popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a9220271c0eb79e5_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 1716 (powershell.exe)
Type data
MD5 b0c9ff441742f3847ea27da9dee7f2cd
SHA1 c42a1eb32ba953a0ce5d8635caabf71b5b281495
SHA256 a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4
CRC32 0BBCAB1A
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 071da700dbcb17c8_bilzzz.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Bilzzz.exe
Size 202.5KB
Processes 1116 (New Order.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 c80d9464d61395984951effa82f88dce
SHA1 0f47aefb2e0d80a771ac9db2fdfda4d6ccffab62
SHA256 071da700dbcb17c8347ff31c26943ceac1a71c7517da9fb0ddc2ff1cad3bae4e
CRC32 84E890CE
ssdeep 3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIdiF+BX+4D9kNh5y/NMCGEW/:wLV6Bta6dtJmakIM5hMJSftp/
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
VirusTotal Search for analysis
Name bb2fafaee28f79ac_bin.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\bin.exe
Size 214.0KB
Processes 1116 (New Order.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 0e718ff6d8000bf3603b0a18022eefe9
SHA1 db912106eac554a6ca1b9fbbfe058a66f3393fb6
SHA256 bb2fafaee28f79ac82806bd5187a4ff85cd429586f0998b2d0faa1981e113ea7
CRC32 77B707E1
ssdeep 3072:5GW5+gsavx3ugzllnG08UsQ3n4QxKH3XKWv3QyG+YjFlUxHASjYiRlcdk5li1tWR:5QgplGpUhn4QxiZLo8gSjYoQk5krW
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Trojan_AgentTesla_IN_Zero - Win Trojan AgentTesla
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name fba292d438c5e53f_tmp2DCC.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp2DCC.tmp
Size 1.6KB
Processes 2492 (New Order.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 05088393700638a0b58617e18ecf7b5a
SHA1 a4c22babecd9062fea0c5a6e03351333c44aa77f
SHA256 fba292d438c5e53f401b3acc26d32b834928977f2d749a4133ef7f629634e362
CRC32 50918813
ssdeep 24:2dH4+SEqCH/7IlNMFQ/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBAMtn:cbhf7IlNQQ/rydbz9I3YODOLNdq35
Yara None matched
VirusTotal Search for analysis
Name 3589ba6e304d9e93_run.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\run.dat
Size 8.0B
Processes 2432 (Bilzzz.exe)
Type Non-ISO extended-ASCII text, with no line terminators, with overstriking
MD5 e1f936dd865acd34017b63fdc4628341
SHA1 e567478573ee98e27296f22ae46938da807fc803
SHA256 3589ba6e304d9e93d1e812e7e05f54273439c2cfe6905c184af1710f291ebcf9
CRC32 9E15776E
ssdeep 3:E8tn:Hn
Yara None matched
VirusTotal Search for analysis