popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7eb70257593da06f_outlook.txt
Submit file
Filepath C:\Users\test22\AppData\Local\TEST22-PC\Browsers\Outlook\Outlook.txt
Size 2.0B
Processes 2064 (Set-UP.exe)
Type ASCII text, with CRLF line terminators
MD5 81051bcc2cf1bedf378224b0a93e2877
SHA1 ba8ab5a0280b953aa97435ff8946cbcbb2755a27
SHA256 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
CRC32 14A285AC
ssdeep 3:y:y
Yara None matched
VirusTotal Search for analysis
Name b3dfa692f7da19ee_places.raw
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\places.raw
Size 5.0MB
Type SQLite 3.x database, user version 69, last written using SQLite version 3038003
MD5 c395620f9a8337341636a78a98f5b3d9
SHA1 97700ec4db7362e02a56df5e70dd828ad9823d24
SHA256 b3dfa692f7da19eede9aa2fe2ac76052cfaa32a7d30cc53b88ea5ef23ec32624
CRC32 476CDB88
ssdeep 192:StsqHQnwkYjcoBMc+uySBQies13A29D+oBpp0:StsbwVTBMc+uySOiJ3Z
Yara None matched
VirusTotal Search for analysis
Name a1e48fa8a5d530ae_screen.png
Submit file
Filepath C:\Users\test22\AppData\Local\TEST22-PC\Screen.png
Size 1.4MB
Processes 2064 (Set-UP.exe)
Type PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
MD5 fdf01422967f5e131684c2014cbb6cbf
SHA1 9eab41f082ad257c150b3afdf5e92ea574d16b7a
SHA256 a1e48fa8a5d530aea08fbdeabe9de99bd8dedf2077f15f6633f1a387816125f4
CRC32 EB5C24CD
ssdeep 24576:IqUc08ir/YMaksFx7c0VkFoVfUa2h3ikTmWKh5uaNnnylGL16inbIB0RSEtt87E:s/DYMaksFxzUoT+yaaZyl8RbtSED
Yara
  • PNG_Format_Zero - PNG Format
VirusTotal Search for analysis
Name 1a59d39530e38660_Set-UP.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Set-UP.exe
Size 1.0MB
Processes 1280 (setup.EXE)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 3398c825546a8f031901e1e31b6304e7
SHA1 ca8e0b923acf197f7cfe12c7e1b8a81087c10b40
SHA256 1a59d39530e38660cc483a1b5a090036206db446ac8573f1a2ec76ba4d3e2858
CRC32 538A951D
ssdeep 12288:uHli6z5ZwvCm+mrEY+pYvLL0wLctviKDv4Zspok9R/POO2tCA4TR+mCBr++/6MHr:uFNf+omJCYf0wLcEg4e9VRYCA1
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 57037fe519cfe685_process.txt
Submit file
Filepath C:\Users\test22\AppData\Local\TEST22-PC\Process.txt
Size 1.7KB
Processes 2064 (Set-UP.exe)
Type ASCII text
MD5 2ff70645b45f7f24f254ca275e41afeb
SHA1 952b16499626ef4247a07907d0f36511363c62ae
SHA256 57037fe519cfe6856724f2402c2b029268a1ee84b1dacc3dbae25d92bcfcd72f
CRC32 A3395329
ssdeep 24:YcSxQHbqY1nqVaepXcep6WYRCzLXq1OCaiYRER6NDnCCCXcOkaCH6p43CTiJ:3VAL+EDcux
Yara None matched
VirusTotal Search for analysis
Name 3fdf1066e3b50852_WindowsDefenderUpdates.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\WindowsDefenderUpdates.exe
Size 160.0KB
Processes 1280 (setup.EXE)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 8d990a112e2f4ce70e630dda9a1060b4
SHA1 6ea9f72e30dc042eda02424a7151ed1cbcf5a35f
SHA256 3fdf1066e3b5085246f0d060dbb64c46019244b20d8da8b4d12a941e4dcc95af
CRC32 7C674D22
ssdeep 3072:VGKs9pUrxjp7+mHWY7ZJhBUbaYajkq1eP/9L:wK8M1XjU23Aq1eP/
Yara
  • Win_Backdoor_njRAT_Zero - Win Backdoor njRAT
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 54f899f067e76e47_installedsoftware.txt
Submit file
Filepath C:\Users\test22\AppData\Local\TEST22-PC\InstalledSoftware.txt
Size 1.3KB
Processes 2064 (Set-UP.exe)
Type ISO-8859 text, with CRLF line terminators
MD5 3bfce0d64feedb9e2bf831a1da294940
SHA1 eff75b570d3ddaa9c931ade091406f5ecaaa5f94
SHA256 54f899f067e76e4759eaead40350e38b221711565a2e370617f5606b9e5e74ec
CRC32 9DD067B6
ssdeep 24:7NBkJw4Y+4Zr7OdlyAMlp4GZabUexhHvkf+1gIO2OOM4ZdAA4uPUiZ:7PkTir7OdlyAMH4GZabNxhHvS+1gIO21
Yara None matched
VirusTotal Search for analysis