Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.19 05:01
Anzeige: Microsoft-365...
01.19 03:01
TikTok Goes Dark in th...
01.19 03:01
A Look Inside a Modern...
01.19 03:01
Apple, Google Remove T...
01.19 03:01
How to Get Around the ...
01.19 03:01
[사전규격공개] 2025 APCERT 국...
01.19 12:01
시몬스 침대, 카카오톡 선물하기 통해 설...
01.19 12:01
Zero Trust and Entra I...
01.19 12:01
Stealth AirTag Broadca...
01.19 12:01
US TikTok Users Get No...

Dropped Files | ZeroBOX

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RFefe302.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFefe302.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	8a9235655b1a499d_dllhost.exe Submit file
Filepath	C:\ProgramData\Dllhost\dllhost.exe
Size	62.0KB
Processes	2564 (Installer.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4aa5e32bfe02ac555756dc9a3c9ce583`
SHA1	`50b52a46ad59cc8fdac2ced8a0dd3fceeb559d5f`
SHA256	`8a9235655b1a499d7dd9639c7494c3664e026b72b023d64ea8166808784a8967`
CRC32	`8E7E3EE7`
ssdeep	`768:+vfLyCdU0puufOIK1Nekmd52a3bCnP2PmxeETwM:+3LE0pu59ikmdYebCnO+xeEsM`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	9ef2e8714e85dcd1_winlogson.exe Submit file
Filepath	C:\ProgramData\Dllhost\winlogson.exe
Size	7.9MB
Processes	2564 (Installer.exe)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`4813fa6d610e180b097eae0ce636d2aa`
SHA1	`1e9cd17ea32af1337dd9a664431c809dd8a64d76`
SHA256	`9ef2e8714e85dcd116b709894b43babb4a0872225ae7363152013b7fd1bc95bc`
CRC32	`04A4594C`
ssdeep	`98304:ZLsUYfB9pOp/BWLbrkShfa+XQD/YPLTDtU5SXXMQHJw7ZB87TtIeUK+MzfL7cybS:Kgp/NQ7rfWOlb1paSbkJFsxfKLNIS`
Yara	Malicious_Library_Zero - Malicious_Library XMRig_Miner_IN - XMRig Miner Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	4ed1c0b9af10c6a8_file_1.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_1.zip
Size	9.4KB
Processes	2420 (7z.exe) 2084 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`e12b7f891dde680e5950ce87df5455fb`
SHA1	`2b1a3d9e8c6f77f3604fdcbb036ba157cce9daee`
SHA256	`4ed1c0b9af10c6a8c90c4e656de8f2aea25858f9f2e9df1f4640649450db95cd`
CRC32	`0FEF8F1A`
ssdeep	`192:3WYMbvNEtUYbJKswhiy4yf7bwIQW8usccfNN1hyUOLKveKuH:mYOvXYbJshiTyf2YcfNRrOL+eKuH`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	64929489dc8a0d66_killduplicate.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\KillDuplicate.cmd
Size	222.0B
Processes	652 (conhost.exe)
Type	ASCII text, with CRLF line terminators
MD5	`68cecdf24aa2fd011ece466f00ef8450`
SHA1	`2f859046187e0d5286d0566fac590b1836f6e1b7`
SHA256	`64929489dc8a0d66ea95113d4e676368edb576ea85d23564d53346b21c202770`
CRC32	`F14E4A56`
ssdeep	`6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3`
Yara	None matched
VirusTotal	Search for analysis

Name	344f076bb1211cb0_7z.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\7z.exe
Size	458.0KB
Processes	652 (conhost.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`619f7135621b50fd1900ff24aade1524`
SHA1	`6c7ea8bbd435163ae3945cbef30ef6b9872a4591`
SHA256	`344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2`
CRC32	`085DB415`
ssdeep	`6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V`
Yara	Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	3d7df2ab3035b67f_file.bin Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\file.bin
Size	1.6MB
Processes	652 (conhost.exe) 2084 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`1ae10fd8ae5314f4034d0b08f1cb86eb`
SHA1	`276a63551092638c5f7468648928a994a27b3447`
SHA256	`3d7df2ab3035b67f9770785350cf8cb9bc6c6c396166f59055430fa003c49b43`
CRC32	`1AD978F1`
ssdeep	`24576:6L51CeEM2ICdYzX7PqoBsEegmrTYo0yT75lP8/uR9f9ir4GDZv8Qxkl84h85q:6LHCPICELqob6rR7TVth9Mr7Fv8QOT`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	20b2dd95c812adce_file_5.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_5.zip
Size	1.6MB
Processes	2212 (7z.exe) 2084 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`f23275793fbdcd6d6ad91221dd482799`
SHA1	`daee133d2b751668ff7dbe2d1fabb0fc25ac8b39`
SHA256	`20b2dd95c812adcedf04e5ca14b9e90ec047df4bff8bcffaae4f3eed1d789be1`
CRC32	`0D184617`
ssdeep	`24576:vbI/7AAb+JQl3Vd02kOC/l5X4/KiROMdWbBkDC6SX39qbwK1ZNKdvLIJvQ27m:vujCK3D0AC/l5mwbBkDWYb1ZN4UJ9K`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	26d81f5d1ac64ffe_Installer.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\Installer.exe
Size	21.0KB
Processes	2468 (7z.exe) 2084 (cmd.exe) 652 (conhost.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8094e61800a5461f723754cda0d85aa1`
SHA1	`1250dc65a0861507d8885d3a404b9c71a3fa306d`
SHA256	`26d81f5d1ac64ffe6fd03f77030b99c890194a0affa5c34fb2e0c20f4add6353`
CRC32	`DA6B90C1`
ssdeep	`384:LbjjHZQ3N+ofJHFrybCN906pXtM5PFNwN9zmyJv15/uflWrynX:LbjjHe3PBgbGqBFNwVrN8`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	34ad9bb80fe8bf28_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\7z.dll
Size	1.6MB
Processes	652 (conhost.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`72491c7b87a7c2dd350b727444f13bb4`
SHA1	`1e9338d56db7ded386878eab7bb44b8934ab1bc7`
SHA256	`34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891`
CRC32	`D5226149`
ssdeep	`24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT`
Yara	Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	25cec4e32cc2e86b_logs.uce Submit file
Filepath	C:\logs.uce
Size	338.0B
Processes	2564 (Installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`c4e6fbc8b16569c2153a29213e395e96`
SHA1	`c24d2fea561334ae4e42a857b31a94fe89eee5b9`
SHA256	`25cec4e32cc2e86b8fe114d200c3f865bc08a8a1f8fc1ed1cbae1be058117c2f`
CRC32	`5832DC38`
ssdeep	`6:DiYgE/ovKDMcPmriYgE/ovKDMcBCrT5fhXNMLwvW64WkklDVQxBfVeAKS3/y:uwgyXmGwgyoH55WwGCSxxcAfy`
Yara	None matched
VirusTotal	Search for analysis

Name	496645b31890b89f_file_4.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_4.zip
Size	9.8KB
Processes	2276 (7z.exe) 2084 (cmd.exe)
Type	Zip archive data, at least v1.0 to extract
MD5	`e4e6029fb1592f4b0d980a1da68001b1`
SHA1	`c67a1c93cb37f2ab3b99baeb3ff24def54a25519`
SHA256	`496645b31890b89f1c580fb67de0e17fd941c856bdc90baeabd71c5b1ae297af`
CRC32	`2C3EA79A`
ssdeep	`192:dis6lWBkEk6TXxC7FuNn9JzD2Bk9XoA9olaBVTLQi+bqwWb/9h53/9vCnYWMJG:8DlWfNMwzzCClo2oYbXb+FQ/R9UZ`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	f13f5eee8887618b_file_2.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_2.zip
Size	9.5KB
Processes	2372 (7z.exe) 2084 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`e1cd221e697ce29ca70f2c689213153d`
SHA1	`3c875cd14fe3134a28eb1d83982422b696ef802b`
SHA256	`f13f5eee8887618bf50ac16689866c4a6dc94e61ac5a27b941c07e2a6aff849b`
CRC32	`E3CA6DCC`
ssdeep	`192:XnD6WlGKVF7iWSyk9y3AIVRUZVYt9xuhUXjB7rIXuDvvYZiI0Uu2wAA+FnNTKx:XOWjuWSSwI8ZVYou9YsEXJNNTe`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	2b52cea36c8238b9_file_3.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_3.zip
Size	9.7KB
Processes	2324 (7z.exe) 2084 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`8631891243067625145a9fba7f2a15b6`
SHA1	`772c3baa15bdde6072af2b11c4561fe65bb0f8a4`
SHA256	`2b52cea36c8238b91b4874dcdaef6cecdcae55697b10e88557e107ecc7ab3757`
CRC32	`57A833D2`
ssdeep	`192:Ls6lWBkEk6TXxC7FuNn9JzD2Bk9XoA9olaBVTLQi+bqwWb/9h53/9vCnYWMe:LDlWfNMwzzCClo2oYbXb+FQ/R9UX`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	77d349afa0f3690f_AntiAV.data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\AntiAV.data
Size	2.1MB
Processes	2276 (7z.exe) 2084 (cmd.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`a217b3a8813052306f4f2b0a9ac1dfd7`
SHA1	`f3f3bd5fb49a50a057abc23ff66ed9663fce7251`
SHA256	`77d349afa0f3690f56a9c55f2ab3daf74f5cbecf8df33682e469ce1638cde633`
CRC32	`79D03CF1`
ssdeep	`24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xd:R9kqGu7okoZscCnf0/Zs9A`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	172a4b8e026cdd32_main.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\main.bat
Size	476.0B
Processes	652 (conhost.exe)
Type	Little-endian UTF-16 Unicode text, with no line terminators
MD5	`4fd8c0be3d5734a0efec73ad50927f94`
SHA1	`9c7e04c72e448804b0d2bc76d94e7646d16aefb9`
SHA256	`172a4b8e026cdd3274d4f494528a7b8193dab2b5d8a5bbc2a19d7f997661cf98`
CRC32	`CB07F20E`
ssdeep	`12:QUp+CF16g64CTFMj2LIQLvVJHWY4CVGrMLvmuCCgXjgrXgX78agXrrEOXUigXY:QUpNF16g632CkeVFWNCVGYTtS0rXS78F`
Yara	None matched
VirusTotal	Search for analysis

Name	11bd2c9f9e2397c9_winring0x64.sys Submit file
Filepath	C:\ProgramData\Dllhost\WinRing0x64.sys
Size	14.2KB
Processes	2564 (Installer.exe)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`0c0195c48b6b8582fa6f6373032118da`
SHA1	`d25340ae8e92a6d29f599fef426a2bc1b5217299`
SHA256	`11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5`
CRC32	`6B0323EB`
ssdeep	`192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	1ade60fc2bdc1907_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2848 (powershell.exe)
Type	data
MD5	`ef3575ad3950640cf614ee8d95c41fe0`
SHA1	`1cf165dba5cbeba7f1f0ced64336fd92fb583dc0`
SHA256	`1ade60fc2bdc1907fc58ea0df2a8e6b00f4e91ad7377caca77e84546f06dc95a`
CRC32	`A5D1DD3E`
ssdeep	`96:YtuCeGCPDXBqvsqvJCwodtuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:YtvXodtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis