Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 04:09
Metasploit Weekly Wrap...
09.21 03:09
Fixing an Elgato HD60 ...
09.21 02:09
Google Faces EU Ultima...
09.21 02:09
This New Video Game Is...
09.21 02:09
FTC finds social media...
09.21 02:09
FTC finds social media...
09.21 01:09
Automate detection and...
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...

Dropped Files | ZeroBOX

Name	9781e8e4c936a24d_format-text-direction-symbolic.symbolic.png Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Registernavne\Attakerer\format-text-direction-symbolic.symbolic.png
Size	202.0B
Processes	2560 (DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`12fdee903dc174ff3ba3acc69d98f616`
SHA1	`270145d45b6729e1dcb5d7964acfd3236423f83e`
SHA256	`9781e8e4c936a24d2c8c860b26e382cdfb940379beef60727bba1f336d8a17ea`
CRC32	`F0900ADD`
ssdeep	`3:yionv//thPl9vt3lAnsrtxBlltQOxF1D9uCw+1oPsAVuTsAw+ZNfW7GgXjDIgs60:6v/lhPysnQM79h3iEAVuIVpIgsSE7Bjp`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ac9dfe3b35ea4b89_system.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsjEE68.tmp\System.dll
Size	11.5KB
Processes	2560 (DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0063d48afe5a0cdc02833145667b6641`
SHA1	`e7eb614805d183ecb1127c62decb1a6be1b4f7a8`
SHA256	`ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7`
CRC32	`B233B75E`
ssdeep	`192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	fd6b7b267bd22f8c_uerstatteligheder.rin Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Registernavne\Attakerer\uerstatteligheder.Rin
Size	161.6KB
Processes	2560 (DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe)
Type	data
MD5	`2ecaef97e39d84513205c21f40a82b54`
SHA1	`b8ef36b16f00cb9a81fd857f113fa1a955513351`
SHA256	`fd6b7b267bd22f8c111a0ff47f6ee0e918e0359dadbe5381f8c994b6f49e08c0`
CRC32	`96A35ED2`
ssdeep	`3072:tI5vu1o8cpG80gEYktOSyVtyEZR/JBPy21AwZ:4vu/cU8jEY0yVtpR/JM21R`
Yara	None matched
VirusTotal	Search for analysis

Name	6d2b626b6f6d79ff_vulkan-1.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Registernavne\Attakerer\Researchafdelingen\Radiographically\vulkan-1.dll
Size	823.3KB
Processes	2560 (DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`249e6fdfce87e40b97fa9654fed96037`
SHA1	`30b16f4eeeda1210c405e6a50adc8efc0a1b7cea`
SHA256	`6d2b626b6f6d79ff0d224594497704654a8971c815497121b8b6b983e706f1f2`
CRC32	`BF6BEEBE`
ssdeep	`12288:0s+CdjKQZqlo/O7Tl7oUANTY1+ltGYtodyVzrnX:0EjKQZqlo/OV7zANC+ltn9zbX`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	86059ddea65f61b1_emblem-downloads.png Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Registernavne\Attakerer\emblem-downloads.png
Size	299.0B
Processes	2560 (DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe)
Type	PNG image data, 16 x 16, 8-bit colormap, non-interlaced
MD5	`85f20454526f9c28afa7c09cc3664899`
SHA1	`179206448b7cd21e308ba554095b99195e33ecda`
SHA256	`86059ddea65f61b12d179433f310cc89164476e566b776d826de7fc9a19a1f4f`
CRC32	`F2A15A21`
ssdeep	`6:6v/lhPf+SACov4lFG9w1znQh3wbOiNb0B2OcIV8wwRV6t7NhTpPGPNTp:6v/7V8wlFG9w1zQGr+B2OcI9w7qTpPGr`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	bb390450a8b783d8_text-x-generic-symbolic.svg Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Registernavne\Attakerer\Researchafdelingen\Radiographically\text-x-generic-symbolic.svg
Size	780.0B
Processes	2560 (DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe)
Type	SVG Scalable Vector Graphics image
MD5	`68346afa79ed17f9a8225617567a643d`
SHA1	`36593489c8c92ad95c6bc1e34961165785d3fb37`
SHA256	`bb390450a8b783d820e11884658530d7c14df0028c28a7453513b293631dd608`
CRC32	`D35F48A1`
ssdeep	`12:t4trq9DMjqlFnVNt5ncVNyMQBVN1xJXTjiCydrkeYRAerAFFLAmaHGdK5zKk:t4trqtMUOXQj33jyKbRAecFxMGMX`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nstED6D.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nstED6D.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	ed7e434bd94b543e_alkoverne.ned Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Registernavne\Attakerer\Alkoverne.Ned
Size	133.1KB
Processes	2560 (DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe)
Type	data
MD5	`8b377c4ee33a5ee95dc8b5824d5e4caf`
SHA1	`471a0e2c174be131f3159bf719d106380d74a2f0`
SHA256	`ed7e434bd94b543e1c137573f4f117668e5d09bbf8a8923732b2beb72cc457ac`
CRC32	`0DB26D4B`
ssdeep	`3072:loRF0/k1l2ClYP4MXJ8Yy/mrvotX7R2UhUd:G3DECujtv2X7MkUd`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis