popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 221c76709ce4aab1_hoprfu.vbs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\HOPRFU.vbs
Size 849.0B
Processes 1860 (采购订单要求 & 绘图样本..exe)
Type ASCII text, with CRLF line terminators
MD5 06888b7c4f16c77f7bcf7ec1f6b54344
SHA1 79057eeff8508dac97d580a1bdc7d986b24b680a
SHA256 221c76709ce4aab11173df04d3cd1239c1062b02bbd614f3f4ee6030acb872f1
CRC32 DE2AD40D
ssdeep 24:dF/UUaQioU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UXft+G+7xLxe0WABNVIqZaVzgA
Yara
  • VBScript_Check_All_Process - VBScript Check All Process
  • enclosed - (no description)
VirusTotal Search for analysis
Name 807cfd202515f1f2_hehdnb.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\HEHDNB.exe
Size 211.0KB
Processes 1860 (采购订单要求 & 绘图样本..exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a958deeebcf32bbf49e62863b9e2c6e6
SHA1 d281670027c7773ba453d4ad664a5f3b0362e058
SHA256 807cfd202515f1f27ea9665db3fd9e8abe442b3c7c1d8512e70578fc835691c4
CRC32 60A2C216
ssdeep 1536:B2MgTVc8alWMxIb3QThBkCZbAP5cv6Hc7Sn:b2e81MxIb3uPhAP5+687Sn
Yara
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name 0904a6c5c36d41d2_autEA7F.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autEA7F.tmp
Size 42.3KB
Processes 1860 (采购订单要求 & 绘图样本..exe)
Type data
MD5 d35005630c67a3d4ca5756f1b7c7c0dc
SHA1 d61463098de19b4285d9c23007e3d065942daa56
SHA256 0904a6c5c36d41d2d36adc9340c312959f5ed890838bd5ad2b6c3246643aad51
CRC32 D27AA728
ssdeep 768:Kc/INM8IwZxJQPoJfSWqkLuZWBAk9+97vL58udRe8DmbNZg97sU1lS2:N/IukZxJQg9SWqooWWA8DyudRV1Vlx
Yara None matched
VirusTotal Search for analysis
Name 432a4b8a2a692cdd_hoprfu.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOPRFU.lnk
Size 1.8KB
Processes 1860 (采购订单要求 & 绘图样本..exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Sep 19 17:04:43 2022, mtime=Mon Sep 19 17:04:43 2022, atime=Mon Sep 19 17:04:43 2022, length=1395534, window=hide
MD5 f75e816786dbf082fad9de71611e9862
SHA1 7c73669320203c58274435dca0ccbc4338ee384a
SHA256 432a4b8a2a692cdd470b6ad884bd658308cd2ed598391f8596fed450a1a283a6
CRC32 2552DEB8
ssdeep 24:8xCsERdYgCh+DzgzN3HnDz5yE2+s25T4Ilm:8xCsoP8p3jWrWMIlm
Yara
  • Generic_Malware_Zero - Generic Malware
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 0aeea48dc9c774a3_acrobat reader dc.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Windata\Acrobat Reader DC.exe
Size 1.3MB
Processes 1860 (采购订单要求 & 绘图样本..exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c56268bd887cf060acae169c64e60a49
SHA1 0d986411681a76250d1b61c72bf3aec732c8d919
SHA256 0aeea48dc9c774a36110cb4c41168552c7b438b2e5ab16ed91a4e901da8d1299
CRC32 CAC694BA
ssdeep 24576:kRmJkcoQricOIQxiZY1iau0Arqh7kwhNzM5oPd3Y2MbIU:hJZoQrbTFZY1iaMo7zhNo5o1iD
Yara
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis