Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	c1b7c3ef8b77a5bb_nsexec.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsc6E16.tmp\nsExec.dll
Size	7.0KB
Processes	2240 (m.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ec9c99216ef11cdd85965e78bc797d2c`
SHA1	`1d5f93fbf4f8aab8164b109e9e1768e7b80ad88c`
SHA256	`c1b7c3ef8b77a5bb335dc9ec9c3546b249014dde43aa2a9ed719b4d5933741df`
CRC32	`7BDA9B2A`
ssdeep	`96:JwzdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuHUDQ:JTkDr/HA5v6G2IElFernNQZGdHs`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6cdf765c66193cb6_590aee7bdd69b59b.customDestinations-ms~RF1c1795e.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1c1795e.TMP
Size	7.8KB
Processes	236 (powershell.exe) 2448 (powershell.exe)
Type	data
MD5	`157021642a87417f0f5a14eb38f9ed54`
SHA1	`116738243715660cdb072e795d676a3bbd240aa7`
SHA256	`6cdf765c66193cb6cee9cd74e2ee9514affeae2dce50b3d310978e386125025a`
CRC32	`CFF5E58A`
ssdeep	`96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworNBtDHXyGlUVul:Etu6XoJtu6bHnorxTyY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	eb6ec7982f54b125_wer.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\wer.exe
Size	2.1MB
Processes	2240 (m.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`3466495e538ba03b5c46b086d8ac3a8a`
SHA1	`3e6b7137f38de6f4172f7eeabc71f81c2f548534`
SHA256	`eb6ec7982f54b1259bced89dd4dfb3ac5ed0f945178888e448313e82d1d46a45`
CRC32	`E674F229`
ssdeep	`49152:kupoTrHL4JZGk1flKQaZDcsaJYMkY20koXnFzi3l:jorEJoWfkQSxbMkWko`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsg69A0.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsg69A0.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	d1ea97bb187e2637_svchost32.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size	1.9MB
Processes	2624 (kio.exe) 2512 (cmd.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`dce0aac108e6701137e2fb53f5580372`
SHA1	`dcb993e86f7afd8cbe1f0afb9a469e9327f6bd32`
SHA256	`d1ea97bb187e2637c730d9cafac2bd42f26a2c04c87ac22b19bc9eb3614239c2`
CRC32	`7D5C2E33`
ssdeep	`49152:AOYapB3dSxmU3Bo/pe6pyS2CJsAcouIS81P:AO/pFcL3BqqM/1`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	bcc7c88a78159d25_m.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\m.exe
Size	4.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`d2c73b170d0f9669214cd74ae6128068`
SHA1	`d84db7c505eb55d6fda2d7b7145a431ecc9e6061`
SHA256	`bcc7c88a78159d256da9838d8148b61bf92057b71eabf3bed83ed650d723562c`
CRC32	`677ECFE5`
ssdeep	`98304:l6dD64EdH0ACrs3qk1AXN8sIJn2rsK4Ni:l6dOnDCLkOyse2f4Ni`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	69fdcdb9fbd1489c_selfdelete.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\selfdelete.bat
Size	133.0B
Processes	2240 (m.exe) 2532 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`24187873dd464087a6addceafe2948c4`
SHA1	`db995be51f66f683d0c20f681259ee72251b1b72`
SHA256	`69fdcdb9fbd1489c9b9be1340115415151fc2305c821de9462e07dff2b63841d`
CRC32	`BA202345`
ssdeep	`3:mKDD6iNmWxpcL4E2J5xAIiACytMWGDmWxpcL4E2J5xAIiACEEOyxy:hWiNmQpcLJ23fWytBemQpcLJ23fWPJy`
Yara	None matched
VirusTotal	Search for analysis

Name	52a0ea51de030a47_svchost64.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\svchost64.exe
Size	2.0MB
Processes	2164 (wer.exe) 2932 (cmd.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`d1cf4a782a277adac36c48fbf7e5ef96`
SHA1	`e73f4f6c6f771be19796daeb8ff837a49db3f6df`
SHA256	`52a0ea51de030a47968d965f66f3ffad50a6b111bc572d386bd10192d31e2a14`
CRC32	`FA281A3B`
ssdeep	`49152:h8hdg3nzFptizOTkZtCp8kRM39BOSD7I6KLRwW3/b3:WhdgXzF6zUAtkRIzOSH3KLmab3`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	e9627ebaac562067_kio.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\kio.exe
Size	1.9MB
Processes	2240 (m.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`9fdd4767de5aec8e577c1916ecc3e1d6`
SHA1	`a1bc55a7931bfcd24651357829c460fd3dc4828f`
SHA256	`e9627ebaac562067759681dceba8dde8d83b1d813af8181948c549e342f67c0e`
CRC32	`5A448E1F`
ssdeep	`49152:3PcY9wLq0EPmhi+WezGJuLRI53HeLu9e8/jjsdtmGS0CXAp:UYm+0EOhHWbuFI53He6BPsuGDl`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	f4d28cf0f12006f9_590aee7bdd69b59b.customDestinations-ms~RF1c07af9.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1c07af9.TMP
Size	7.8KB
Processes	112 (powershell.exe) 2208 (powershell.exe)
Type	data
MD5	`b770148dd160455bac8fe186a882733d`
SHA1	`f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a`
SHA256	`f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e`
CRC32	`94B533F7`
ssdeep	`96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	4c567821dd7f577a_helper.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\helper.bat
Size	63.0B
Processes	2240 (m.exe) 2532 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`2ed107939674efc789f4e54deb28dc3c`
SHA1	`387055d8c8cfe99702123d58893bd17e67380e36`
SHA256	`4c567821dd7f577ae777a843371b607a73839230c99ef747172cf7ad4cefd841`
CRC32	`05AA7584`
ssdeep	`3:mKDDCEAnWy07lVKz4y2Lwy:hWZWVbKMzLwy`
Yara	None matched
VirusTotal	Search for analysis