popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9e64f0aca3cb577f_passwords.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempCMS4hIQkWXNf6nT\passwords.txt
Size 4.8KB
Processes 2668 (4Za415Il.exe)
Type UTF-8 Unicode text, with CRLF, LF line terminators
MD5 d2a3146478b270d48107b3db96c4864e
SHA1 41fa166d431562c7bc1893e96cba4189f089af32
SHA256 9e64f0aca3cb577f1e20227d1f3892557bcc0655d64dc84957c650be14a1d7f4
CRC32 1AC8F34A
ssdeep 48:ZMMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMME:S
Yara None matched
VirusTotal Search for analysis
Name 67f4d0d255be5b47_2LNSO2Hi7xRKkSujuTjezLXWKhklU9HR.zip
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\2LNSO2Hi7xRKkSujuTjezLXWKhklU9HR.zip
Size 1.6KB
Processes 2668 (4Za415Il.exe)
Type Zip archive data, at least v2.0 to extract
MD5 979028378fc760dedd52f351b42f445c
SHA1 1a524ceb36b2ccf6086d432e5f962335ee5ea947
SHA256 67f4d0d255be5b47e7d7130d4b7cb79f8f1aae485bfef754d6163d53bcf09960
CRC32 B50025B5
ssdeep 24:9KW++cPN92u4RUhqscyl55dKuM5J8UcuKDgnarFvi8bpUkOOwO3hXVw:9K/7n9cyLKH3X3nwFv3b6Or3hlw
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 946583a0803167de_6hm5ps0.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\6hm5pS0.exe
Size 448.5KB
Processes 2600 (zP1Tf60.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 700a9938d0fcff91df12cbefe7435c88
SHA1 f1f661f00b19007a5355a982677761e5cf14a2c4
SHA256 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818
CRC32 4ECD6A89
ssdeep 6144:btb2kbTOXb1JSqar6LNzVLReCCOQ6j4zu+jf6U5peQRVOm+T:MaTOqq+6LNzjwxPfhCQRVOmW
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 893.0B
Processes 2668 (4Za415Il.exe)
Type data
MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32 1C31685D
ssdeep 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
Yara None matched
VirusTotal Search for analysis
Name 0194a07d7ccf33a8_7ai8jz57.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\7aI8jZ57.exe
Size 38.3KB
Processes 2548 (foxi.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ca774a5d47a705a138fce07edc6b28b6
SHA1 91321d2e13b3cbaf8cb8d21726f81f87f509ecad
SHA256 0194a07d7ccf33a894faf804ec94a2ea6172e0342a84d06007d1dfcc6138478d
CRC32 B3C3C785
ssdeep 768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • win_smokeloader_auto - Detects win.smokeloader.
VirusTotal Search for analysis
Name b88756c7fcbaa4c2_information.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempCMS4hIQkWXNf6nT\information.txt
Size 2.3KB
Processes 2668 (4Za415Il.exe)
Type UTF-8 Unicode text, with CRLF, LF line terminators
MD5 99a204397cbe6299696082b7e5dcf46a
SHA1 d908ce8ed0d696abbf09f202abd0052200bafeac
SHA256 b88756c7fcbaa4c2c889ff17a6d3e484587677c2f45a8d0b1b0ec1c673a569f4
CRC32 D846DD71
ssdeep 48:t3jCataFLntNUSH/SOt71OUGTME+bhatp++CZGdjwLFj5ZigRnQPp3:t3netmSH5oJTMH9atp+9MdjwLFj5Zigm
Yara None matched
VirusTotal Search for analysis
Name fc33baeb409487ce_fanbooster131.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk
Size 1.1KB
Processes 2668 (4Za415Il.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Tue Dec 26 13:42:26 2023, mtime=Tue Dec 26 13:42:26 2023, atime=Tue Dec 26 04:31:36 2023, length=1526272, window=hide
MD5 b1208fc84904a762f3cbd127b2c15d01
SHA1 aeeb9920669b5cdb74683d1eb3f95bbefb9581e6
SHA256 fc33baeb409487cee9dfcfcb7eaf1a083afa7ecaa071e7d7b873cd7f6761f680
CRC32 253E8816
ssdeep 12:8i3N0g4cZCrR8EvSWpoR+/r0qeGS/5wewizCCOLMKNlaV12uawua4t2YLEPKzlXb:84EsERdtoRO0AIzNRWYcL6Pyx
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 9f340dab5d54d696_rise131m9asphalt.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\rise131M9Asphalt.tmp
Size 13.0B
Processes 2668 (4Za415Il.exe)
Type ASCII text, with no line terminators
MD5 f9404694c3146c03d9c96a8207d03798
SHA1 feea7faef32641d398d38a0ca1d531f319708b13
SHA256 9f340dab5d54d6960ccbdf001a85eb82df83952a82f8f4dfab936bdaa5a04113
CRC32 D378DE46
ssdeep 3:L8TRA7bQ:2Aw
Yara None matched
VirusTotal Search for analysis
Name 0c7cd52abdb6eb3e_sqlite3.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVS4hIQkWXNf6nT\sqlite3.dll
Size 791.5KB
Processes 2668 (4Za415Il.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 0fe0a178f711b623a8897e4b0bb040d1
SHA1 01ea412aeab3d331f825d93d7ee1f5fa6d3c46e6
SHA256 0c7cd52abdb6eb3e556d81caac398a127495e4a251ef600e6505a81385a1982d
CRC32 C173DE02
ssdeep 24576:2/ZHet+kwxRLvxx/ccPA7leR+g/oU6xGmdRA7G4fRjqTr:eZ+t+v/nMleR+g/oUI/dmi4cT
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 115139be24d9975c_zp1tf60.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\zP1Tf60.exe
Size 1.9MB
Processes 2548 (foxi.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ea70f74b49ee76cd11d7c2d7564636e0
SHA1 4979aa75c5dccedd1d732ba98a715b46fb237eb4
SHA256 115139be24d9975c1a342ae0c1a768e491d091899bf531c21863dfe8fcd0f99e
CRC32 17F2FC2F
ssdeep 49152:IFAqnjC2FKN2PNK8XJ/+2wiEeLyxS9gOsGuefn:oAqnZ3lh+G7L6MgOsGuC
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 5cce2143dc92709a_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 252.0B
Processes 2668 (4Za415Il.exe)
Type data
MD5 c75bf708d8b133a8efee6b449220afbd
SHA1 223b1ef10cf0922674218f671eceab0b00f9fd9e
SHA256 5cce2143dc92709af60aca2895d34ce19424c7813c475ef674963d685f50b11b
CRC32 FA3B3E1E
ssdeep 3:kkFklkP/M/tfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kK/AxliBAIdQZV7I7kc3
Yara None matched
VirusTotal Search for analysis
Name 606bc55fad2b4b1e_4za415il.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\4Za415Il.exe
Size 1.5MB
Processes 2600 (zP1Tf60.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c2111e61e7ba399ef043c265c4215de2
SHA1 a7c1289cf1e2ae758d8c1ef409a9b4b8a468da1a
SHA256 606bc55fad2b4b1ec117c8df11571f153ac95736e6fcfa8dd8874d88eaa1a48b
CRC32 5220CFE0
ssdeep 24576:CDbFcjYvZFMgVVyEl1/g9rmqezyyVgTN9OVPuSWb4gchWQuUZj+:CPFcjYvZ2cVNNtqFySTCVPl+bcAO
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • EnigmaProtector_IN - EnigmaProtector
VirusTotal Search for analysis