Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
10.03 05:10
cliloc_fix.exe
10.02 02:10
66fbfccd837ac_vadggdsa...
10.02 02:10
66fc5c187ba75_lyla343.exe
10.02 02:10
66fbfcc301a31_swws.exe
10.02 02:10
66fbd9a4db4c9_Governme...
10.02 02:10
66fb2538369cb_EdgeUpda...
10.02 02:10
cc.js
10.02 02:10
kixx.js
10.02 02:10
66f55533ca7d6_RDPWInst...
10.02 02:10
SPOOF.exe

Latest News
10.04 01:10
Third-party misconfigu...
10.04 01:10
Southeast Asia subject...
10.04 01:10
Prince ransomware spre...
10.04 01:10
New OT environment sec...
10.04 01:10
Intrusions involving c...
10.04 01:10
Global pig butchering ...
10.04 01:10
FIN7 deploys infosteal...
10.04 01:10
DDoS attacks possible ...
10.04 01:10
Another record-breakin...
10.04 01:10
Threat Intelligence Sn...

Dropped Files | ZeroBOX

Name	c6ce0c80a51c9eb6_payload.data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\payload.data
Size	1.5MB
Processes	2328 (1.exe) 2512 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`3426d7626aefd437fe15d3239e7cf456`
SHA1	`24edb05f0ab498f878172fd4cd9f693f0022a34b`
SHA256	`c6ce0c80a51c9eb6b6e482a4da5b858766a2988bcde28a722e948ca84673885a`
CRC32	`CB9F8B91`
ssdeep	`24576:l58d+l+priYM8ahuzeFfij6UyiocT5JBcbeOZWiC/yZ4kjKoNOma+Unz:O+Fh8ahHzTcTfub1mOjHI+E`
Yara	None matched
VirusTotal	Search for analysis

Name	f256b3b63451fddd_antiscan.data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\extracted\antiscan.data
Size	2.0MB
Processes	2672 (7z.exe) 2512 (cmd.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`2aed4f82590122a7d4de9d6c972b55c4`
SHA1	`1856faff47dc1bba1411178f26bf796735e043f8`
SHA256	`f256b3b63451fddd522ca04ed250016c4c5f9831107a615f2164704027fe8131`
CRC32	`BDA6DDE2`
ssdeep	`24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xa:R9kqGu7okoZscCnf0/Zs9/`
Yara	NPKI_Zero - File included NPKI
VirusTotal	Search for analysis

Name	5c418741e66ebe18_file_4.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\extracted\file_4.zip
Size	42.5KB
Processes	2672 (7z.exe) 2512 (cmd.exe)
Type	Zip archive data, at least v1.0 to extract
MD5	`504893ac1cb554c94a515038e70d758a`
SHA1	`06600476147afaf54101b9e8cd066968071ba219`
SHA256	`5c418741e66ebe186a38bd49af91f926b18e4143ab53754393a62dff7ccb73d0`
CRC32	`8B6BF708`
ssdeep	`768:GbLQekO3F54NqrUQETeli7zVo1Rolz3Uh/hUzAh/a08kpUKH36LzSTiDwNh:GbLQekOV54Nqr/E60zVvlzo5OAh/aAUM`
Yara	None matched
VirusTotal	Search for analysis

Name	d3500d7f2f3ebb20_file_3.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\extracted\file_3.zip
Size	42.4KB
Processes	2720 (7z.exe) 2512 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`9f4c31914608b950a56507361133430f`
SHA1	`449dee6f83fe7b2686ed7f762fc9123e0c513931`
SHA256	`d3500d7f2f3ebb203287b5917fd43c572b0ea1762f1ba9d1dcc4cf1243bb6225`
CRC32	`F21658C7`
ssdeep	`768:ZbLQekO3F54NqrUQETeli7zVo1Rolz3Uh/hUzAh/a08kpUKH36LzSTiDwNK:ZbLQekOV54Nqr/E60zVvlzo5OAh/aAUL`
Yara	None matched
VirusTotal	Search for analysis

Name	344f076bb1211cb0_7z.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\7z.exe
Size	458.0KB
Processes	2328 (1.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`619f7135621b50fd1900ff24aade1524`
SHA1	`6c7ea8bbd435163ae3945cbef30ef6b9872a4591`
SHA256	`344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2`
CRC32	`085DB415`
ssdeep	`6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	34ad9bb80fe8bf28_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\7z.dll
Size	1.6MB
Processes	2328 (1.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`72491c7b87a7c2dd350b727444f13bb4`
SHA1	`1e9338d56db7ded386878eab7bb44b8934ab1bc7`
SHA256	`34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891`
CRC32	`D5226149`
ssdeep	`24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT`
Yara	IsPE64 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature Microsoft_Office_File_Zero - Microsoft Office File IsDLL - (no description)
VirusTotal	Search for analysis

Name	3ce53b25a9d37850_file_2.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\extracted\file_2.zip
Size	42.2KB
Processes	2768 (7z.exe) 2512 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`3ec4fa1e8bf3fd58a9461727c00da91d`
SHA1	`031f6e78d3615ae8d8398fb91ab8041ffaffec69`
SHA256	`3ce53b25a9d37850ec3708c6ad92b49e2717c36b690adb0ae56530a65ac5eed0`
CRC32	`CF583766`
ssdeep	`768:cbLQekO3F54NqrUQyTeli7zVo1Rolz3UhVhUzAh/a08kpUKH36LtQjrZ4/YaybSD:cbLQekOV54Nqr/y60zVvlzorOAh/aAUT`
Yara	None matched
VirusTotal	Search for analysis

Name	8856c02009b9cfb4_tea.exe Submit file
Filepath	c:\users\test22\appdata\local\temp\ready\tea.exe
Size	104.0KB
Processes	2864 (7z.exe) 2512 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4f42e44ea52ad92251c08c6e85ca3f52`
SHA1	`7dff9568dde13983103c22063824fdf7ba899e0e`
SHA256	`8856c02009b9cfb4108c4fe1beab6413b9f2290939e2814e742c5622db5c9337`
CRC32	`8DBCBB79`
ssdeep	`1536:RUVrE5RhlBmHD568bQmhVKBa2E+5D2ZbYpfgxnR7ovsSQ00+:RUVIfmHDD8mhwE+IBtL7lc`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Is_DotNET_EXE - (no description) UPX_Zero - UPX packed file Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis

Name	2baa625e9a7a9ab4_file_5.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\extracted\file_5.zip
Size	1.5MB
Processes	2616 (7z.exe) 2512 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`ee16d8335e15bbf56dd1f82750bf35da`
SHA1	`8e7eec5054ca9e1789746ae85843ad1c84a7bb6b`
SHA256	`2baa625e9a7a9ab4f5584bd5b644a3dd5c4575f67b5a6945fd4e2ea756122118`
CRC32	`7A94207C`
ssdeep	`24576:LbI/7AAb+JQl3Vd02kOC/l5X4/KiROMdWbBkDC6SX39qbwK1ZNKdvLIT/:LujCK3D0AC/l5mwbBkDWYb1ZN4UT/`
Yara	None matched
VirusTotal	Search for analysis

Name	02e774111bb3dd48_file_1.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\extracted\file_1.zip
Size	42.1KB
Processes	2816 (7z.exe) 2512 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`b56ad8a09735bbce888470bfcb889c6c`
SHA1	`edae65f9fe9838c4b0e3cfacd8d72bcc9cd613ad`
SHA256	`02e774111bb3dd482aa0f73035b5fb7b64d13c4cd76a36d07f4371944d65151f`
CRC32	`C0881509`
ssdeep	`768:GbLQekO3F54NqrUQ0Teli7zVo1Rolz3UheClymSwZ5N5dR8jnQjrZ4/YaybSRNai:GbLQekOV54Nqr/060zVvlzoRlymHZDPq`
Yara	None matched
VirusTotal	Search for analysis

Name	ca1aac624a1885f1_svchost.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ready\svchost.cmd
Size	468.0B
Processes	2328 (1.exe)
Type	Little-endian UTF-16 Unicode text, with no line terminators
MD5	`8650364667cc747f92cecf0d7ef42438`
SHA1	`504f244dfa36ad56aeac5a22a99b4aea1b08d1e9`
SHA256	`ca1aac624a1885f125d6d6a29eed8bbcfa399a3b4d9470bdd0357d836a0b0e28`
CRC32	`327E308B`
ssdeep	`12:QUpCUjuCTGIQLvOS6wWY4CVGrMLvTSBC7hggF8DVrI7hJy:QUpCCXe2wWNCVGYTTQU8BqhY`
Yara	None matched
VirusTotal	Search for analysis