popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name facd5a93cb058e3b_Attesa.sys
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Attesa.sys
Size 690.5KB
Processes 2100 (128.exe) 1784 (Notti.exe.com)
Type data
MD5 0603af6c0e924e2a9c92cd51efa50b2d
SHA1 6fc90a2e7b3f402e31b81c62b13d306c752303c5
SHA256 facd5a93cb058e3b5e3ca3175d304f245e112a04b99e3f3bc6dce5f0644e4521
CRC32 FA9501DE
ssdeep 12288:zBjv02nwPa2Fl4Des71lJ42+oXnivo2httkTswaA7CBvfEh0230n4R/6J4Vvca:zBjv02nc4JxlB+eniv1LtkTsIOBv2308
Yara None matched
VirusTotal Search for analysis
Name 237d1bca6e056df5_Notti.exe.com
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Notti.exe.com
Size 872.7KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c56b5f0201a3b3de53e561fe76912bfd
SHA1 2a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
CRC32 76090EE7
ssdeep 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 5c70179f6a687fce_Presto.sys
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Presto.sys
Size 440.0B
Processes 2100 (128.exe)
Type ASCII text, with CRLF line terminators
MD5 16e98ea16710eb267a9107c86320abf5
SHA1 b60227d0cd06971da47bf5af8a12c47e80313bfb
SHA256 5c70179f6a687fcebd08e90d067d1c48db60ffdeeb3cf5efe253b7972f6dd851
CRC32 13E240F6
ssdeep 12:IA0PhMCyOYSA0X74gwgIkRZWzUs4H48hM9:IA0PhMCmSA0X7Rjmc/E
Yara None matched
VirusTotal Search for analysis
Name 48c5b783abfe1041_A
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\A
Size 1.0MB
Type ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5 3ee79c684a1a3e1c0f03afc923e109c8
SHA1 8e6e61fef2c1abfb7d9ce691d7da16c99279f241
SHA256 48c5b783abfe1041c1c129b527f6635afed376ec9367e7e27b51a9ccbc88c912
CRC32 959C3FBB
ssdeep 24576:zVxiMzYehWLCZCrCgCRCpClC3nznTHsGbLe+:pzY6enPT
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name 0225fa9d54d66be8_ywffyclqqmvrq.js
Submit file
Filepath C:\Users\test22\AppData\Roaming\ImjHyWUVXG\yWffyclQqmVrq.js
Size 273.0B
Processes 1784 (Notti.exe.com)
Type ASCII text, with no line terminators
MD5 826bba838fbcf6a37c55e89533194bed
SHA1 320041fa0a93e1fbaa55bd00c2c175128ef1f9dd
SHA256 0225fa9d54d66be8f7dae18b67fb0fdfbf4a461764eaca54b402694b359a2ec6
CRC32 690E4A91
ssdeep 6:5AThIH8CYM2h2sUS4tRZDbRXp+NI52RCNbRXp+NI52RXmYWDbRXp+NI52RA0:5GS6R4t7vVkC9VkXsvVkx
Yara None matched
VirusTotal Search for analysis
Name 8d6445362c882d9b_gxuwtunqkt.url
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GXuWTunqKT.url
Size 172.0B
Processes 1784 (Notti.exe.com)
Type MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\ImjHyWUVXG\yWffyclQqmVrq.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 a7baa94861cf5507c491c7eb22fead22
SHA1 002734c5abf6b16828ee538f8f0fa5f452b47b34
SHA256 8d6445362c882d9bd6710aaf0b1cd8393e1a4752f2e0356b55446d482b034ee1
CRC32 CB50B20E
ssdeep 3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl7z+lyqlslY45vAlJgldWn:Q+2lJglZyKm/UEZglJPZylyqlslYjl6i
Yara None matched
VirusTotal Search for analysis
Name d9667b724120cb29_Tre.sys
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Tre.sys
Size 872.8KB
Processes 2100 (128.exe)
Type data
MD5 2d014fd50f571c01197192591f82b75a
SHA1 a11b8ef4bbc47dea0f712dcf88da40da930dbb7b
SHA256 d9667b724120cb29512a05fbffd0ffa94c02ae951816e62dff535095db9e516f
CRC32 4E110788
ssdeep 12288:VpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:VT3E53Myyzl0hMf1tr7Caw8M01
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis