popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9a419095c0bafc6b_ratt.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ratt.bat
Size 1.3KB
Processes 2580 (ratt.exe) 2660 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 7ea1fec84d76294d9256ae3dca7676b2
SHA1 1e335451d1cbb6951bc77bf75430f4d983491342
SHA256 9a419095c0bafc6b550f3f760c7b4f91ef3a956cfa6403d3750164ecdbe35940
CRC32 EF631DB5
ssdeep 24:t8H22w0s0HQMuRJXuCuvVMzXuMVM83uEEJitlBJWVMzn3rydVoIDVMzQ0AjsDTJO:tp50s46hhYyjJrE6ohdSCKTQ
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_4861640
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\__tmp_rar_sfx_access_check_4861640
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name dbbb1accf079991e_ratt.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ratt.exe
Size 1.4MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 dc0ec514d428d56d042c087457f843c0
SHA1 d3f4e4fedb97fecae82588d1e3379d100c3fa296
SHA256 dbbb1accf079991e35cfb3761cb20ecb7d22f2f70268dfe5315de9cac3823af9
CRC32 F95E155C
ssdeep 24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Yara
  • UPX_Zero - UPX packed file
  • Win32_WinRAR_SFX_Zero - Win32 WinRAR SFX
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 069979bfb2aefe3c_ratt.7z
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ratt.7z
Size 693.5KB
Processes 2580 (ratt.exe) 2660 (cmd.exe)
Type 7-zip archive data, version 0.4
MD5 7de6fdf3629c73bf0c29a96fa23ae055
SHA1 dcb37f6d43977601c6460b17387a89b9e4c0609a
SHA256 069979bfb2aefe3cac239fe4f2477672eb75b90c9853fb67b2ac1438f2ec44ff
CRC32 EAD0A858
ssdeep 12288:FlUTJZNGj5Svy0PdsS3Tl6wBuAMOSor84JWg3RoXQobvN:vUcjUvy0lr3Tl6icOB/UWoTN
Yara None matched
VirusTotal Search for analysis
Name ed50ef8e0b6dd83f_7z.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7z.dll
Size 328.0KB
Processes 2580 (ratt.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 15bbbe562f9be3e5dcbb834e635cc231
SHA1 7c01cf5fa4db2312c5ed2f7b8c41e3e5c346a51a
SHA256 ed50ef8e0b6dd83fb0c3f733329d4aa6e5a3beb3491e2ba9d2ae206813508dde
CRC32 01DED2D4
ssdeep 6144:p3sXs8er2d9h6PzeL8fn637DZRC00P2Dky2m2yYjfz+B0iaHxMhoS:p888Ic9UCL8f6/Z1xD2HLH72hoS
Yara
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c8e4a63337a25f55_Add.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Add.ps1
Size 1.2KB
Processes 2580 (ratt.exe) 2660 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 0df43097e0f0acd04d9e17fb43d618b9
SHA1 69b3ade12cb228393a93624e65f41604a17c83b6
SHA256 c8e4a63337a25f55f75ad10ab2b420d716bad4b35a2044fd39dcd5936419d873
CRC32 63D80AA5
ssdeep 24:nuMVM80uEWVMTRSuvVMTLKVMTKLvVMTI6dsobryDzJB5VMhVM8EVMTtoVMTj:njSrW2SY1nvR6dsobryDzz5wePY
Yara None matched
VirusTotal Search for analysis
Name 03a17a2b669f72df_ratt.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ratt.exe
Size 128.0MB
Processes 2644 (7z.exe) 2660 (cmd.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 420d15461eaaa056a486840c73087012
SHA1 8eeabc6946d5357f42ae2ce491427469e31dccc9
SHA256 e1601b74522d5b60010eba7fb3e7b43ce56ac440aa65014bd2ea60835b070f0e
CRC32 B8966489
ssdeep 12288:jXLbt12i2c9b20yCX4q4a3VYBMELmu/wxoTB6gqf+TYVeKCE5eJNq0QN1:b3+5LN28B6Lfi2+EgN/w1
Yara
  • UPX_Zero - UPX packed file
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ea2ad8d87b79c8eb_7z.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7z.exe
Size 71.0KB
Processes 2580 (ratt.exe)
Type PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
MD5 8ba2e41b330ae9356e62eb63514cf82e
SHA1 8dc266467a5a0d587ed0181d4344581ef4ff30b2
SHA256 ea2ad8d87b79c8eb3952498c7005a195986436cfd7ca7736dbbdda979142daea
CRC32 04CAC0A6
ssdeep 1536:6recoyvcrQQqhOH/iBApotp9wsy2GU0vz0Nymg3jqdBaNIvBdh4Yn2Inouy89:lJyErQYH6Jb9m2ewC3++NIvBdh40JouD
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF4a454e.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF4a454e.TMP
Size 7.8KB
Processes 3032 (powershell.exe) 908 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis