Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.15 08:11
Chinese SilkSpecter Ha...
11.15 08:11
Dark Web Profile: Cade...
11.15 08:11
Trump’s Anti-Regulatio...
11.15 08:11
체크멀, ‘2024 대한민국 디지털 이노...
11.15 08:11
KKR Raises Offer for F...
11.15 08:11
Just Eat Sees Best Wee...
11.15 08:11
How AI Is Transforming...
11.15 08:11
[NEU] [mittel] VMware ...
11.15 08:11
[NEU] [UNGEPATCHT] [mi...
11.15 08:11
Scambaiting: KI-Großmu...

Dropped Files | ZeroBOX

Name	9a419095c0bafc6b_ratt.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ratt.bat
Size	1.3KB
Processes	2580 (ratt.exe) 2660 (cmd.exe)
Type	ASCII text, with CRLF line terminators
MD5	`7ea1fec84d76294d9256ae3dca7676b2`
SHA1	`1e335451d1cbb6951bc77bf75430f4d983491342`
SHA256	`9a419095c0bafc6b550f3f760c7b4f91ef3a956cfa6403d3750164ecdbe35940`
CRC32	`EF631DB5`
ssdeep	`24:t8H22w0s0HQMuRJXuCuvVMzXuMVM83uEEJitlBJWVMzn3rydVoIDVMzQ0AjsDTJO:tp50s46hhYyjJrE6ohdSCKTQ`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_4861640 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\__tmp_rar_sfx_access_check_4861640
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	dbbb1accf079991e_ratt.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ratt.exe
Size	1.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`dc0ec514d428d56d042c087457f843c0`
SHA1	`d3f4e4fedb97fecae82588d1e3379d100c3fa296`
SHA256	`dbbb1accf079991e35cfb3761cb20ecb7d22f2f70268dfe5315de9cac3823af9`
CRC32	`F95E155C`
ssdeep	`24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk`
Yara	UPX_Zero - UPX packed file Win32_WinRAR_SFX_Zero - Win32 WinRAR SFX OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	069979bfb2aefe3c_ratt.7z Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ratt.7z
Size	693.5KB
Processes	2580 (ratt.exe) 2660 (cmd.exe)
Type	7-zip archive data, version 0.4
MD5	`7de6fdf3629c73bf0c29a96fa23ae055`
SHA1	`dcb37f6d43977601c6460b17387a89b9e4c0609a`
SHA256	`069979bfb2aefe3cac239fe4f2477672eb75b90c9853fb67b2ac1438f2ec44ff`
CRC32	`EAD0A858`
ssdeep	`12288:FlUTJZNGj5Svy0PdsS3Tl6wBuAMOSor84JWg3RoXQobvN:vUcjUvy0lr3Tl6icOB/UWoTN`
Yara	None matched
VirusTotal	Search for analysis

Name	ed50ef8e0b6dd83f_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7z.dll
Size	328.0KB
Processes	2580 (ratt.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`15bbbe562f9be3e5dcbb834e635cc231`
SHA1	`7c01cf5fa4db2312c5ed2f7b8c41e3e5c346a51a`
SHA256	`ed50ef8e0b6dd83fb0c3f733329d4aa6e5a3beb3491e2ba9d2ae206813508dde`
CRC32	`01DED2D4`
ssdeep	`6144:p3sXs8er2d9h6PzeL8fn637DZRC00P2Dky2m2yYjfz+B0iaHxMhoS:p888Ic9UCL8f6/Z1xD2HLH72hoS`
Yara	Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c8e4a63337a25f55_Add.ps1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Add.ps1
Size	1.2KB
Processes	2580 (ratt.exe) 2660 (cmd.exe)
Type	ASCII text, with CRLF line terminators
MD5	`0df43097e0f0acd04d9e17fb43d618b9`
SHA1	`69b3ade12cb228393a93624e65f41604a17c83b6`
SHA256	`c8e4a63337a25f55f75ad10ab2b420d716bad4b35a2044fd39dcd5936419d873`
CRC32	`63D80AA5`
ssdeep	`24:nuMVM80uEWVMTRSuvVMTLKVMTKLvVMTI6dsobryDzJB5VMhVM8EVMTtoVMTj:njSrW2SY1nvR6dsobryDzz5wePY`
Yara	None matched
VirusTotal	Search for analysis

Name	03a17a2b669f72df_ratt.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ratt.exe
Size	128.0MB
Processes	2644 (7z.exe) 2660 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`420d15461eaaa056a486840c73087012`
SHA1	`8eeabc6946d5357f42ae2ce491427469e31dccc9`
SHA256	`e1601b74522d5b60010eba7fb3e7b43ce56ac440aa65014bd2ea60835b070f0e`
CRC32	`B8966489`
ssdeep	`12288:jXLbt12i2c9b20yCX4q4a3VYBMELmu/wxoTB6gqf+TYVeKCE5eJNq0QN1:b3+5LN28B6Lfi2+EgN/w1`
Yara	UPX_Zero - UPX packed file Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ea2ad8d87b79c8eb_7z.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7z.exe
Size	71.0KB
Processes	2580 (ratt.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
MD5	`8ba2e41b330ae9356e62eb63514cf82e`
SHA1	`8dc266467a5a0d587ed0181d4344581ef4ff30b2`
SHA256	`ea2ad8d87b79c8eb3952498c7005a195986436cfd7ca7736dbbdda979142daea`
CRC32	`04CAC0A6`
ssdeep	`1536:6recoyvcrQQqhOH/iBApotp9wsy2GU0vz0Nymg3jqdBaNIvBdh4Yn2Inouy89:lJyErQYH6Jb9m2ewC3++NIvBdh40JouD`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF4a454e.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF4a454e.TMP
Size	7.8KB
Processes	3032 (powershell.exe) 908 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis