Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.18 05:01
Anzeige: IT-Sicherheit...
01.18 04:01
New tool: immutable.py...
01.18 03:01
U.S. Sanctions Chinese...
01.18 03:01
A Field Expedient Weld...
01.18 12:01
No Crystal Earpiece? N...
01.18 11:01
TikTok Says to ‘Go Dar...
01.18 10:01
‘Sneaky Log’ phishing ...
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...

Dropped Files | ZeroBOX

Name	5db35e7f4cb5b4ef_download.ps1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\download.ps1
Size	139.0B
Type	ASCII text, with CRLF line terminators
MD5	`a6de05cdbec33b772780114f0704cc8b`
SHA1	`25eba205fc29bb1cb40f10c07b3ad7281003d6da`
SHA256	`5db35e7f4cb5b4ef8a7838a3d672c2f4117c0c84e1579a8036ed8e5e2ce393e9`
CRC32	`87CF9DE0`
ssdeep	`3:eSIqvtwrWXLhzVv+m01dfdVCEXRJMBRAumWxpcL4E2J5xAIqRJMEy:euZzV703fS+RyBRAumQpcLJ23fqyZ`
Yara	None matched
VirusTotal	Search for analysis

Name	8e28ddc558064889_artwork.hta Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\artwork.hta
Size	16.8KB
Processes	2240 (powershell.exe)
Type	HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5	`b3a69d39ea2f074e520077721b475d51`
SHA1	`fe4ac7309f7e08b2fcd4f4005966548e35650154`
SHA256	`8e28ddc558064889072da509008e162887252a6237d305b528620508b450f725`
CRC32	`EA325F01`
ssdeep	`192:WqgAUxKcGb+e64JVHzWPUgPYL1eKfTQhDcqsOHQXhSnP:dgA/RFOf`
Yara	None matched
VirusTotal	Search for analysis

Name	39a11c035e6a1f32_main.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\main.bat
Size	154.0B
Processes	2484 (powershell.exe)
Type	ASCII text, with CRLF line terminators
MD5	`5508b50b110acf7a152316d5352da364`
SHA1	`2247bbb5df34280e3546b74497dd3df81d39bf44`
SHA256	`39a11c035e6a1f32241f5df20f55c035f6f61d19f946e5600019bbf9774ba37b`
CRC32	`5957E97C`
ssdeep	`3:oXeqNjMJJLNy1IMwNQqPJH0cVERAIrFnl1d99a:oXe2jIny1xQQO0cbA199a`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RFa68e5d.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFa68e5d.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	d6431d5645fffd05_d93f411851d7c929.customDestinations-ms~RFa69a06.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFa69a06.TMP
Size	7.8KB
Processes	2240 (powershell.exe) 2484 (powershell.exe)
Type	data
MD5	`260d23ce04a8f8555a73b7d2dc15e911`
SHA1	`ebad746fb7de847c50f7502a44f6e35534733efd`
SHA256	`d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588`
CRC32	`11D6B213`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis