c53`
CRC32	`0450AC18`
ssdeep	`98304:Tjfj5XXTkJaP9EGGLG3YbKUwmHERnEuZedxQhDWULORWWdtgSoIRciorkCEfYRg1:XfjB4qiOlEEZDWUKYWkri+g5b1dbmF0`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1291987c02464b27_bvmcjejduxhooxizsk.job Submit file
Filepath	C:\Windows\Tasks\bvmcjEjDUxHOOxIZsK.job
Size	500.0B
Processes	3996 (schtasks.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`ec74a83f12c568d462d335620ca38928`
SHA1	`914a94763876366f4ed9494d8ff2341ecbe89d2b`
SHA256	`1291987c02464b272687fc206aebb30cc851e1152e51ef1f03fdb14fe3432a4b`
CRC32	`4C17DA6F`
ssdeep	`12:xk9UQlEXc/Q1yDZpc2+AMgn0d/Q1yDZpc2I4Vv:xk+FL0A2+zxy0A2I`
Yara	None matched
VirusTotal	Search for analysis