Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_setup-rc18.exe Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\1000005001\setup-rc18.exe
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	340c8464c2007ce3_dewrww7a1z.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000001001\dewrww7a1z.exe
Size	162.0B
Processes	2976 (legola.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`1b7c22a214949975556626d7217e9a39`
SHA1	`d01c97e2944166ed23e47e4a62ff471ab8fa031f`
SHA256	`340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87`
CRC32	`CC58D737`
ssdeep	`3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu`
Yara	None matched
VirusTotal	Search for analysis

Name	774ed83b16693108_legola.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ebb444342c\legola.exe
Size	223.7KB
Processes	2868 (r4336554.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3757dc41c6e39470628b4009fb13ae2a`
SHA1	`dd10d54a9b31cf8e41ddde8bf9ce72d919f3d7cb`
SHA256	`774ed83b16693108f1a28f944375e96fc78dcdd2a655accc42ddb78bb1772ebf`
CRC32	`82979124`
ssdeep	`3072:svtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbAa:StV3euVz6rKyS3yHFHhuNcPKpwIK+`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d5998de73a2e6ac2_lummac2.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000002001\LummaC2.exe
Size	391.5KB
Processes	2976 (legola.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`16f2d0aa122b49bd7f7ca17eb28e5df5`
SHA1	`ade62b2a58d4aa6972283cd000a51fe3ff0885e8`
SHA256	`d5998de73a2e6ac2fafe81270e33b6a9fd8cef605cb56603456029b8b598c077`
CRC32	`EBDD754A`
ssdeep	`12288:alJxRPSvnEVL9MtT6Mgzwni786xNPB8bKbb:altSS9M56Mgz3BxNZt`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d6ee6168d2f6c316_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\a091ec0a6e2227\clip64.dll
Size	89.0KB
Processes	2976 (legola.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`358ddcec1819198ecad04ef86899feaa`
SHA1	`478cc105d928665b40aa32a2923c98dbf332b2bd`
SHA256	`d6ee6168d2f6c316601b151aa6a16d8b3fda4bbefd046a93a5c336bd47f75d16`
CRC32	`9FEBD74B`
ssdeep	`1536:ro4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUCWHaB89p:roUCWbBNpplToUs1uNhj25LJUxaB89p`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis