Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.04 09:07
realtekdriver.exe
07.04 09:07
Bitwarden-Installer-20...
07.04 09:07
systemd.exe
07.04 09:07
CNO.txt.exe
07.04 09:07
SWSS.txt.exe
07.04 07:07
csrss.exe
07.04 07:07
loader.exe
07.04 07:07
38.exe
07.04 07:07
ABC.exe
07.04 07:07
injector.exe

Latest News
07.04 09:07
WordPress User Enumera...
07.04 08:07
Smashing Security podc...
07.04 07:07
ECMAScript 2024 JavaSc...
07.04 07:07
The AI Fix #5: An angr...
07.04 07:07
It’s Time For Lawmaker...
07.04 07:07
Securing Supply Chains...
07.04 07:07
Emulating the Sabotage...
07.04 07:07
Threat Hunting Worksho...
07.04 06:07
ワシントン州キング郡、AIを活用し薬物過剰摂...
07.04 05:07
CVE of the month, the ...

Dropped Files | ZeroBOX

Name	6a2abb8c1c594118_d93f411851d7c929.customDestinations-ms~RF113d538.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF113d538.TMP
Size	7.8KB
Processes	2932 (powershell.exe) 2268 (powershell.exe)
Type	data
MD5	`e1cd439f54a5cbbb06d420bea0a6c490`
SHA1	`4b56c1a2a140ad62a46f2ff52fb2b8c6a0d99c58`
SHA256	`6a2abb8c1c594118c7fc85a23b107e1043bcf789007abef997c65184e7c41989`
CRC32	`088C001C`
ssdeep	`96:8tuCcBGCPDXBqvsqvJCwoptuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:8tCgXoptCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	2c3066d84a1942c8_db7z32t.dfq6 Submit file
Filepath	C:\ProgramData\dB7Z32t.dFq6
Size	4.0MB
Processes	812 (certutil.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`930d6b4b7f4b4bcc1a2c71e21a3fcbc0`
SHA1	`a978247363b6444c196866f16d902c9110920d95`
SHA256	`2c3066d84a1942c8a7d0873d6863e47b73dca05a07283e52e567533447a7afc9`
CRC32	`A0F82634`
ssdeep	`98304:+k7kTknkZkLNNyiderxzoINwDGaVLSsC7SoL5nxJ3uwuvOIm1uUP:+k7kTknkZkzy3HNwDGaVLSsvcxJ3uwuu`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	7ee927529f7108d8_BrowserMetrics-63327DF3-A54.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-63327DF3-A54.pma
Size	8.0MB
Type	data
MD5	`2f83a72f095bc42146a77940353d776c`
SHA1	`7b525857dbae3b79cce3f836475604f46d60008a`
SHA256	`7ee927529f7108d85841c07e1d05bafa82cb7d5a9a0db3ad9cf804c5a7b1632e`
CRC32	`1A7C42BC`
ssdeep	`6144:H9LG+zeL7c/lhRgdTTEDtsHVdUXaHmVGKPFIrgHkjdr:t6bcF`
Yara	None matched
VirusTotal	Search for analysis

Name	0b31b9f509865104_result_2024-0617.pdf Submit file
Filepath	C:\ProgramData\Result_2024-0617.pdf
Size	43.8KB
Processes	2628 (wscript.exe)
Type	PDF document, version 1.7
MD5	`3a970359b6dd7ebb02227458d1702f8e`
SHA1	`e73fe60c7651466606cb6b4589994399b9fd3432`
SHA256	`0b31b9f509865104eead1940d937a38c1a1bc2f6b800b3704b49e93edb759b43`
CRC32	`889E49C1`
ssdeep	`768:y/LjsjdQW0Has9BZ3FRos9EEtiaePPWwQJN97xVLI6YsPzQGejVCIXjYUy4qlFlf:2A45P9FYPPNQp7Xs6pPzQDX1HeWXU`
Yara	PDF_Format_Z - PDF Format anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	f420fae6d46c49c3_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2268 (powershell.exe)
Type	data
MD5	`f319e45b059a84d37d42656257255ae7`
SHA1	`6605e7b40317544ab18bb72c319ccc92d833b815`
SHA256	`f420fae6d46c49c368088bb4dc0611a925f2ecdec7765592bfcb10099e7ab4c5`
CRC32	`EAC31604`
ssdeep	`96:0tuCcBGCPDXBqvsqvJCwoBtuCcBGCPDXBqvsEHyqvJCworL47HwxClUVul:0tCgXoBtCgbHnorHxk`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	99d0bb91a53c5476_metadata Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
Size	114.0B
Processes	2828 (chrome.exe)
Type	data
MD5	`adb7108276406857343b58dba762c309`
SHA1	`070811cb144da8acc53e2331ff9cb17ee13689d8`
SHA256	`99d0bb91a53c54768c80a2beb298e253eeeac4cfb88a40c3366523f474c6a461`
CRC32	`A8088105`
ssdeep	`3:mTll+Xlh+WctMlllEnlgfCuGhHRUcnLq/:mTlEkWctk/lquGVG`
Yara	None matched
VirusTotal	Search for analysis

Name	5a3ec8851acd1bb6_CrashpadMetrics.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
Size	1.0MB
Type	data
MD5	`aea7ffdba870ea9d59d542f890fecc8c`
SHA1	`2efe83750eebdfacc148d376cc4edfdf8e5d2ac9`
SHA256	`5a3ec8851acd1bb62d270e9bdca9625da9f34df69ef39608bc2ce3de68960056`
CRC32	`CB7B9D10`
ssdeep	`12:bHiZXAVMMOKEKSCemJKlkQPdl/JG89Hy3aJ0oMFgigpCbUycIXuYJ05:bwQOMzBS+Mk0/JvWoMeigp1y5eYW`
Yara	None matched
VirusTotal	Search for analysis

Name	457dd78324150255_jgi47eo.ouit Submit file
Filepath	C:\ProgramData\jgI47eo.oUIt
Size	5.3MB
Processes	2628 (wscript.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`cb881ae1953dd2367030be3352a1de5c`
SHA1	`a739e1490eef6d41589e4d483cd7b4ec59e04a80`
SHA256	`457dd783241502555d4d03e9b28beb91448ba2fc818c0bea01d90a4a4ea94f36`
CRC32	`D1FE9F3C`
ssdeep	`49152:4tvsR8OtKgpa4uEGdQlXoVqygx/AQePjPkw/PgYhYG299KVUsZYK5G3E5dM:T`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files) hide_executable_file - Hide executable file
VirusTotal	Search for analysis

Name	5e0f39de6d6fcf88_BrowserMetrics-667D2C22-AE0.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-667D2C22-AE0.pma
Size	8.0MB
Type	data
MD5	`029daec6c7faa732c7dd21ad65d1e3db`
SHA1	`e6e5fc1db3c86e9619e514876600e78469a619fc`
SHA256	`694a19cd20add8d49f5a18e2124a925e5553d2f57a3102d78b4665be35fb72af`
CRC32	`A20D7B37`
ssdeep	`192:8+h5KH1LepNNAZyILkLkLg75OS3Dgso5PV5Q:8+hqLyeNkkLwODP95`
Yara	None matched
VirusTotal	Search for analysis

Name	6274f4ac6f445de8_debug.log Submit file
Filepath	C:\Program Files (x86)\Google\Chrome\Application\debug.log
Size	272.0B
Processes	2828 (chrome.exe)
Type	ASCII text
MD5	`3e47176ec8bd72d43a744e3080372b25`
SHA1	`0d4815bda0f313223ae7468de583cfd304412bbb`
SHA256	`6274f4ac6f445de831d3623361e786858a3046becbb30a706a481bf54b22da23`
CRC32	`FDE5500E`
ssdeep	`6:qcUmSlNoqYlcKNsGsRU4LGGmm3V4v8TCKNsGsRU4LGGmm3V4vF:nyyqYl7NsXRU4LGBm3V6+NsXRU4LGBmY`
Yara	None matched
VirusTotal	Search for analysis

Name	d37fcb160d37cfdd_settings.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Size	40.0B
Processes	2784 (chrome.exe)
Type	data
MD5	`a3122d4670c51912628b97bdd6fffb80`
SHA1	`45d2e3060e09f46071125d6125983c81ae4970a1`
SHA256	`d37fcb160d37cfddefea794094044b7e588d44c4883c72ba0ef1503e5f9c7d59`
CRC32	`77809701`
ssdeep	`3:FkXD3WyqUm:+ix`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_cer133.tmp Empty file or file not found
Filepath	C:\Windows\cer133.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	d87e5d6e56eedd9c_c2846666-0c6c-4897-956a-b419d1f58d11.dmp Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\c2846666-0c6c-4897-956a-b419d1f58d11.dmp
Size	891.8KB
Processes	2828 (chrome.exe)
Type	Mini DuMP crash report, 10 streams, Thu Jun 27 09:09:12 2024, 0x0 type
MD5	`f20413a3438921a752a98939395bbc83`
SHA1	`bd28ac370778f090a95f24f70562ac9cef763574`
SHA256	`d87e5d6e56eedd9cdd3270a9e31987f88bc70b43e5d4bd72662dac609d34491b`
CRC32	`2637800E`
ssdeep	`6144:EPy25v79iob09rl3APNy40AE44xx0SyXSXYbO7n:KLb09rqPNy4QHxyS8E`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis