popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name cdd2555d3f8b3df2_is64.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is64.bat
Size 183.0B
Processes 3004 (7Qv4re94.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 427cf31bbad030ad906899a62d107aab
SHA1 87075dafb0cd8837ac31019a4f3fa06c649ffdcb
SHA256 cdd2555d3f8b3df2f8f13294a0de0483127e612b27d8276693075ac1afac0bf6
CRC32 3B541B1D
ssdeep 3:mKDDfiU2mwc4a7MfEmRPmWxpcL4E2J5xAIzTRlcYBKwc4aliCowHumWxpcL4E2JF:hGvmcayRPmQpcLJ23fzdlcYBKca68umc
Yara None matched
VirusTotal Search for analysis
Name f1b2f662800122be_is64.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is64.txt
Size 3.0B
Processes 3004 (7Qv4re94.exe)
Type ASCII text, with CRLF line terminators
MD5 a5ea0ad9260b1550a14cc58d2c39b03d
SHA1 f0aedf295071ed34ab8c6a7692223d22b6a19841
SHA256 f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04
CRC32 8F93C1E6
ssdeep 3:p:p
Yara None matched
VirusTotal Search for analysis
Name 08e33db08288da47_avusfm8ijqefpiy.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\aVUSfm8IjQeFpIY.exe
Size 219.0KB
Processes 2532 (AppLaunch.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4bd59a6b3207f99fc3435baf3c22bc4e
SHA1 ae90587beed289f177f4143a8380ba27109d0a6f
SHA256 08e33db08288da47bbbe3a8d65a59e8536b05c464ba91dc66e08f9abd245e236
CRC32 8D866B65
ssdeep 6144:DEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:DE32xpoaxBFg1ugMeS
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 4cf5b584cf79ac52_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 2912 (explothe.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 e913b0d252d36f7c9b71268df4f634fb
SHA1 5ac70d8793712bcd8ede477071146bbb42d3f018
SHA256 4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da
CRC32 3D1216D0
ssdeep 1536:Ro4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU19aB89p:RoUCWbBNpplToUs1uNhj25LJU/aB89p
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Win_Amadey_Zero - Amadey bot
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 5f3c80056c7b1104_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 273.0B
Processes 2912 (explothe.exe)
Type HTML document, ASCII text
MD5 a5b509a3fb95cc3c8d89cd39fc2a30fb
SHA1 5aff4266a9c0f2af440f28aa865cebc5ddb9cd5c
SHA256 5f3c80056c7b1104c15d6fee49dac07e665c6ffd0795ad486803641ed619c529
CRC32 D879A09E
ssdeep 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knaGjEcXaoD:J0+oxBeRmR9etdzRxGezH0qa5ma+
Yara None matched
VirusTotal Search for analysis