Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	15654d970b0bc569_windowsstate.bat Submit file
Filepath	C:\Users\Public\WindowsState.bat
Size	192.0B
Processes	2300 (powershell.exe)
Type	ASCII text, with CRLF line terminators
MD5	`2e70bae8114fc76d7ab61fe1e1433558`
SHA1	`fdc5c338bea710b442fbcab8cbe5bc2697a561b8`
SHA256	`15654d970b0bc56989d136d7171ded811e27a900dc530b612918283d2e02e42a`
CRC32	`00ED819A`
ssdeep	`3:rNk27jGQRAkFVAIUeHHgzGSJJFItGQqPJH0cVERhCI5HowHzFciS1IQHoHuHJ4Hb:Zk23GEPNvHAB80QO0cqCutTFzsIOGHGQ`
Yara	None matched
VirusTotal	Search for analysis

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1b91bc4.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1b91bc4.TMP
Size	7.8KB
Processes	2300 (powershell.exe) 2884 (powershell.exe)
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	b904579e20616f93_statewindow.vbs Submit file
Filepath	C:\ProgramData\WindowsHost\StateWindow.vbs
Size	132.0B
Processes	2300 (powershell.exe)
Type	ASCII text, with CRLF line terminators
MD5	`0f5f1d37660dc79634c3e6402f827bf5`
SHA1	`be717f4816f78b7f30ec241778fa55aec6ac2aa2`
SHA256	`b904579e20616f93565c175494bec7b134e7bd5285cfa282a9273b8b04a70ecf`
CRC32	`30FB304D`
ssdeep	`3:Y/Nm7VRpEm+5PHsoHWZXQCaHF5yKcIERFrjrlovnRkNmTrv:KNERpEmKPMoiBaHs5RjNKrv`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_statewindow.ps1 Empty file or file not found
Filepath	C:\Users\Public\statewindow.ps1
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	d54a8bd29aaf3b6a_ZIHKGJ11LWQTIZGKWJDH.temp Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZIHKGJ11LWQTIZGKWJDH.temp
Size	7.8KB
Processes	2088 (powershell.exe)
Type	data
MD5	`987127e8fc8c44b146a5ee08b252755e`
SHA1	`3db60784cfead1ea4948e6747966a291ed1b30da`
SHA256	`d54a8bd29aaf3b6a9b2dcf79ccf2dac02fa30142e54a275b87b025d8b9121663`
CRC32	`939CDAEE`
ssdeep	`96:8tuCOGCPDXBqvsqvJCwoZtuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:8tvXoZtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis