popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 77c7c10b4c860d5d_gpt.ini
Submit file
Filepath C:\Windows\SysWOW64\GroupPolicy\gpt.ini
Size 11.0B
Processes 2756 (Ms6gVLaCMj3QjsT0nxwUAzQV.exe)
Type ASCII text, with CRLF line terminators
MD5 ec3584f3db838942ec3669db02dc908e
SHA1 8dceb96874d5c6425ebb81bfee587244c89416da
SHA256 77c7c10b4c860d5ddf4e057e713383e61e9f21bcf0ec4cfbbc16193f2e28f340
CRC32 E4327249
ssdeep 3:1EX:10
Yara None matched
VirusTotal Search for analysis
Name 1ee283d02c2cee9d_x7v28_ox_gskhd1q9ew3anpz.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\x7v28_ox_gsKhD1Q9EW3AnPz.exe
Size 174.0KB
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d294573f2aaae02014ce1730ddc546a0
SHA1 97faab95d3b1535cb5441b9442abc61e5ca04aaa
SHA256 1ee283d02c2cee9d287138428403031afcd663f670439f95e5f37f1db55d5723
CRC32 FFAB2E3C
ssdeep 3072:fwbyHkk8I0Jc3Adm3gCzO5ee1UkMlE06ZdlgmJY8e8hm:Ybi8I0GCCgzMlE0agme
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • RedLine_Stealer_b_Zero - RedLine stealer
  • ConfuserEx_Zero - Confuser .NET
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_10988187
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\__tmp_rar_sfx_access_check_10988187
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 893.0B
Processes 2540 (Services.exe) 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type data
MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32 1C31685D
ssdeep 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
Yara None matched
VirusTotal Search for analysis
Name 3c8cc37a98346bd0_qyfjl2myt6qjym_635asmf8k.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\qyFjl2MYt6qjym_635ASMf8k.exe
Size 564.0B
Processes 2760 (U_WUTTisAZX3VLe2b40_scVK.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 5da4c1420f84ec727d1b6bdd0d46e62e
SHA1 280d08d142f7386283f420444ec48e1cdbfd61bb
SHA256 3c8cc37a98346bd0123b35e5ccd87bd07d69914dae04f8b49f61c150d96e9d1f
CRC32 3549B62A
ssdeep 12:TjeRHVIdtklI5rRCNGlTF5TF5TF5TF5TF5TFK:neRH688lTPTPTPTPTPTc
Yara None matched
VirusTotal Search for analysis
Name 2967f5018fdd2c25_u5uc9en5niliouw0y1e0qzqw.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\U5Uc9En5niLiOuW0y1E0qzQw.exe
Size 297.9KB
Processes 2760 (U_WUTTisAZX3VLe2b40_scVK.exe)
Type HTML document, Non-ISO extended-ASCII text, with very long lines, with LF, NEL line terminators
MD5 7fde7ecb57578cb5d86f1a609c0ae96b
SHA1 6be02058510f3a1a688ddf52d4961ed333a0cb56
SHA256 2967f5018fdd2c25ed160a6ce91ffb7be599269ae5c1a6c99562bf92aa65a5f3
CRC32 B7A55898
ssdeep 3072:GxQrtFywoHqRYiFDV9pvjg3DI770EfIFS:mQTYiFD5oDZS
Yara None matched
VirusTotal Search for analysis
Name 1912f8c1f0a5dd46_epogquot1mnp1nqso8hayw46.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\EPOgquOT1MnP1nqso8haYw46.exe
Size 2.3MB
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c8cd02c89bd0631d945a49fd501321c8
SHA1 0fc6166a10bd9a84513d8f97648f58229484e0b8
SHA256 1912f8c1f0a5dd463439046ddfce05897791e25cf1216ec428a3b3bb9a2c4333
CRC32 67FCD81F
ssdeep 49152:8cbi66GZZQMVwQt99ZCdMYATZeCK6Dy3FY1mXCL:8cb0GTFwQtfoVw4V1Y8XI
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 7d61b2faaa4ca4c6_u_wuttisazx3vle2b40_scvk.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\U_WUTTisAZX3VLe2b40_scVK.exe
Size 3.5MB
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 eede39c7c0198e86a3b75d2b8af77201
SHA1 b4545ddfbf9a70674a3f28aafe7abf7b4828b9f1
SHA256 7d61b2faaa4ca4c6a3ace89ab8a514c1d928492f4e41552b0386ccf7506d6727
CRC32 CCD6C80F
ssdeep 49152:WAzCMQRS6jNdVRZLYZZtuafWNoG1wCUAKhj8VnF1Ij86+wI6BN8qKpmPsTuwV8:FOI8qZUV
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 2fa6f26d215f42b9_ms6gvlacmj3qjst0nxwuazqv.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\Ms6gVLaCMj3QjsT0nxwUAzQV.exe
Size 4.6MB
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b2a513ee625127c99a4792663a71095d
SHA1 a924fe86eded901b548aa97f7fafa2a8b9b95ecd
SHA256 2fa6f26d215f42b9a7396fe2e8aa3c3b82896009dbd920bd47899cd7f0ae2d4e
CRC32 055D4598
ssdeep 98304:8SfiNKxaPquIEC6Br0vyJNEDM/Y5EaaBuCR2+MCou5:8PN6wquldBoyqDMw5BaBPR2Qh
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • VMProtect_Zero - VMProtect packed file
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 5206d37a69a0130e_registry.pol
Submit file
Filepath C:\Windows\System32\GroupPolicy\Machine\Registry.pol
Size 6.2KB
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe) 2760 (U_WUTTisAZX3VLe2b40_scVK.exe)
Type data
MD5 f7753b0615ef6ee36277c1424efe3fd3
SHA1 17ce336910f42ac985d14b9df428d4e1bdfea3c3
SHA256 5206d37a69a0130e9825ea711f16ca227bf29c489656f262d934c468c8317ad2
CRC32 2ADBD390
ssdeep 192:FlRRCDN74hvoD5KL0+fLfYT7C0IhYY4WwDikcAzXEg:nRRCDN74hvoDEL0+fLf27C02YY4WwDig
Yara
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 1bab05c17c2c2d9c_vvtqr9k.va3
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\VvTQR9K.VA3
Size 2.0MB
Processes 1536 (EPOgquOT1MnP1nqso8haYw46.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 5013430b125c314012a6c389e30c310c
SHA1 af647d39058f1c073b2ba0703966bb09f1955af7
SHA256 1bab05c17c2c2d9c1f7ec69d65a2eeca0d46a28fad01258957433b115f1ba789
CRC32 EC897460
ssdeep 49152:ZBRYZZ6yTo4tpJZUPAgGjbIegGlKZl8ZuXG:ZBRYTRo4tP6DgCPv8EX
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a09f5650cad15d08_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 252.0B
Processes 2540 (Services.exe) 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type data
MD5 fa34da407221a6b34e6b42f012f6756b
SHA1 1743c027301cfa33950c427c6636992dd3e14f4b
SHA256 a09f5650cad15d086fa81123cea00bc82dc441f9cb82b168b7a09d6831e0fa8b
CRC32 ED2DC81C
ssdeep 3:kkFklv2PkfllXlE/zwEkhlHllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8VbAlF:kKBJwrlXliBAIdQZV7IpAhx
Yara None matched
VirusTotal Search for analysis
Name 27ebaefdd1df1dc0_1goamuvxzoki5mymyhf8xuu4.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\1gOAmuVXzOKI5MyMYhf8xuu4.exe
Size 297.9KB
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type HTML document, Non-ISO extended-ASCII text, with very long lines, with LF, NEL line terminators
MD5 ac56e41d65e1032e466066624a264631
SHA1 6beceb046844ada93c5d5f2100c67d596c8216b2
SHA256 27ebaefdd1df1dc007869c8fb6073b70981239ab777a159a01fdf7bb263128fa
CRC32 0EE79584
ssdeep 3072:GVQqtFywoHqRYiFDV9pvjg3DI770EfIFS:CQcYiFD5oDZS
Yara None matched
VirusTotal Search for analysis
Name 32b12870377c037f_gpt.ini
Submit file
Filepath C:\Windows\System32\GroupPolicy\gpt.ini
Size 272.0B
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe) 2760 (U_WUTTisAZX3VLe2b40_scVK.exe)
Type ASCII text, with CRLF line terminators
MD5 37b4ee91e8f524e52694eed338b5308f
SHA1 0e6cdb33be26b3c9ff3ddc905c5949e8cdce3dc9
SHA256 32b12870377c037fb0b8446c4a7fea17538dc212f07cd53229eea4bd74febff9
CRC32 462ACDB9
ssdeep 6:1WsMzYHxbnvEcvg+5Rnn3jPMzYHxbnPonn3k:1q0Hxbnt4v0HxbnX
Yara None matched
VirusTotal Search for analysis
Name 50ea6c698e72e13b_xk9ze3cf0cb9ghlsdnfq7rmz.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\Xk9zE3Cf0Cb9GHLSDNfQ7RMz.exe
Size 17.0B
Processes 2760 (U_WUTTisAZX3VLe2b40_scVK.exe)
Type ASCII text, with no line terminators
MD5 c965aa525ae4cfbc3b45c6b7e9271a59
SHA1 3a84d4c1c9277173b530263107af4caf1f61213f
SHA256 50ea6c698e72e13b8132b66bbca9479b7f4815ebb2f8adb3ca1cfec79523107e
CRC32 1C78BB2E
ssdeep 3:Obyo:ObV
Yara None matched
VirusTotal Search for analysis
Name 4783fc4f4ed6a876_ksido1g7b2ov3jxyszx1v2jg.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\kSIDO1g7b2Ov3jXySZx1v2JG.exe
Size 341.0KB
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 3b38c93118c32440bfc36187a4ecce64
SHA1 485f5825ee4cb49492ca36410b737d91973f1987
SHA256 4783fc4f4ed6a876ff887fc38439c73dd43efc437037d03243c8c4dfb198df25
CRC32 619969D1
ssdeep 6144:BspZyqt0cf1493z1I0Gp4W1l28bM6o2N1acTi:tqbN4xCp728bM6oJ
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • RedLine_Stealer_b_Zero - RedLine stealer
  • ConfuserEx_Zero - Confuser .NET
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 677740e54ae7f407_svrstvhmzubinyovatf1likj.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\sVRSTvhMzuBInyoVatf1LIkj.exe
Size 7.3MB
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0f6897e316e65dfe9a4cfe8d23e1c735
SHA1 87ad9e42d6ad0d14db374015bb101a660574fa11
SHA256 677740e54ae7f4070bd91506e752d3fc1b481b6d52fbc205ddcd9cc17a7404dc
CRC32 CEC7F04B
ssdeep 196608:91O9OXU7oivvLdGvc2uQfBLoB19FKZSGTXyZ+1v/h3IP6o3PBp5V:3O973pG02uQpLW84iv/h4io3JV
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 4458a9df5275bedd_qubgmonm2gxiknuzhrcgvo8v.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\qUbgMoNM2GXIKNuZhrcGVO8V.exe
Size 198.0KB
Processes 2760 (U_WUTTisAZX3VLe2b40_scVK.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f0033521f40c06dec473854c7d98fa8b
SHA1 28dadfe642a0c308e1f744b0d87a6d22dd6cd55a
SHA256 4458a9df5275bedd921127f4ff9dc63d4ac107f2e89cf46969e96f4c43d9f93e
CRC32 FC78977C
ssdeep 3072:7+3Z999+G2SeLaTkactpzQx6jvYESNtGkau5gf7oX7Uy+wXnfnPjt:7+H9wieuk1BQMjqNUtu5gToBv
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name f7480141db0a38a8_hqwrtbvrg6jo8voby_voyzir.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\hqwRTbVrg6JO8voBy_voyZiR.exe
Size 5.8MB
Processes 2760 (U_WUTTisAZX3VLe2b40_scVK.exe)
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 d62bca8ebcc022080e830b1d43ec5a54
SHA1 2f8a674018d994f88261f6fab9a6312d9a52b27f
SHA256 f7480141db0a38a8f9e44ecf304637c93ece31b915e40d0bed63e1ce7a424ed3
CRC32 F7E534DF
ssdeep 98304:mM2qHjL8DDXStJMWttn5X3IjLTyy4GvCEpeT0lPVvqgYJvsPvl:m7qHSjgJ63HpeuVigYJovl
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 87017e97eb4fc88b_nptrtthin9wndsragmvs3n2g.exe
Submit file
Filepath C:\Users\test22\Pictures\Minor Policy\nPtRtTHIn9wndsrAGmvS3n2G.exe
Size 1.3MB
Processes 2780 (qZa2Z7Puv7E4iAuW3ONvhvPf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4969a9ec9eedc8ab459840de03e2f46e
SHA1 83f3b892d15fb38a922ac4500d254ac71cb904d9
SHA256 87017e97eb4fc88bb1f6a47bce914c383967c34c54ecefc1c2cd496db63de86f
CRC32 03C1100C
ssdeep 24576:9wXmDMFmerDJJr2ZVUpxPSBMBLNNY2UPIbAN4UtaDqcAgd6FWl1+I2gJgsQYKgmC:OjrDJJr2HCFNNYhPIbAN4UtaDqcAgd6A
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9f35bb451e3794d1_qza2z7puv7e4iauw3onvhvpf.exe
Submit file
Filepath C:\Users\test22\Documents\qZa2Z7Puv7E4iAuW3ONvhvPf.exe
Size 7.4MB
Processes 2540 (Services.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 e8e7a7c1a9b0aba35338c2de4d4bd0af
SHA1 84990f11424f6f1e463ee83892ce5a69da268b86
SHA256 9f35bb451e3794d1c641e8814946ca28f4cb9366dd826482e3f8e04a07518c8d
CRC32 3E69D2C4
ssdeep 196608:0FSs/w672AkrAwPXI7aZudOhR3tRUe8Ai6VRQQafRQ:0FSsDqAkTPXunMh1nUMi6VRQ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • VMProtect_Zero - VMProtect packed file
  • IsPE64 - (no description)
VirusTotal Search for analysis