popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 77c7c10b4c860d5d_gpt.ini
Submit file
Filepath C:\Windows\SysWOW64\GroupPolicy\gpt.ini
Size 11.0B
Processes 2780 (1Nq26Xn2.exe)
Type ASCII text, with CRLF line terminators
MD5 ec3584f3db838942ec3669db02dc908e
SHA1 8dceb96874d5c6425ebb81bfee587244c89416da
SHA256 77c7c10b4c860d5ddf4e057e713383e61e9f21bcf0ec4cfbbc16193f2e28f340
CRC32 E4327249
ssdeep 3:1EX:10
Yara None matched
VirusTotal Search for analysis
Name 7925aebcf945d8a9_1nq26xn2.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP003.TMP\1Nq26Xn2.exe
Size 1.6MB
Processes 2736 (oZ1qj16.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bdef747635b4a4e7a56d2ce06b76539e
SHA1 6194de6f92dc7aa0f5a3d5abf16baadddea57048
SHA256 7925aebcf945d8a976c026b95fb6dc129f325b9c8f22a0d1cc62511ba1317f26
CRC32 E7579023
ssdeep 49152:qWg8wUmZOzqiavjDUJO/WH89ctcO0ljbbQnIQGotBKq48TJCHEGU42sn6:ZiUmZOzqiavjDUM/WH89y8bboGO
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name b5724c6476197a89_4ug313si.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP002.TMP\4Ug313si.exe
Size 2.8MB
Processes 2668 (ES1Kk28.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 94863d24bc2e95b94475f7c594f917f6
SHA1 8af26b86e9d0bca7c93f332c0c563ca5992bdb5b
SHA256 b5724c6476197a89469b05652de06f89cc7cc205593dc8294308d55215b398b3
CRC32 2C85FDE0
ssdeep 49152:i5HujWG4mHEac1quML3i30mIDu8Ldo8o0Ny/6GG9eoGHiKWHmNq:uAc18yEmIDu8Ldo8o0N+6GRoGHiXmA
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 92bbaf30871bd32d_gpt.ini
Submit file
Filepath C:\Windows\System32\GroupPolicy\gpt.ini
Size 272.0B
Processes 2780 (1Nq26Xn2.exe)
Type ASCII text, with CRLF line terminators
MD5 7d7b2946708e5254b8996d3ae964e0a7
SHA1 01e350de5cf78dd1ba5e8686fee884ff0f240e95
SHA256 92bbaf30871bd32d6fe34a6df757ad8acd375552918a80c45c935091c9df729e
CRC32 71B0380C
ssdeep 6:1WsMzYHxbnvEcvg+5Rnn3jGoanMzYHxbnPonn3k:1q0Hxbnt4UaM0HxbnX
Yara None matched
VirusTotal Search for analysis
Name 16187ff9b5096b21_D87fZN3R3jFeplaces.sqlite
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\posterBoxmXbLa1VjR4mS3\D87fZN3R3jFeplaces.sqlite
Size 5.0MB
Type SQLite 3.x database, user version 69, last written using SQLite version 3038003
MD5 837705c24eaa032145b6f82119af4eea
SHA1 7d38a13b37105ef0f6c24c585de581949616f32c
SHA256 16187ff9b5096b217d405d1492c115a096f8d63d72befbf5851e19b61581f857
CRC32 8BF87D31
ssdeep 192:StsqHQnwkYjcoBMc+uK6ik4QtjJz3ig48pp0:StsbwVTBMc+uK6ikPpJz3E8
Yara None matched
VirusTotal Search for analysis
Name 7f1fa4f280d27c58_rise131m9asphalt.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\rise131M9Asphalt.tmp
Size 13.0B
Processes 2780 (1Nq26Xn2.exe)
Type ASCII text, with no line terminators
MD5 c83f9ea3d24f03ee810e46a2f55bae5c
SHA1 80a370932cbcfa6d358404e3732a4a7972ad2354
SHA256 7f1fa4f280d27c5848366aab5242c041a168e2a11622ab6997a0f42d703cbaea
CRC32 1D187A6E
ssdeep 3:L+cQVXvW:fQVXO
Yara None matched
VirusTotal Search for analysis
Name 6ec02bf359dfb946_3oo90od.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP003.TMP\3Oo90Od.exe
Size 37.4KB
Processes 2736 (oZ1qj16.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6592123301893fc56ffe132f2205e04c
SHA1 e4bc69a6ad54928953449bd5f6841ea0bb8446f5
SHA256 6ec02bf359dfb9461cd843c56326ad30fb67754fb39f2c954a5c55785e90464b
CRC32 4517C423
ssdeep 768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • win_smokeloader_auto - Detects win.smokeloader.
VirusTotal Search for analysis
Name cb4beb893326ab07_es1kk28.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\ES1Kk28.exe
Size 1.7MB
Processes 2600 (PH6mE54.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b02f4183892e7b7dfb7c8e9e24ef49f5
SHA1 89a9cc03b700121bab737d6f66396e370e131f59
SHA256 cb4beb893326ab077e1978bdc827fa0e8f2e564192aba45f3162bcda7aedbce5
CRC32 E6D9D85B
ssdeep 49152:+CLrc8AGFBWIUezGVvsjhsG3/eDW4jHQNhF:7wIoLDE0QN
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 826172f90aa17ba8_registry.pol
Submit file
Filepath C:\Windows\System32\GroupPolicy\Machine\Registry.pol
Size 6.2KB
Processes 2780 (1Nq26Xn2.exe)
Type data
MD5 05c4079110b8f65ec083182e2d870e04
SHA1 0b2d16dd8575c6f87c6bd66267cdf8eaba363a11
SHA256 826172f90aa17ba887682da7277b444c06513177653d727acbb146a2308af3a7
CRC32 8B58FA6A
ssdeep 192:FlRRCDN74hvoD5KL0+fLfYT7CcAzXEP0IhYY4WwDiZ:nRRCDN74hvoDEL0+fLf27CcAzXEP02Y0
Yara
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 65efa935dc0c4ba6_ph6me54.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\PH6mE54.exe
Size 2.1MB
Processes 2548 (line.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b410579f9d2eee94c4c958702dc2998b
SHA1 4fe3fa14d7c4fb37b32214e65c7916e90e78690a
SHA256 65efa935dc0c4ba61226fdeb917ccb7a9f8f2b07a07854a713571693d62525c3
CRC32 7A28C64E
ssdeep 49152:OFAbXgRBHy73Ia9z+VMu2/c+1/Udz/BjYmJlFAxF6:0uX6SD1oScGmJ4H6
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 5ee454eb05fcbbc0_02zdBXl47cvzHistory
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\posterBoxmXbLa1VjR4mS3\02zdBXl47cvzHistory
Size 120.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 64202674f6acaafa94c3390b0cc720b9
SHA1 38c8537feccfaabb095805d290af69272aeb32f1
SHA256 5ee454eb05fcbbc0ac1ff5662ba2be1f22688ddb97d3cc357d4da5cff5b5e5e9
CRC32 3685166F
ssdeep 48:TGjDU66tTKfxNPp+suktLReRK+NaUvdWSZ00LTL0drQHHp7C5fVcS2+VANUXq6uG:BeJQpWSZ00LTL0QCbc0VANPjwQU+
Yara None matched
VirusTotal Search for analysis
Name 512e4e95427a8c66_5lop_S5WM5ERCookies
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\posterBoxmXbLa1VjR4mS3\5lop_S5WM5ERCookies
Size 36.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 f4c540f52d5c08d24a79805eda1d7abf
SHA1 22be46826df7693f58736adb232ab2da790f2571
SHA256 512e4e95427a8c66b2993b27bb23d99cdab2ebd6e9e8937c7f6a39ed8c6a5b94
CRC32 95C9FB3A
ssdeep 24:TLmg/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fB34444z:T5/ecVTgPOpEveoJZFrU1cQB34444z
Yara None matched
VirusTotal Search for analysis
Name ac2bfdf62f945d58_fanbooster131.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk
Size 1.1KB
Processes 2780 (1Nq26Xn2.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Wed Dec 6 22:37:07 2023, mtime=Wed Dec 6 22:37:07 2023, atime=Wed Dec 6 08:19:38 2023, length=1652658, window=hide
MD5 10eafc40561b3d52adb73712fdc3368a
SHA1 8ff84ff33b8781d5a6abe66fb63b023d680fd115
SHA256 ac2bfdf62f945d58d23e20d084bc89daedf313f835a766fc22c85a2827d9e007
CRC32 BF8E80FE
ssdeep 12:8iKoKg4cZCrR8EvSWLTb6R+/LLwgeL+lRSE/c2ERHW1wizCCOLMKNlaV12uawua8:8fNsERdyR4/cH+zNRWYcL6Pyd
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 0b8607fdf72f3e65_02zdBXl47cvzcookies.sqlite
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\posterBoxmXbLa1VjR4mS3\02zdBXl47cvzcookies.sqlite
Size 96.0KB
Type SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
CRC32 842B3569
ssdeep 12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO
Yara None matched
VirusTotal Search for analysis
Name 90a5c1433f34cd6c_6xf3ff0.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6XF3FF0.exe
Size 897.6KB
Processes 2548 (line.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1f858e60797d99252f568e32ece8c53c
SHA1 ef195a537d0ef2109bd2405e539c0ee9015788f1
SHA256 90a5c1433f34cd6c39df9d5c1d39850cfd6aee02cee77528dbf1f7c9fe1c2a59
CRC32 C27ABE04
ssdeep 12288:LqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaUT1:LqDEvCTbMWu7rQYlBQcBiT6rprG8a01
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name bbc59eb43822e646_Ei8DrAmaYu9KLogin Data
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\posterBoxmXbLa1VjR4mS3\Ei8DrAmaYu9KLogin Data
Size 18.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 53ea322f91d6f0de8448b68583284d22
SHA1 b6c835867fbf7e432b834f7366eb0407f3eebbfa
SHA256 bbc59eb43822e64660cc4ccbca37d6dc016eaa9b85b2c6f5b40826bb03188b34
CRC32 CA013001
ssdeep 24:LLY10KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6ocW:4z+JH3yJUheCVE9V8MX0PFlNU12W
Yara None matched
VirusTotal Search for analysis
Name 13b15c54a5b094f2_5wq9ex9.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\5wQ9Ex9.exe
Size 921.8KB
Processes 2600 (PH6mE54.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 22b8bf588cea2d9c3352c70911023c61
SHA1 a87f6cd80343060c49ad9e7e0eafb7e649a408c2
SHA256 13b15c54a5b094f29dce74d313cc70f8191284b34021c4d6fc05245a576c1df5
CRC32 DF1C75C8
ssdeep 12288:vN5BNWvshHGfGwjWG4mgkammeIEUDSMTKSmyc0t7Sulrm4Kf:FzN1hHGfGwjWG4mu8IEy1GSmi7Sf
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 4bc6929fbaeb2fad_oz1qj16.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP002.TMP\oZ1qj16.exe
Size 789.5KB
Processes 2668 (ES1Kk28.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 dfc332a240025d6fc4c88224e560899b
SHA1 a8d080624ab47a19a16e6d93327920e1103d0d8d
SHA256 4bc6929fbaeb2fad0e52c858524db3ac7e667dd6ba74513fc368c01f606750a0
CRC32 57AB6D72
ssdeep 12288:7Mrwy90ZN8degBdF/RIqaSVJ3zQFo/DiK+BZhzSLU2qQCNQmhZNyztJqkSLtByA:jys8dTBd9baS7QW7lkzSFuCyyz/0OA
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 9a8ea0e2df7554c5_D87fZN3R3jFeWeb Data
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\posterBoxmXbLa1VjR4mS3\D87fZN3R3jFeWeb Data
Size 72.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 0539a773e44d21a84fd97fee0dffd4a3
SHA1 5904058c20aad54c552edc57826babd36ab61149
SHA256 9a8ea0e2df7554c57fb4ee6a8a12782f5a2474a3e4c23dc61e4768631dc4eb9f
CRC32 964BC0B2
ssdeep 96:P0CWo3dOOctAYyY9MsH738Hsa/NTIdE8uKIaPdUDFBlrrVY/qBOnx4yWTJereWbY:PXt769TYndTJMb3j0
Yara None matched
VirusTotal Search for analysis