popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 84da8792f5b41537_scales
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Scales
Size 229.0KB
Processes 2056 (AquariumScreening.exe)
Type data
MD5 80ee75fbe1f762a36cc970e75b25c8b9
SHA1 57baafd967fc65ba02abb56a311659321ec0828a
SHA256 84da8792f5b41537bad1bdaa6c2f62d17f5e0ece583f62eedd3717f62945b894
CRC32 6690B64C
ssdeep 6144:8tZ6lfA6Gfm608DsvqJX4xNAB+xHFq9O0lHPOGUWLhxjRp:8tZ6XKmNvqJWNAB+X0lHPOGNnp
Yara None matched
VirusTotal Search for analysis
Name 85896ae3b99d84e0_campus
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Campus
Size 198.7KB
Processes 2056 (AquariumScreening.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 f46b3971a933d5f7a41968bd2a421eda
SHA1 3821d7879028b16d0f6860ca1ee2e11386cee052
SHA256 85896ae3b99d84e09cfe8a9212653ccf6fd310592ed09a2af5d4a0f33ef011d1
CRC32 82EB9E8D
ssdeep 3072:mJOFaDpMBc7Pfa3+dNIlKPY2A9f8TTvpsThGLGE/bhtB4hE+1n:+OFspac7Py38NTAyBnLGETmEY
Yara
  • Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
VirusTotal Search for analysis
Name c402f2024c451dfc_jerusalem
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Jerusalem
Size 133.0KB
Processes 2056 (AquariumScreening.exe)
Type data
MD5 89b72402fb2128e801afca536ddbd408
SHA1 788d8dabbee14f476583b6fa5bb1ccecb8753e7b
SHA256 c402f2024c451dfcd905910e0f8eabdbd9b03a297d650998c815c67012f62351
CRC32 45E56CBE
ssdeep 3072:X1UhlqRWO/9EAehuqCkrwzW3Nzl8F5hPLaLWysRIO7vHZnBfzHl8w:X12lqlEAehuqN8zwNzlmhPL1b5nZt
Yara None matched
VirusTotal Search for analysis
Name 746b9d5a765456c4_boring
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Boring
Size 423.0KB
Processes 2056 (AquariumScreening.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 d2d413509281b450ec85a23da848cd7c
SHA1 df131db8197c125b242a960661b213d549336442
SHA256 746b9d5a765456c495152c84538fd2eae3fabf3d956205baa789fb4af0e3701e
CRC32 01D648FE
ssdeep 6144:0DdKNohoNU6q3WWpHWgRr49IsigsiAzsQo9N7bF7b217UP5qR+PY:0DdKNohlrxu5jPY
Yara None matched
VirusTotal Search for analysis
Name d38051f3234b0835_jsc.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\15012\jsc.exe
Size 45.9KB
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 9ba9b8ecdefec144f6db1c527b5d6f3c
SHA1 91029e82ee7110da870bcf3aa1373e0e23ebd29f
SHA256 d38051f3234b083582c8fa63a6fe458ac2ab77f777aba07a12e6bb772e90ab26
CRC32 6AE90343
ssdeep 768:tG93cIZWERqqPzL5DkfPMNCM2oo2zxYNasiB4DQm:M9sIZkIyfPMN2r22Tc4DQm
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 17cd1dfcf929e6c3_refund
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Refund
Size 59.6KB
Processes 2056 (AquariumScreening.exe)
Type data
MD5 a408816ba561c80c045f4252eef49d19
SHA1 32fb286e4180cd360114540f83d2fee40e334659
SHA256 17cd1dfcf929e6c3c98e9ea6cd5c5bca23eaa263193cbc34d51929b0c349ec07
CRC32 F9926A6B
ssdeep 1536:Jo2+9BkxXiblenlJJyIE2UWb/hoQZ2OE3:JNogXJ3i2Umb2Oq
Yara None matched
VirusTotal Search for analysis
Name ac1ec658b7b59793_penny
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Penny
Size 265.0KB
Processes 2056 (AquariumScreening.exe)
Type data
MD5 ec877d12379bec45229c6351119e8ac1
SHA1 23de00bb8cddc02a601b4cad430f7e140f801d31
SHA256 ac1ec658b7b59793fe15f5750bb0674320f93ea5c663c3511f8b9753aa60e1fd
CRC32 5AFEEE63
ssdeep 3072:CH/fA9vtqmcCVs5A3q5eAg0Fuz08XvBNbIaAtbPf6jKj+wsxjgarB3RZgDWy4X:CmFqZvEAOz04pmdV364EgarxUaBX
Yara
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name ea88c43ee75671bf_vitafit.js
Submit file
Filepath C:\Users\test22\AppData\Local\VitalNourish Technologies Inc\VitaFit.js
Size 195.0B
Processes 2664 (Carpet.pif)
Type ASCII text, with no line terminators
MD5 3d78e16a0a5d1b1a9897aa57197307c2
SHA1 4ab3e9f42d34500c28dee45968d953518ef6aad2
SHA256 ea88c43ee75671bfdf3c244703674936cd7ed72c005be1b81acb6a4294ef96ad
CRC32 4BFFFD91
ssdeep 6:RiJbNHCwWDbRXp+NkDtvwRHwWDbRXp+NkDtns:YJpCjvTwRDvzs
Yara None matched
VirusTotal Search for analysis
Name 371547494bc44eed_ko.bat
Submit file
Filepath c:\users\test22\appdata\local\temp\ixp000.tmp\ko.bat
Size 12.2KB
Processes 2056 (AquariumScreening.exe) 2188 (cmd.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 a7cb29cfd2c5c111bda20a1ec23c2525
SHA1 237cb8bf001552eabab02b3dd76f151c1f3ad3f2
SHA256 371547494bc44eed143aed7b24f0d25436997f1c40c8fc51a95d6da7fc97f0bf
CRC32 2A6319B8
ssdeep 192:IK73YuAztKr7cOmn4cMDPY56SDm1mk2nHGO/FkByQ4kgfH8ZQlxShJgd+4ZTJmTi:ImAmclQ1mHHG2WyQ4n8ZQlxwOdDJ6jxw
Yara None matched
VirusTotal Search for analysis
Name 267ea6b4497e79e8_AquariumScreening.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\AquariumScreening.exe
Size 719.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
MD5 b74af6f8231cb0dd8dbaa270e215a7bb
SHA1 119a5be8d17efd8e29db166372ccd544707cf846
SHA256 267ea6b4497e79e884e06a78dbadb0ac85e7da70987a6230d299b1a3aae2edd1
CRC32 5738DF1F
ssdeep 12288:2Lo1xVGJXXTtZB3UqW7BCiTlsdubTPcaX5DRgzp1carS8tnoFJTiha:rGpTtZ5g7YKlsdUEaXtw728FoF5i
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 9a7dd287ff7dea4c_n
Submit file
Filepath C:\Users\test22\AppData\Local\VitalNourish Technologies Inc\N
Size 621.7KB
Processes 2664 (Carpet.pif)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 9dc21ea874da4ff1e358afe3f3c46f85
SHA1 d07ff80f1790d72dbd71b6394c099840f5accb92
SHA256 9a7dd287ff7dea4c63a7ee26a805c2cad925415bd8cfab9461171979e6380b70
CRC32 4EC7F7FE
ssdeep 6144:0DdKNohoNU6q3WWpHWgRr49IsigsiAzsQo9N7bF7b217UP5qR+P/OFspac7Py38i:0DdKNohlrxu5jPmypaya38p7GETm/
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
VirusTotal Search for analysis
Name 854f3d4e76e9895f_firefox
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Firefox
Size 238.0KB
Processes 2056 (AquariumScreening.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f0b0088291bd53c8a8ccdde80b27c1ea
SHA1 edc14809a25bacd6a8d573519430c5a0b7bdabf3
SHA256 854f3d4e76e9895fbb4db34ffc03447f3c6849bb7886f956ef005ae38225df96
CRC32 77E45EF6
ssdeep 6144:LQBk7JjX74cN0lrztgwU0Wyw3mFygyE4mqh:LO0z8e0lvSr0Wyw20K4mqh
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name f58d3a4b2f3f7f10_carpet.pif
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\15012\Carpet.pif
Size 924.6KB
Processes 2572 (cmd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 848164d084384c49937f99d5b894253e
SHA1 3055ef803eeec4f175ebf120f94125717ee12444
SHA256 f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3
CRC32 4FCA9037
ssdeep 24576:LOo8pEnK4mrqlEZuVZ2HOI+X0l1lMZyYFaeBmyF:LF8p4KpqlEZeXI+X0TVcae3F
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis