popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d0326f0ddce4c00f_nscpucnminer64.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\NsMiner\NsCpuCNMiner64.exe
Size 1.5MB
Processes 2980 (IMG001.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 eedb9d86ae8abc65fa7ac7c6323d4e8f
SHA1 ce1fbf382e89146ea5a22ae551b68198c45f40e4
SHA256 d0326f0ddce4c00f93682e3a6f55a3125f6387e959e9ed6c5e5584e78e737078
CRC32 1FBD506B
ssdeep 24576:Mf79KQimeoyEgM8dSGDeCAQ4GYwEkYEDI3BiiVzKJo23bvH5xh8wtDzgClYAdC51:b3EciPG9E/LBVeJo2Vsw57lYAA51
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file
VirusTotal Search for analysis
Name 8689fd11c63754ae_pools.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\NsMiner\pools.txt
Size 500.0B
Processes 2980 (IMG001.exe)
Type ASCII text, with CRLF line terminators
MD5 5137876455f2fd0c032ceed6fdbe49cb
SHA1 a33210e43247b1f04f51a341e5be79f769acc941
SHA256 8689fd11c63754aeabb202d7e1db3e5fe896f4e4e3597d4bfed58950f3110bb9
CRC32 BD0FE6D7
ssdeep 12:3cuSBcuSGcdVcdVIcWVn8cM0IcrMXBc9RIceGeMdcrMXlcibvcbZucA:3cuUcuvcPc4cFcMlcrmcMceGXdcrKcu1
Yara None matched
VirusTotal Search for analysis
Name a0eba3fda0d7b22a_nscpucnminer32.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\NsMiner\NsCpuCNMiner32.exe
Size 1.4MB
Processes 2980 (IMG001.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 3afeb8e9af02a33ff71bf2f6751cae3a
SHA1 fd358cfe41c7aa3aa9e4cf62f832d8ae6baa8107
SHA256 a0eba3fda0d7b22a5d694105ec700df7c7012ddc4ae611c3071ef858e2c69f08
CRC32 CFE68931
ssdeep 24576:gWKqa4hnzP3w7L3rmZmpk7FSQFW2iJ+N07/TwYV1CdZdQ+4lT+iFgiGTtswAtdz:gSrwf3aZmpOFU2iQNIUc1LxGTtswgd
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • VMProtect_Zero - VMProtect packed file
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 67eff17c53a78c8e_inetc.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsn3F05.tmp\inetc.dll
Size 21.5KB
Processes 2980 (IMG001.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 d7a3fa6a6c738b4a3c40d5602af20b08
SHA1 34fc75d97f640609cb6cadb001da2cb2c0b3538a
SHA256 67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
CRC32 FB680CCE
ssdeep 384:oW4gLK82JvtosNCPhXKJ18hcEP1+f+pvMPbkdTg1Zahzs60Ac9khYLMkIX0+Gbyk:oW4i/2JloB5IQ9AhkwZaKRu
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • ftp_command - ftp command
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsqF0C8.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsqF0C8.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 40fe74d3a1116ed8_tftp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tftp.exe
Size 95.5KB
Processes 2556 (IMG001.exe) 2980 (IMG001.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 461ed9a62b59cf0436ab6cee3c60fe85
SHA1 3f41a2796cc993a1d2196d1973f2cd1990a8c505
SHA256 40fe74d3a1116ed8ca64c62feb694327a414059eeaef62c28bc5917e2e991b3d
CRC32 B90FF246
ssdeep 1536:TZUlmkDwItbItNwDXIGE5IzBDMDaoQBMJrGIZUn7:9ULDBBIoXvOqBBAUn7
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 0ff7615e34ef603b_run.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run.lnk
Size 906.0B
Processes 2980 (IMG001.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Jun 25 16:25:56 2024, mtime=Tue Jun 25 16:25:56 2024, atime=Mon Sep 26 19:48:00 2022, length=3553626, window=hide
MD5 4d19ddb08435dd4256610d05d8a94772
SHA1 a31b561760efaf1b9afb388226a6c2e9fd2d5dba
SHA256 0ff7615e34ef603bfeca803d9e7c2e1232b07ee8cd565801ffe5fcb5eab13612
CRC32 C52E9891
ssdeep 12:8mXoW4cZCrR8EvSE3FrlUzSL6TlJcz/2sFcoizCCOLAHnyEQlEya/MJrKgdhN:8misERdrrlLAozUzN5ynD7VKa
Yara
  • Lnk_Format_Zero - LNK Format
  • lnk_file_format - Microsoft Windows Shortcut File Format
VirusTotal Search for analysis
Name 52ec3ba075a507e6_info.zip
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\info.zip
Size 1.0KB
Processes 2556 (IMG001.exe) 2980 (IMG001.exe)
Type Zip archive data, at least v2.0 to extract
MD5 8604e0f263922501f749cfca447b041a
SHA1 85c712bdeaceb78e2785e1f63811b0c4a50f952d
SHA256 52ec3ba075a507e62bb6e3272fb13b30a8ddc0f62c4ea194311d558b338eb5ed
CRC32 B32B8F5D
ssdeep 24:91mVy6UwvwrBg4o+xu9f2vyHwKmKuuuD5hioildx8R:91mOOwrBg8gUydU
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name 7bdd44d7de73b242_uac.job
Submit file
Filepath C:\Windows\Tasks\UAC.job
Size 338.0B
Processes 2704 (schtasks.exe)
Type VAX-order 68k Blit mpx/mux executable
MD5 debed927dc15fc01d1b53cbf0a5b394a
SHA1 3f7088d7e9a6578a418f3bbf88657c1f5055703f
SHA256 7bdd44d7de73b242b67106f63b14abc8434b48fefc5161eda3e45dc0e4a1c419
CRC32 5F2A8B8D
ssdeep 6:YLU8XEXO/UEZglJPZdWvYtP/UEZglJPZdQl4y0lK1:YLUGEXO/MJrN/MJr64Ve
Yara None matched
VirusTotal Search for analysis
Name e06aa8ce984b22dd_img001.exe
Submit file
Filepath C:\IMG001.exe
Size 3.4MB
Processes 2980 (IMG001.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 d59e32eefe00e9bf9e0f5dafe68903fb
SHA1 99dc19e93978f7f2838c26f01bdb63ed2f16862b
SHA256 e06aa8ce984b22dd80a60c1f818b781b05d1c07facc91fec8637b312a728c145
CRC32 E541C0E0
ssdeep 98304:MxtVPnq1y5tQOM33ZNqCtBixHl54Oyjes1bo5:uVPq1yLanrqTr43eSG
Yara
  • Malicious_Library_Zero - Malicious_Library
  • NSIS_Installer - Null Soft Installer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis