Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	238de0684e5c386b_aoavkwack.ron Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\aoavkwack.ron
Size	7.7KB
Processes	1700 (juneowar2.1.exe)
Type	data
MD5	`1ed3774dc9a9b04e5a6f5089d709fdaf`
SHA1	`0e1167adb5a226e633668ad62a1aaeb542107f0d`
SHA256	`238de0684e5c386b7dec7a2ac1d046f8ab2cebae81e7cc664bc0616a8f9c986e`
CRC32	`05AE034F`
ssdeep	`192:LWTtJD/vGJbz1z8T5abho60epozCOCar8QhK0+7ekGwEvMb9:KTtJLQb5z8T5abu6/azCOF48PkCvMb9`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsrC195.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsrC195.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	7e29847ad89b06a9_jscxhqmv.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\rwgclupyien\jscxhqmv.exe
Size	212.7KB
Processes	1700 (juneowar2.1.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`ec77a84dddf6fef090dde4d2ab3a1007`
SHA1	`d846a7b1e67429ae1bec877938766ef81e023622`
SHA256	`7e29847ad89b06a94bb9c64898f922688addbe295fad4667546338b3240aeffd`
CRC32	`596CBAFC`
ssdeep	`6144:gYa6HollUqtrdWGmJKJE70a6seVSXRs0TZ/J:gYdollXtaJma6TMRHf`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	724ed07db84dc8cf_oqfmlp.nns Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\oqfmlp.nns
Size	118.7KB
Processes	1700 (juneowar2.1.exe)
Type	data
MD5	`69065e0f7ebb3730d1e7f9d1194744ff`
SHA1	`1e5dc8d5f853b844e2983db654fa32e01511b76a`
SHA256	`724ed07db84dc8cf86d0190a2d717c14a7ba6e2840474d759a2aa21a96624fd0`
CRC32	`325C6627`
ssdeep	`3072:PG7H3JLR7f2Wtz5Jic7S3dPWH3m0/O07HBDCCLOz5/:PuX7dJDicWVazxjdCk4`
Yara	None matched
VirusTotal	Search for analysis

Name	ea43d6bbeafa9894_kgthrdsiq.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsxC1B7.tmp\kgthrdsiq.dll
Size	80.5KB
Processes	1700 (juneowar2.1.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`0245d67252af65a5eb1e6bdd045064c8`
SHA1	`008afb3058d48b4325806bb517429377c3e15cc4`
SHA256	`ea43d6bbeafa98942889510ac52381cd5ae8a71df50149b2055e808d0909b110`
CRC32	`38A7B243`
ssdeep	`1536:txZgs53AOsEMO4gHsN0TlvL4S3i1PRSeksW9Wcdbx200U5We:txqsuOZMO4P0Ty1ZxcbxqgWe`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis