popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e4aed7f82f6f7ca0_03909174.bat
Submit file
Filepath C:\Users\Public\Documents\03909174.bat
Size 835.0B
Processes 2776 (powershell.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 8bf5db25a6ba8b69e145953a8d2df009
SHA1 3fb51d83cc8c104bdaa6629908cb2ba5e0ba4e3c
SHA256 e4aed7f82f6f7ca03320770dcecde4f1a3bab819a0002a98d8fe54c5f1f367f3
CRC32 70F5351D
ssdeep 24:D/SP7pVxrqyEUYn0QP7p4BJC+rDixXett:DKPFGy1fQPl4Bk+QXa
Yara None matched
VirusTotal Search for analysis
Name 44e8aa0601fffe82_590aee7bdd69b59b.customDestinations-ms~RF139a9d.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF139a9d.TMP
Size 7.8KB
Processes 2276 (powershell.exe) 2396 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name ac891b5a55a463e2_10380018.bat
Submit file
Filepath C:\Users\Public\Documents\10380018.bat
Size 1.7KB
Processes 2776 (powershell.exe)
Type DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5 17a0f1b79d720ab7ca6ef6333d887d82
SHA1 41c96401c5072d1abd72fa6babc03353e43ab9e0
SHA256 ac891b5a55a463e241725d278e8156925a2b3ab8ceff40d284c8ae1efa37053d
CRC32 84A4B293
ssdeep 48:kuhPUdcDs+UXdYfxAL5ALdbAVKwip2HY6L03Ln:NU6ZQ28AJbj7pWY6Li
Yara None matched
VirusTotal Search for analysis
Name e33652e45021b064_14897.zip
Submit file
Filepath C:\Users\Public\14897.zip
Size 81.4KB
Processes 2936 (powershell.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 b1e3341d3db377d50ca29430a7b2e0da
SHA1 6cce9df5136950dede0e329bc4380770aea4a42c
SHA256 e33652e45021b0646d2ecd0e7268ef613681d37a6b0965861c2262ffdb9e2384
CRC32 F88EA57B
ssdeep 3:Eh1:W1
Yara
  • Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal Search for analysis
Name 8dd9607d4d334b9c_59239312.bat
Submit file
Filepath C:\Users\Public\Documents\59239312.bat
Size 869.0B
Processes 2776 (powershell.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 2a4434ac88358b34b517f3c627dc6622
SHA1 da91762038b5db8b0b6fa130707299b44dff28e2
SHA256 8dd9607d4d334b9c629244fad7fcc793a2231318b4b057eecfb5af1cfd3684a8
CRC32 B3AADA71
ssdeep 24:0n/vHjOkHEYfXYkewbwwP3bLLKGLVbJQAXL/wq3Dw63WQR:knKkHHwQrLLdLdbyc
Yara None matched
VirusTotal Search for analysis
Name 9b0dcdc88b7a11c9_10912631.bat
Submit file
Filepath C:\Users\Public\Documents\10912631.bat
Size 146.0B
Processes 2776 (powershell.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 20f0e8362782c7451993e579336f2f3e
SHA1 62a02d87145f82a8b14da0420f4366e84a4b6b61
SHA256 9b0dcdc88b7a11c96235c693562aa391fe54cb0396e6bcc94f25863c80d51105
CRC32 C79C0723
ssdeep 3:mKDDGQWT0ygSSJJFIGthWYRWogMdMQA7QcSIfOWNVP93BVS:hSnJs8GLWp/MecP9KV13jS
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF1352b7.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1352b7.TMP
Size 7.8KB
Processes 2776 (powershell.exe) 2936 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 7858b76dbbcdba81_konni_종합소득세 해명자료 제출 안내
Submit file
Size 80.0KB
Type Hangul (Korean) Word Processor File 5.x
MD5 7f7fa98fee3cfd5b927a678e43574f4b
SHA1 3c887563af672f647dd70ed6086edf1fe24bb7f1
SHA256 7858b76dbbcdba815523522a0c2de4f5a7e6c5157052f2ca97b22402cbdb9ea0
CRC32 040725D3
ssdeep 1536:CoNqKYp5H9KYQuElyHmRdAHqUeLW6UMeUStd:mKYp5HkuLHqA0LWeFa
Yara
  • Win32_HWP_PostScript_Zero - Detect a HWP with embedded Post Script code
  • HWP_file_format - HWP Document File
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name 2b57c326086e224d_69506645.bat
Submit file
Filepath C:\Users\Public\Documents\69506645.bat
Size 649.0B
Processes 2776 (powershell.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 80340892727e2389e01d8e2766b62105
SHA1 78b6f4e99df74b6229d42632d998b588fec4dea6
SHA256 2b57c326086e224d3ba9c017062c4579987e7750aa9d0c36f5a345bd73396027
CRC32 5F50CE6C
ssdeep 12:0nt/ntM6+HPJNWyR9/JJaUPx/B0/QT0f8Q//G+drfy:0ntluxYyR9Zx/m/aYlG+Zfy
Yara None matched
VirusTotal Search for analysis
Name 5b7a59b118bb7f47_cuserdown.txt
Submit file
Filepath C:\Users\Public\Documents\cuserdown.txt
Size 374.0B
Processes 2068 (cmd.exe) 2596 (cmd.exe) 1316 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 7d7bdf5f044eb2ccfe184afc7b8da52f
SHA1 7efdc8f40f1fe4169d389d72fe0e7f4fdfe72546
SHA256 5b7a59b118bb7f4741fe088df2ea2823a9261ab0c9ee77c87af095b8d85b095a
CRC32 40EE8261
ssdeep 6:5eGTMQcOLYemQpZiPCVJSBZ3tVJSBZ3e7Ek/Greym4WhEk/Gz5cSUa:53TRVhLXVcBzVcB8YkuVZnkuz1Ua
Yara None matched
VirusTotal Search for analysis
Name 8d9b5190aace52a1_unzip.exe
Submit file
Filepath C:\Users\Public\Documents\unzip.exe
Size 164.0KB
Processes 2776 (powershell.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 75375c22c72f1beb76bea39c22a1ed68
SHA1 e1652b058195db3f5f754b7ab430652ae04a50b8
SHA256 8d9b5190aace52a1db1ac73a65ee9999c329157c8e88f61a772433323d6b7a4a
CRC32 B1B54384
ssdeep 3072:IeAGcNNwmlR2GNUbomMYMLnbtoKOmiNL2SJOUOhop:CvNNtWuYcqHmiNLOc
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 778e46f8f3641a92_Konni_종합소득세 해명자료 제출 안내.lnk
Submit file
Size 1.7MB
Type MS Windows shortcut, Has Description string, Has command line arguments, Icon number=0, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hidenormalshowminimized
MD5 19dc387bffdc0a22f640bd38af320db4
SHA1 ec3d029367e8d64b787a1c407ced8642929539da
SHA256 778e46f8f3641a92d34da68dffc168fdc936841c5ad3d8b44da62a7b2dfe2ee1
CRC32 E17E9E73
ssdeep 6144:DyKySJqsxxyq//Su0ScpS8vKaDJJhfYAjB:DyKDtyE/Su/F8vxdXf9
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name d892bfb7993866b5_14897.zip
Submit file
Filepath C:\Users\Public\14897.zip
Size 81.4KB
Processes 2776 (powershell.exe)
Type Zip archive data, at least v2.0 to extract
MD5 b4b934ea2bb46e87215164a9d67d1349
SHA1 a7305a6a3421bb38784f8d9ade4dabb105c20752
SHA256 d892bfb7993866b530ad7ccbd1af5bf65876f422bb9c3f3b64cf82589167590c
CRC32 53294913
ssdeep 1536:6aCk0xHv12dFyaD0YyAGLRWN/3qjtMdAkXYbqehJLiHJD50JKek6i9xOLI6hL/X:6aCpxHvAGaPGVljUJIbRhCJD50JHkzT2
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name d819b7460bcbe9d7_cuserdesk.txt
Submit file
Filepath C:\Users\Public\Documents\cuserdesk.txt
Size 423.0B
Processes 2068 (cmd.exe) 2596 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 f0eeed5ac7b4ce451ede07b4506e57da
SHA1 b7adcd86dd859d93bc9e911445350747ad6d6ca9
SHA256 d819b7460bcbe9d7c40b943f9f02a11e195583b4e44009aa3f1bd859f6c12fab
CRC32 6E754C1C
ssdeep 12:53TRVhzyyn0MNN0MNz7cEekrhVZUkrhz1Ua:VXIydLzwQph
Yara None matched
VirusTotal Search for analysis
Name 69d71d4a8b7bb368_39910263.bat
Submit file
Filepath C:\Users\Public\Documents\39910263.bat
Size 1.7KB
Processes 2776 (powershell.exe)
Type DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5 0d9bbd31d24b9f232fd72ff2c0b5c014
SHA1 58f0d01e237c31cd97f225b469426a3266dec809
SHA256 69d71d4a8b7bb3680d80d507002dd0d78ba0679352cd622533e3acf59018ed2e
CRC32 97526FBB
ssdeep 48:kFhPUdcDs+UXdYfxAL5M1SLGlXVOm5LRfwPvFRfn:UBU6ZQ288SRm5LpCvFpn
Yara None matched
VirusTotal Search for analysis
Name 76155c02227f1520_start.vbs
Submit file
Filepath C:\Users\Public\Documents\start.vbs
Size 419.0B
Processes 2776 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 c6fcb257314b0fcbcd5d811b265a3704
SHA1 0a0f574996a456add00785af2b7dfe7dc96367f2
SHA256 76155c02227f1520bd474d3f1192cae2e41c1b4ea1c0519cf91a5269b43de741
CRC32 99BD9327
ssdeep 12:ZMvA0GFlyGKbHyxMRz7RhRfevA0wMDqCoejUVC:ZYA5Fl2jyuRzVHfiA5AqReQVC
Yara None matched
VirusTotal Search for analysis
Name 0522c830d6899f16_cuserdocu.txt
Submit file
Filepath C:\Users\Public\Documents\cuserdocu.txt
Size 2.6KB
Processes 2068 (cmd.exe) 2596 (cmd.exe) 1952 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 c292e842114eb0a095461cdfb39506f7
SHA1 65318bc73d0efd1582a71fb974c701dca085ebf2
SHA256 0522c830d6899f1619de091fa5799ce71feaa29daac3fcac924b45cb0d7fe299
CRC32 D225DB4C
ssdeep 48:lVKdKFJKKNcDKBWd5DAsKHtDgK6UPKhyAKpk8FxrpKFgYzKmxjbO0lT7s5QuiKj2:tNcWWvkntDjHFlzcbLlT7s5QuFcKuaE
Yara None matched
VirusTotal Search for analysis