popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name ac901bf5882f14e9_timer.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\timer\Wsfghjklkjhgfd.exe\timer.exe
Size 705.0KB
Processes 1460 (choileety.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 da9534900ee0d11c9b30cf33152ea03c
SHA1 1ad9e9761fd6935c0cf5048c9615d0383baac48e
SHA256 ac901bf5882f14e9e07235b8488b6479b4519addda6dbfb89147401c1e9e6e4f
CRC32 372C75E7
ssdeep 12288:k8/HoptmKv8x10D+dHr73q/6pd7UB5k6d5EK7IS5SE/84a:1x1eML76ypZ/6d5bSIO
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF390143.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF390143.TMP
Size 7.8KB
Type data
MD5 b0c9ff441742f3847ea27da9dee7f2cd
SHA1 c42a1eb32ba953a0ce5d8635caabf71b5b281495
SHA256 a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4
CRC32 0BBCAB1A
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 7fcf4b447b2be6b1_logs.dat
Submit file
Filepath C:\ProgramData\remcos\logs.dat
Size 260.0B
Processes 2332 (MSBuild.exe)
Type data
MD5 a16d9e62260d400aa48d8a7ece288455
SHA1 80005075579543afb152eb3c4cde92ee083c176d
SHA256 7fcf4b447b2be6b1e9aa988b7198cb7140354820bbe04fa968456df6d04916c3
CRC32 3480D8A9
ssdeep 6:Kl6F5YcIeeDAlOWA4dbJWEogltmgXl1oV:Kl6Nec0WNW+ltZI
Yara None matched
VirusTotal Search for analysis
Name ea0149223ad88e00_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2520 (powershell.exe)
Type data
MD5 ff302e30aa78bdb4a11ce500ca020191
SHA1 abf114fcfca5dad7293fe0240e63445187204a1a
SHA256 ea0149223ad88e006c4e2310e7cfc4555aec1984bc6c8048e77aba1307c1328e
CRC32 832C8ABA
ssdeep 96:stuCeGCPDXBqvsqvJCwoJtuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:stvXoJtvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis