popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name bc7666f6df8cbd0f_Sta.aac
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Sta.aac
Size 872.8KB
Processes 2300 (yAwEhUT.exe)
Type data
MD5 1e7a9945aba3bd84166a9c202c5338c4
SHA1 43c404a2cac919afd95c20fed903a0b59c78d9fc
SHA256 bc7666f6df8cbd0f490d82b1e1bfaf1def5aa2db74bf44da25e01a9ecbd34850
CRC32 2C48B2D2
ssdeep 12288:epVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:eT3E53Myyzl0hMf1tr7Caw8M01
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name dbc71ceffca68d64_Y
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Y
Size 2.3MB
Type ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5 e84de8ab4cc3f918538ec7cb38b0c6b0
SHA1 9bda4441b20af61493f4ab1c3c7f6eb95b0c10f0
SHA256 dbc71ceffca68d64292e426049af3bdb007ad82ccdd4f5455776ae450195ecf9
CRC32 AF35790B
ssdeep 24576:Slip/WjA3csBszu1WYz93glrl3i4f/fvcbJA2fPQIu4KKvQILgXkrJbhZwHkgLjK:/fP
Yara
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name 333656fc587ae389_hymspeezqtcd.js
Submit file
Filepath C:\Users\test22\AppData\Roaming\HmQCaARcYG\hymSpeEzqTCD.js
Size 273.0B
Processes 2928 (Chiamando.exe.com)
Type ASCII text, with no line terminators
MD5 88917efe5065f487309cb0348d0c3058
SHA1 25dde302404a05cc9a19ebe015151ed9b6c99ba2
SHA256 333656fc587ae38999493bb7f35928fe9c601df4a73cb13187dd4c94f2b11678
CRC32 B40CE108
ssdeep 6:5AThIH8CYM2h2sUS4tRZDbRXp+NI59viaPNbRXp+NI59SFWDbRXp+NI59lK:5GS6R4t7vVLP9VjvVy
Yara None matched
VirusTotal Search for analysis
Name 96474d82c8e75f38_nsvuhdkdjc.url
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nSvuHdkdjC.url
Size 170.0B
Processes 2928 (Chiamando.exe.com)
Type MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\HmQCaARcYG\hymSpeEzqTCD.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 eb6c5b72ae273a7948002e651cf31ddb
SHA1 b1d3f07cde6f754dae24300cbf2b75112d2b27e7
SHA256 96474d82c8e75f388919fed1365b1ff78637294a96251c006246ac9a0f8477c1
CRC32 F167386D
ssdeep 3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl7J8l0l0GJBjlg0us:Q+2lJglZyKm/UEZglJPZJ8l0Dr6O
Yara None matched
VirusTotal Search for analysis
Name 237d1bca6e056df5_Chiamando.exe.com
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Chiamando.exe.com
Size 872.7KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c56b5f0201a3b3de53e561fe76912bfd
SHA1 2a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
CRC32 76090EE7
ssdeep 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name e3b0c44298fc1c14_uscio.aac
Empty file or file not found
Filepath C:\Users\test22\AppData\Roaming\HmQCaARcYG\Uscio.aac
Size 0.0B
Processes 2928 (Chiamando.exe.com)
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name f37034acd5d9b7cb_Turbini.aac
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Turbini.aac
Size 389.0B
Processes 2300 (yAwEhUT.exe)
Type ASCII text, with CRLF line terminators
MD5 b264ec363366ac46fc7af0bbe4a69bc8
SHA1 7ee28f2f16f14b0909112a89c093614fb26186d2
SHA256 f37034acd5d9b7cb53c8732340e0034018932fdafc6fdfc404b1c6489103f905
CRC32 F3339038
ssdeep 6:jBgDrgYSL9+0FSrlHmSrW2FaTw+3KG33SsEfpLKMaAto2yXFqiwZv33anBENDr0:VMSFFelGeW2QTwCd3arWF/e33any2
Yara None matched
VirusTotal Search for analysis