Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.20 07:04
.csrss.exe
04.20 07:04
.csrss.exe
04.20 06:04
cookies-alert-script.j...
04.20 06:04
mdb.min.css
04.20 06:04
font-awesome.min.css
04.20 06:04
bootstrap.min.css
04.20 06:04
style.css
04.20 06:04
popper.min.js.pobrane
04.20 06:04
jquery-3.2.1.min.js.po...
04.20 06:04
mdb.min.js.pobrane

Latest News
04.20 02:04
[K-CTI 2025] 엔키화이트햇 천호...
04.20 01:04
[K-CTI 2025] 안랩 김승관 부장...
04.20 12:04
[K-CTI 2025] 케이토네트웍스 "...
04.20 12:04
[K-CTI 2025] 전덕조 씨큐비스타...
04.20 11:04
Frankenflair 58: Manua...
04.20 10:04
IT Sicherheitsnews tae...
04.20 08:04
China’s TMSR-LF1 Molte...
04.20 07:04
Tiktok testet Fußnoten...
04.20 07:04
KI-Bots im Undercover-...
04.20 07:04
Entkomme der Zahlenfal...

Dropped Files | ZeroBOX

Name	1b585c3c84b492ab_file.bin Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\file.bin
Size	1.6MB
Processes	416 (conhost.exe) 2196 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`dc7ce835a6839f4a60250c631c3a0544`
SHA1	`89d87d37ed359d9ec6f71cb5665e2585ece89ae9`
SHA256	`1b585c3c84b492ab4f7aecdc812d2a5fe7afa0e185d064cac835011e2a27f2e1`
CRC32	`C7FC19CD`
ssdeep	`49152:WPM4QYY7Fd1IJ1GHcGliOSzyK7hZjpV8q:eY7dI68GrPyzjpCq`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	e7b95be97a4c88bd_main.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\main.bat
Size	474.0B
Processes	416 (conhost.exe)
Type	Little-endian UTF-16 Unicode text, with no line terminators
MD5	`663de4f0de72fd3ab5b6a72d64e9d332`
SHA1	`69d3f80ed578dbf68c8796f8fb6a41cf568e79b0`
SHA256	`e7b95be97a4c88bd7fdb1b953f6c27c4a184538228a63c30aa8e5282854d24b9`
CRC32	`9B11FA88`
ssdeep	`12:QUp+CF16g64CTFMj2LIQLvIgcUE9WgCVGrMLvmuCCgXjgrXgX78agXrrEOXUigXY:QUpNF16g632CkeIgc79WgCVGYTtS0rXR`
Yara	None matched
VirusTotal	Search for analysis

Name	a4d039e3b02b452f_AntiAV.data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\AntiAV.data
Size	2.2MB
Processes	2364 (7z.exe) 2196 (cmd.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`e8347a67e89b5ee5a92ca9b028c28939`
SHA1	`fb966e59b909d3f3ae3ce63335f4d8a33455f30e`
SHA256	`a4d039e3b02b452f98b7a5631d7cf713f1276c256da1ed1f468a90d5bdf0fd96`
CRC32	`767EA295`
ssdeep	`24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xQ:R9kqGu7okoZscCnf0/Zs97`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	8a9235655b1a499d_dllhost.exe Submit file
Filepath	C:\ProgramData\Dllhost\dllhost.exe
Size	62.0KB
Processes	2508 (Installer.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4aa5e32bfe02ac555756dc9a3c9ce583`
SHA1	`50b52a46ad59cc8fdac2ced8a0dd3fceeb559d5f`
SHA256	`8a9235655b1a499d7dd9639c7494c3664e026b72b023d64ea8166808784a8967`
CRC32	`8E7E3EE7`
ssdeep	`768:+vfLyCdU0puufOIK1Nekmd52a3bCnP2PmxeETwM:+3LE0pu59ikmdYebCnO+xeEsM`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9ef2e8714e85dcd1_winlogson.exe Submit file
Filepath	C:\ProgramData\Dllhost\winlogson.exe
Size	7.9MB
Processes	2508 (Installer.exe)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`4813fa6d610e180b097eae0ce636d2aa`
SHA1	`1e9cd17ea32af1337dd9a664431c809dd8a64d76`
SHA256	`9ef2e8714e85dcd116b709894b43babb4a0872225ae7363152013b7fd1bc95bc`
CRC32	`04A4594C`
ssdeep	`98304:ZLsUYfB9pOp/BWLbrkShfa+XQD/YPLTDtU5SXXMQHJw7ZB87TtIeUK+MzfL7cybS:Kgp/NQ7rfWOlb1paSbkJFsxfKLNIS`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library XMRig_Miner_IN - XMRig Miner PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF214deea.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF214deea.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	64929489dc8a0d66_killduplicate.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\KillDuplicate.cmd
Size	222.0B
Processes	416 (conhost.exe)
Type	ASCII text, with CRLF line terminators
MD5	`68cecdf24aa2fd011ece466f00ef8450`
SHA1	`2f859046187e0d5286d0566fac590b1836f6e1b7`
SHA256	`64929489dc8a0d66ea95113d4e676368edb576ea85d23564d53346b21c202770`
CRC32	`F14E4A56`
ssdeep	`6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3`
Yara	None matched
VirusTotal	Search for analysis

Name	344f076bb1211cb0_7z.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\7z.exe
Size	458.0KB
Processes	416 (conhost.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`619f7135621b50fd1900ff24aade1524`
SHA1	`6c7ea8bbd435163ae3945cbef30ef6b9872a4591`
SHA256	`344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2`
CRC32	`085DB415`
ssdeep	`6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	be4b20f6a5866d39_file_1.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_1.zip
Size	9.4KB
Processes	2364 (7z.exe) 2196 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`9937f8a01c86e8d65f1561f6a46fc2a2`
SHA1	`f588a081e7ecec1b99dc7b681aa526ea85f3b1e8`
SHA256	`be4b20f6a5866d395f0bd5bb5b5a14884b3ef01521aac950c6bcdde68df472c7`
CRC32	`9111CB22`
ssdeep	`192:nxY5NF6ujk25P5TapzpkV/vLkFTXCcC2UyQ4tOjRWYLKxO0L+:uxjk2ZyzG9oTycWX4tQRd2zS`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	34ad9bb80fe8bf28_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\7z.dll
Size	1.6MB
Processes	416 (conhost.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`72491c7b87a7c2dd350b727444f13bb4`
SHA1	`1e9338d56db7ded386878eab7bb44b8934ab1bc7`
SHA256	`34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891`
CRC32	`D5226149`
ssdeep	`24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT`
Yara	Microsoft_Office_File_Zero - Microsoft Office File IsPE64 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	2162fa2b2df01d2c_logs.uce Submit file
Filepath	C:\ProgramData\HostData\logs.uce
Size	346.0B
Processes	2508 (Installer.exe)
Type	ASCII text, with CRLF line terminators
MD5	`13062886f35d28959ab0946457b31a61`
SHA1	`58577c0192e29c356303b6a77eadaae27463eb4b`
SHA256	`2162fa2b2df01d2c513232ee7a198f88906dfd4ee3a1cedc945da944b7e96a5a`
CRC32	`B503E81D`
ssdeep	`6:DiYgE/ovKDMcPmriYgE/ovKDMcirT5fhXGT2QSBa5ydXnzAiGUlQPo3XOw3KAKb2:uwgyXmGwgyaH55GT2Qtyc32XOw3KAwmB`
Yara	None matched
VirusTotal	Search for analysis

Name	152e3f7f5e662e02_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2792 (powershell.exe)
Type	data
MD5	`ed29f75d2b95de176ea40322e6713ff6`
SHA1	`a5658a3a82ced17c59cfc06f653ebd8e0633d58a`
SHA256	`152e3f7f5e662e02b3af65645e7f5834b649b372fe3fdfc2fc70ed7785254ab8`
CRC32	`A0481B0A`
ssdeep	`96:YtuCeGCPDXBqvsqvJCwoFtuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:YtvXoFtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ef87c02f5d905b4d_file_2.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_2.zip
Size	1.6MB
Processes	2316 (7z.exe) 2196 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`75533d2d5469d0809817c20ab162de3a`
SHA1	`af847e785a7089d99702f01e7ae9f8f5cf317032`
SHA256	`ef87c02f5d905b4de8d4160c17b00534e47d270848d2ff9abccef426ee80a0f8`
CRC32	`71A8F8F1`
ssdeep	`49152:jujCK3D0AC/l5mwbBkDWYb1ZN4UJ9oiCX:jaR3D0Ae5mwdkDWm1XoiA`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	11bd2c9f9e2397c9_winring0x64.sys Submit file
Filepath	C:\ProgramData\Dllhost\WinRing0x64.sys
Size	14.2KB
Processes	2508 (Installer.exe)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`0c0195c48b6b8582fa6f6373032118da`
SHA1	`d25340ae8e92a6d29f599fef426a2bc1b5217299`
SHA256	`11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5`
CRC32	`6B0323EB`
ssdeep	`192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	478f897b45e515b4_Installer.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\Installer.exe
Size	21.0KB
Processes	2416 (7z.exe) 2196 (cmd.exe) 416 (conhost.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c99d1c695902a242e6d90fd019e782a0`
SHA1	`26311dbc3d7a205f6f025605d3fc98c287a3ca62`
SHA256	`478f897b45e515b498c0d6f4a27dd9efeed260bc3cea4300103cc2d6ea12ea37`
CRC32	`B2A375A3`
ssdeep	`384:AbjjHZQ3NyofJHFrybCN906pXtM5PFNwN9zmmt15/ufdWrynX:AbjjHe3jBgbGqBFNwvHN8`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis