Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
08.02 10:08
payload_1_3.ps1
08.02 10:08
payload_1_2.ps1
08.02 10:08
payload_1.ps1
08.02 09:08
wemustbegood.js
08.02 09:08
SNK.txt.exe
08.02 09:08
sos.txt.exe
08.02 09:08
newlevelcreatedgirlsey...
08.02 09:08
blessedflowerongirlhai...
08.02 09:08
Done.js
08.02 09:08
IMG_8729.scr

Latest News
08.02 04:08
[Web발신][티몬] 회원님께서 주문하신...
08.02 04:08
위메프·티몬 사태 미정산 규모, 2,74...
08.02 03:08
NCA Shuts Down Major F...
08.02 03:08
How to Prepare for the...
08.02 03:08
Recent Vulnerabilities...
08.02 03:08
Navigating Indispensab...
08.02 03:08
Sitting Ducks attack t...
08.02 02:08
The Unbreakable Bond: ...
08.02 02:08
CSMA Starts with Ident...
08.02 01:08
지능형 CCTV 성능시험·인증, 안전 분...

Dropped Files | ZeroBOX

Name	9e64f0aca3cb577f_passwords.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempCMSjMXzjwbRSzJW\passwords.txt
Size	4.8KB
Processes	2552 (valid.exe)
Type	UTF-8 Unicode text, with CRLF, LF line terminators
MD5	`d2a3146478b270d48107b3db96c4864e`
SHA1	`41fa166d431562c7bc1893e96cba4189f089af32`
SHA256	`9e64f0aca3cb577f1e20227d1f3892557bcc0655d64dc84957c650be14a1d7f4`
CRC32	`1AC8F34A`
ssdeep	`48:ZMMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMME:S`
Yara	None matched
VirusTotal	Search for analysis

Name	2c6494dcaedb8d21_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	252.0B
Processes	2552 (valid.exe)
Type	data
MD5	`4f59769d52b716649706cd5a30db3f59`
SHA1	`f067a7227583fdeeb303ff678791d3174f05dd75`
SHA256	`2c6494dcaedb8d21f5585735ddd57b320f8d30f3f73aca9dac499544ddbfd5a2`
CRC32	`C14EDEF9`
ssdeep	`3:kkFklKtfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnklG3:kKHxliBAIdQZV7I7kc3`
Yara	None matched
VirusTotal	Search for analysis

Name	8d75fb0d38c19a4c_TlMf9fF7UfEiSFMiWrgl2A4doF8llQs5.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\TlMf9fF7UfEiSFMiWrgl2A4doF8llQs5.zip
Size	1.5KB
Processes	2552 (valid.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`55a705dc8a486c1abe3b86157ee51ee9`
SHA1	`a856c6637ae3978af5fd07ac03104bd012b537b8`
SHA256	`8d75fb0d38c19a4c4d81964667644255b6f8f49f3e2926c645aae97f32a34ada`
CRC32	`62B77C6D`
ssdeep	`48:9V1VGad0s/Ke0pMB4mrtXDgg5yYf76Oro1Vlw:v3Gqt0pETXDggcYxoG`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	893.0B
Processes	2552 (valid.exe)
Type	data
MD5	`d4ae187b4574036c2d76b6df8a8c1a30`
SHA1	`b06f409fa14bab33cbaf4a37811b8740b624d9e5`
SHA256	`a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7`
CRC32	`1C31685D`
ssdeep	`24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x`
Yara	None matched
VirusTotal	Search for analysis

Name	d32fe0ef951c8835_rise131m9asphalt.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rise131M9Asphalt.tmp
Size	13.0B
Processes	2552 (valid.exe)
Type	ASCII text, with no line terminators
MD5	`5505a0a94e70ca5fc16cdf2ceef8663c`
SHA1	`c08d91e5dac0a460569740f3a5b10bb478e4da35`
SHA256	`d32fe0ef951c88356087a4c865331a2755130a570f5fe4a8f31a548f62cf3603`
CRC32	`B69F4B55`
ssdeep	`3:L8TR+RURS:2+y0`
Yara	None matched
VirusTotal	Search for analysis

Name	0c7cd52abdb6eb3e_sqlite3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSjMXzjwbRSzJW\sqlite3.dll
Size	791.5KB
Processes	2552 (valid.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0fe0a178f711b623a8897e4b0bb040d1`
SHA1	`01ea412aeab3d331f825d93d7ee1f5fa6d3c46e6`
SHA256	`0c7cd52abdb6eb3e556d81caac398a127495e4a251ef600e6505a81385a1982d`
CRC32	`C173DE02`
ssdeep	`24576:2/ZHet+kwxRLvxx/ccPA7leR+g/oU6xGmdRA7G4fRjqTr:eZ+t+v/nMleR+g/oUI/dmi4cT`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	5c2b6fa72089f0c5_fanbooster131.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk
Size	1.1KB
Processes	2552 (valid.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Tue Dec 26 13:42:19 2023, mtime=Tue Dec 26 13:42:19 2023, atime=Mon Sep 26 19:48:00 2022, length=1525760, window=hide
MD5	`ae5987c76f35d903cee0dcb4e4885e1d`
SHA1	`8395d7cdabfc7c7cf8938752560b9599fd48e0e8`
SHA256	`5c2b6fa72089f0c557454f90dfc7fac81d667ae5e41f1e0603647cd88bb623ab`
CRC32	`08D17D7C`
ssdeep	`12:8ik1g4cZCrR8EvSWy9R+/X9eqAs/jVwizCCOLMKNlaV12uawua4t2YLEPKzlX8yV:8nsERdiR6XAqzNRWYcL6PyoiliK`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	f115ea22161b0628_information.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempCMSjMXzjwbRSzJW\information.txt
Size	2.2KB
Processes	2552 (valid.exe)
Type	UTF-8 Unicode text, with CRLF, LF line terminators
MD5	`f20e1338bd83c2fd56cea3661ee85c2b`
SHA1	`cbdceaa92b27b00dba022c5b3c5a9b9f34510f9a`
SHA256	`f115ea22161b0628f629df34becaa802019f8f46de00126eda238a90278ca7e6`
CRC32	`88D6E0DE`
ssdeep	`48:t34SataFLnamSH/SOt7s7OUGTX+bhatp++CZGdjwLFj5ZigRnQPp3:t34beVSH5oCJTO9atp+9MdjwLFj5Zigm`
Yara	None matched
VirusTotal	Search for analysis