popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 6a9368cdd7b3ff9b_irimg2.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG2.JPG
Size 36.7KB
Processes 2876 (CNHFzqf.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 166x312, frames 3
MD5 f6bf82a293b69aa5b47d4e2de305d45a
SHA1 4948716616d4bbe68be2b4c5bf95350402d3f96f
SHA256 6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0
CRC32 24A00A7C
ssdeep 768:S0jPDrkTYU5n10PIUcLbnkC59fNaeocQXiWN6hhm4gj0mVWQySgA1:RvqYe0PINLkC5Haeoik6HMHWQySgg
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name d97823e93491cb10_edge.xml
Submit file
Filepath C:\ProgramData\NPQsGdj8f\edge.xml
Size 76.5KB
Processes 2660 (rundll32.exe)
Type data
MD5 2fb1602191bacd5141f21b923b58c5cf
SHA1 50fed38715151d00d2192900ea72fe61a9aac479
SHA256 d97823e93491cb107d2c4f01d49a21347b3b841d016faba558ff89443c0bbcdd
CRC32 8CA4DD44
ssdeep 768:ORpWambJz8/3LBePqAQZksj73L0DvP/E9u7fVZ768Cn8CnIqSreZrUnhdxvv9NFL:OLYq/LUPmr0d7vqINreZqvDq5E5ax
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name 19ee8c6923c3137a_xshell 6 update log.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Xshell 6 Update Log.txt
Size 339.0B
Processes 2876 (CNHFzqf.exe)
Type ASCII text, with CRLF line terminators
MD5 adf511996b33fc6bc61f4345194c8106
SHA1 541385acdadc49ff37dac158b6d8b81270062c81
SHA256 19ee8c6923c3137a1940ebc2edf43761864ec28affd7fe740814bc8ac1ac22e9
CRC32 27B01016
ssdeep 6:8tqxqytt8GBN5oktqo6AbKiCmU4tqZi8tqxdWmcNVFAbtqxoeSp7xAQGrBv:U+1tFBrlJ6BifnWiU+d7J+odpljGrBv
Yara None matched
VirusTotal Search for analysis
Name 889958fab85c0a96_edge.jpg
Submit file
Filepath C:\ProgramData\NPQsGdj8f\edge.jpg
Size 358.7KB
Processes 2660 (rundll32.exe)
Type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 350x622, frames 3
MD5 8c3cfee0e4278e1d7fdccdcd402d6a0e
SHA1 4d63fae082538a1755dba8defa4dd4d4f3e81db9
SHA256 889958fab85c0a968fafd9491c944b1f8b5276641941ecefc25606d94eb74763
CRC32 5CFC21DF
ssdeep 6144:q+ACk/u6n9aBOmmD1oQFu0oOOxKnJPWyD9Dcqt1oFsxSqW7mb6:Z8u69CghoQxoOTFQqtKFYO7mb6
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 9e57c04bb6860f68_c12go.dat
Submit file
Filepath C:\ProgramData\NPQsGdj8f\C12go.dat
Size 132.2KB
Processes 2876 (CNHFzqf.exe)
Type Zip archive data, at least v2.0 to extract
MD5 94c32f68e457207b17c9947b81da1a0c
SHA1 5a6955598de076e045a19939bc35b40135270da4
SHA256 9e57c04bb6860f68749d280e1451a8af61ec8a3e857697161e26660778eb93b3
CRC32 A9F13841
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753xK:KV5o8LHcd8bMdD3iwuy75I
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name cfd9677e1c0e10b1_irimg3.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG3.JPG
Size 6.7KB
Processes 2876 (CNHFzqf.exe)
Type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 111x63, frames 3
MD5 e39405e85e09f64ccde0f59392317dd3
SHA1 9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b
SHA256 cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f
CRC32 C9F4FE19
ssdeep 192:EqK9OIJV7hREPQEOPdivlu54UovmNqg0aB0kOI:EJIIJVcPQEOEvMJoON/0aBwI
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 6bdf66b5bf2a44e6_del
Submit file
Filepath C:\del
Size 3.0B
Processes 2876 (CNHFzqf.exe)
Type ASCII text, with CRLF line terminators
MD5 bc949ea893a9384070c31f083ccefd26
SHA1 cbb8391cb65c20e2c05a2f29211e55c49939c3db
SHA256 6bdf66b5bf2a44e658bea2ee86695ab150a06e600bf67cd5cce245ad54962c61
CRC32 927708A1
ssdeep 3:cn:cn
Yara None matched
VirusTotal Search for analysis
Name 76193ae408f688ab_CNHFzqf.exe
Submit file
Filepath C:\ProgramData\NPQsGdj8f\CNHFzqf.exe
Size 525.6KB
Processes 2660 (rundll32.exe) 1964 (cmd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 c84310b8d63e880360f7c0e7c86fb2b2
SHA1 4c91c39224d091f89471d464ea56e34873893230
SHA256 76193ae408f688ab58744bb28ee738d62cfc53f443578ceb587c8ae2f3ae94e6
CRC32 B207EDBA
ssdeep 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7j0:4thTiP+ffCfB5Lf0F7Z1E7j0
Yara
  • UPX_Zero - UPX packed file
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 0259c6165498b5e2_cnhfzqf.dat
Submit file
Filepath C:\ProgramData\NPQsGdj8f\CNHFzqf.dat
Size 132.2KB
Processes 2660 (rundll32.exe)
Type Zip archive data, at least v2.0 to extract
MD5 8e900e8395bca7afcd7c0c87ee9547f7
SHA1 e3f9076668c7a37c81a92d19bf81aa146cce69a3
SHA256 0259c6165498b5e239b7c3a905d83fa9c6366515d81861efa353a16a162bafa8
CRC32 57CE2D01
ssdeep 3072:KV5ghImOLzHHcTzmK80URMQ+D3ityYiuEB753xy:KV5o8LHcd8bMdD3iwuy750
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name c221b0cde26687f5_c12go.exe
Submit file
Filepath C:\ProgramData\NPQsGdj8f\C12go.exe
Size 525.6KB
Processes 2876 (CNHFzqf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 2b406947d562103d40754460cbbef698
SHA1 14762ed02afa7b6b43dde6bb6755944ceea5c977
SHA256 c221b0cde26687f56d987e0e059aa53aa5db1f56df56db616c14020311f9a990
CRC32 7E2D431F
ssdeep 12288:4NrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7jc:4thTiP+ffCfB5Lf0F7Z1E7jc
Yara
  • UPX_Zero - UPX packed file
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c507a68f3093e885__tuprojdt.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_ir_tu2_temp_0\_TUProjDT.dat
Size 5.0B
Processes 2876 (CNHFzqf.exe)
Type ASCII text, with no line terminators
MD5 c5fe25896e49ddfe996db7508cf00534
SHA1 69df79bef9287d3bcb8f104a408b06de6a108fd8
SHA256 c507a68f3093e885765257ed3f176c757aaf62bb4cbc2ef94b2e7da3406d9676
CRC32 BE34E996
ssdeep 3:FQFn:En
Yara None matched
VirusTotal Search for analysis