popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9e6e4772050998a5_readme.txt
Submit file
Filepath C:\Users\test22\Desktop\readme.txt
Size 10.0B
Processes 2612 (lsass.exe)
Type ASCII text, with no line terminators
MD5 eb6b6c90251ab33cee784713c451e6d8
SHA1 451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5
SHA256 9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6
CRC32 22598B08
ssdeep 3:IS:7
Yara None matched
VirusTotal Search for analysis
Name dbe99e4119c6f19e_onedrive.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\OneDrive.exe
Size 9.8MB
Processes 2756 (powershell.exe)
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 743022328f955e2cbb5f2f375bd0ab72
SHA1 226a731c638cf6e79b92cc2bb6369b04e6a98b55
SHA256 dbe99e4119c6f19e273cbedbbe27afb953f92f7284638dda5c0630b7b0befa4f
CRC32 4AF07250
ssdeep 196608:XJMrC958iwis/xOpkCDRsUSF/f4PuCB6kSnzidQXb:XJsC9rs/xOrCf4PuCBH6
Yara
  • IsPE64 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 322626ca37f3929c_dllhost.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\dllhost.exe
Size 1.6MB
Processes 2756 (powershell.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 08e3930a42197a422d064569c4778997
SHA1 74832aa332b48422e5d448f5099b397e84c18712
SHA256 322626ca37f3929c517b4c0ceeb130836be5f36a1eb68ab0adb00c0f4a3f3813
CRC32 9E002461
ssdeep 24576:mzE0vhwHbExPyG6Ci5KqGxgxvgwEL3h3z1MKiA9iS888PXmNkAZvrdt/kFPXjdpr:mtaEpGcqmtwEbhD1ViA9/PjPwPXj3VV
Yara
  • themida_packer - themida packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 617ea95e3dac8a3f_tmp8FE2.tmp.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp8FE2.tmp.bat
Size 156.0B
Processes 2576 (lsass.exe) 1552 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 2ecc97431c2c97ced42288ec94c4a155
SHA1 1ab7ac9c3fd580023b124374369daaf5c3ba8a54
SHA256 617ea95e3dac8a3fb96ff68dfc3a3d7113b83a7dd5169aae8a7537a89cf44324
CRC32 A2B33A9B
ssdeep 3:mKDDCMNuwGv3DmWxpcL4EaKCPJWUNlKDwU1hGDmWxpcL4E2J5xAInTRI3cX81ZPy:hWKuZLmQpcLJaZPaDNemQpcLJ23fTpCk
Yara None matched
VirusTotal Search for analysis
Name 95f47af1a69cb5ee_lsass.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\lsass.exe
Size 1.7MB
Processes 2756 (powershell.exe) 1552 (cmd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 eb85c562249e96d7a946111241f0ea4b
SHA1 5c89db5dad53c26ec1f8189261a7fc4eace18773
SHA256 95f47af1a69cb5ee8b7a85ff7e17901819813f7d2035bec40a73d2c8f76540c8
CRC32 446FAA9E
ssdeep 49152:EWixii6vjHOwOfx8GekJixPPfNKE7Kpr4C4zOowhsJ4cNL:ixaCwrxPQKdqo4cB
Yara
  • EnigmaProtector_IN - EnigmaProtector
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 44e8aa0601fffe82_OAKRGRVTMGVAROOQQSN6.temp
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OAKRGRVTMGVAROOQQSN6.temp
Size 7.8KB
Processes 2652 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis