popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 864e5117cdfd0195_vbs.vbs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\vbs.vbs
Size 114.0B
Processes 2560 (C3VB.exe) 2860 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 27002bb346cdc609c41438d18edbf244
SHA1 83cb16cc33e1feacf71a318accb42d334a314870
SHA256 864e5117cdfd019545ec31236f5e976113904a28642eb92082b6f5fb35fee147
CRC32 33CCA3AF
ssdeep 3:jaPFEm8nh3QANX4E4F5cNUqJajaPOUC:j6NqhvXGCNUqOUC
Yara None matched
VirusTotal Search for analysis
Name 15d8615d61ad74ea_HSTART.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\HSTART.bat
Size 607.0B
Processes 2560 (C3VB.exe) 2860 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 d871a911bf684afa46d0323312d2d0ff
SHA1 c54ea1c2eb2a9e22a65066f9f0660af54be1bc67
SHA256 15d8615d61ad74eac48589252ead9f7bb84eef38b83c1d2e17a2d6397cbc2f87
CRC32 A35769F1
ssdeep 12:/+rfrK66lid78FNrfrK66bHidJopkerK66LQAn8pkerK66LDe4TgMAQlrMGJkyA/:afwlI7oJfwTIS9wt89woWxMGJVAvX
Yara None matched
VirusTotal Search for analysis
Name 41059aca114f8c97_C3.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\C3.bat
Size 1.1KB
Processes 2560 (C3VB.exe) 2860 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 4aa1dd6823251121717482a64342dc8f
SHA1 ac3871547541f23d2d77a5f065de7bf6ed107227
SHA256 41059aca114f8c973e8b298e7e3f6e56b616233d85ca7df98520a953dac1cb71
CRC32 2818C1D8
ssdeep 24:P8H22w0s0HRu+duRJXuvVM6tlMzHLrym8VMMMVDIDVM30AZ8H0X:Pp50sE/d6hYJm8chCk8HG
Yara None matched
VirusTotal Search for analysis
Name e0b4b6a3626d2ecf_tmp13B2.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp13B2.tmp
Size 469.9KB
Type data
MD5 2e9ebb787d740a134a34c7cd5708abc6
SHA1 72ec066eebab350d23cdf2e04f90a15c3e90ea57
SHA256 e0b4b6a3626d2ecfa87410c667b2ca64f957c90763ea8d330355c2c6ed16dfea
CRC32 1DB6A153
ssdeep 12288:UI8HyKnmiYSj4LLz2C7QNrmJofZKx7Vv52iA1iU9a:UIInx/OLz2JNrQofM7c1Zg
Yara None matched
VirusTotal Search for analysis
Name ed50ef8e0b6dd83f_7z.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7z.dll
Size 328.0KB
Processes 2560 (C3VB.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 15bbbe562f9be3e5dcbb834e635cc231
SHA1 7c01cf5fa4db2312c5ed2f7b8c41e3e5c346a51a
SHA256 ed50ef8e0b6dd83fb0c3f733329d4aa6e5a3beb3491e2ba9d2ae206813508dde
CRC32 01DED2D4
ssdeep 6144:p3sXs8er2d9h6PzeL8fn637DZRC00P2Dky2m2yYjfz+B0iaHxMhoS:p888Ic9UCL8f6/Z1xD2HLH72hoS
Yara
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9e6e4772050998a5_tmp138E.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp138E.tmp
Size 10.0B
Type ASCII text, with no line terminators
MD5 eb6b6c90251ab33cee784713c451e6d8
SHA1 451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5
SHA256 9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6
CRC32 22598B08
ssdeep 3:IS:7
Yara None matched
VirusTotal Search for analysis
Name 512e4e95427a8c66_tmp1570.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp1570.tmp
Size 36.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 f4c540f52d5c08d24a79805eda1d7abf
SHA1 22be46826df7693f58736adb232ab2da790f2571
SHA256 512e4e95427a8c66b2993b27bb23d99cdab2ebd6e9e8937c7f6a39ed8c6a5b94
CRC32 95C9FB3A
ssdeep 24:TLmg/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fB34444z:T5/ecVTgPOpEveoJZFrU1cQB34444z
Yara None matched
VirusTotal Search for analysis
Name 1613dfca627df925_tmp13A0.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp13A0.tmp
Size 152.3KB
Type data
MD5 678f200bbdcbd766738c556fc32a58d8
SHA1 d04d2b7feb4ae5217b2e506b7029d2932a1b897d
SHA256 1613dfca627df92567ddad65992d171f58ce44f6606f6ce6a72b0d0d17641912
CRC32 D85EC086
ssdeep 3072:TUzncZdDUeK0wBA1fwBwwLjbI3czjlpIpLdxgQ5SGP8RSn5DD+ZhTCn69ABgd:gwT8IRQlipLzSFcnFDiFSA
Yara None matched
VirusTotal Search for analysis
Name 1f4fd23968cf6e5b_C3.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\C3.exe
Size 128.0MB
Processes 2596 (7z.exe) 2860 (cmd.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 50c809d7683a776a77c44954694fcef9
SHA1 49974a3f2d8ddd4e6b64c32a0c2163a5ba6466ca
SHA256 81389046fa3764fde46677e9dc2637f05b8f6eb58ba649c4189c2ca9790d6aec
CRC32 300C1380
ssdeep 24576:AZaQK/ogj7m50yVuUO0bnNs02t0DVUObm:Qaj/ogj7m50yIUO0bnNs02+D+Obm
Yara
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c5e1638b319ea436_Add.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Add.ps1
Size 1.2KB
Processes 2560 (C3VB.exe) 2860 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 1a0567e385d9688760a05576e26de9f5
SHA1 4524380d02e494cd4928346bdc326247a54ea699
SHA256 c5e1638b319ea436e1006558068dce11c59dde887cf84e9daf44557e3fd8e0ff
CRC32 6CD30F40
ssdeep 24:nuMVM80uEWVMuSuvVM+KVMLLvVMp6dsobryDc35VMhVM8EVMqoVMQ:njSrWhSYOSvY6dsobryDc35wemT
Yara None matched
VirusTotal Search for analysis
Name bbc59eb43822e646_tmp152C.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp152C.tmp
Size 18.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 53ea322f91d6f0de8448b68583284d22
SHA1 b6c835867fbf7e432b834f7366eb0407f3eebbfa
SHA256 bbc59eb43822e64660cc4ccbca37d6dc016eaa9b85b2c6f5b40826bb03188b34
CRC32 CA013001
ssdeep 24:LLY10KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6ocW:4z+JH3yJUheCVE9V8MX0PFlNU12W
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF125fef0.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF125fef0.TMP
Size 7.8KB
Processes 1484 (powershell.exe) 2232 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name ea2ad8d87b79c8eb_7z.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7z.exe
Size 71.0KB
Processes 2560 (C3VB.exe)
Type PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
MD5 8ba2e41b330ae9356e62eb63514cf82e
SHA1 8dc266467a5a0d587ed0181d4344581ef4ff30b2
SHA256 ea2ad8d87b79c8eb3952498c7005a195986436cfd7ca7736dbbdda979142daea
CRC32 04CAC0A6
ssdeep 1536:6recoyvcrQQqhOH/iBApotp9wsy2GU0vz0Nymg3jqdBaNIvBdh4Yn2Inouy89:lJyErQYH6Jb9m2ewC3++NIvBdh40JouD
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9a8ea0e2df7554c5_tmp15A5.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp15A5.tmp
Size 72.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 0539a773e44d21a84fd97fee0dffd4a3
SHA1 5904058c20aad54c552edc57826babd36ab61149
SHA256 9a8ea0e2df7554c57fb4ee6a8a12782f5a2474a3e4c23dc61e4768631dc4eb9f
CRC32 964BC0B2
ssdeep 96:P0CWo3dOOctAYyY9MsH738Hsa/NTIdE8uKIaPdUDFBlrrVY/qBOnx4yWTJereWbY:PXt769TYndTJMb3j0
Yara None matched
VirusTotal Search for analysis
Name 8f87d4bde3cdddd2_tmp13B1.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp13B1.tmp
Size 44.3KB
Type data
MD5 4653fc308d150cbd9d07a0e197b50980
SHA1 1b0828e0920e43a7f31a58796d1f4ceb00d367a3
SHA256 8f87d4bde3cdddd2984a1b9abf8943249b3cf19676def9f69a0c5f12ecdd72a7
CRC32 8CCB8EE2
ssdeep 768:rhoj7CFv6KtltArdvvs9kkZn6c6BXaf4peH8WpIDLU6I/wLMDbBLsDFNE/J4MkZL:nFvf3tArdv+dB6cWXafgecbLU6IUcBL2
Yara None matched
VirusTotal Search for analysis
Name 0b8607fdf72f3e65_tmp162E.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp162E.tmp
Size 96.0KB
Type SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
CRC32 842B3569
ssdeep 12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO
Yara None matched
VirusTotal Search for analysis
Name 88e65aa69858b179_tmp138F.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp138F.tmp
Size 31.3KB
Type data
MD5 78af5f2f35746bdaa5499e29daca737d
SHA1 7ac488b31b66b81fcd7711453acc6efede1aaf32
SHA256 88e65aa69858b179558b77e4542670d29399e83fb04dd4f207cbe9ca8ddf3d13
CRC32 71A2CC37
ssdeep 768:2zA1C82+UYugHPAH/Ug2+I7TcJTvfFAzl6vj+vFepKb:2MCaUYhIUgus9vdAzl6vjOb
Yara None matched
VirusTotal Search for analysis
Name 3a364ccc926c1077_C3.7z
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\C3.7z
Size 394.5KB
Processes 2560 (C3VB.exe) 2860 (cmd.exe)
Type 7-zip archive data, version 0.4
MD5 1794e0db6ea78437706c9e5e4f1212af
SHA1 adeefad8038cadc92ac25c028eeb449ab9d6cc32
SHA256 3a364ccc926c1077d30623dfffc6595f059ab7f098f378036b2379a64e3e00f4
CRC32 EEDE1327
ssdeep 6144:HQnFYdxmw7QQATK9wTXy8vMqRZCGr9P3XrmsfmLLobNWna+klK3+iLmm:H7Qw7QzTyg0qrCGrtn7p5r83r5
Yara None matched
VirusTotal Search for analysis
Name a19d0ae6e024ccb6_tmp139F.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp139F.tmp
Size 147.5KB
Type data
MD5 52dd1fea29bab63480ef4c017684a9d9
SHA1 2a13549ef6aa297bf2e060c7678fa0437803aa71
SHA256 a19d0ae6e024ccb6a62b710a4c1ee53872b3704c02e7fa015d415733728ae140
CRC32 1ACEBA29
ssdeep 3072:OeIcCXH9dYkxy+3Ov5OajA+uN5v9kYlYfW1wvE2szuu0o6BXHT:OdcCYkxpevpqNlYfOWszH0oST
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_19261468
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\__tmp_rar_sfx_access_check_19261468
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis