popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF37fdec.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF37fdec.TMP
Size 7.8KB
Processes 2648 (powershell.exe) 3004 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 840226ee14837fd6_xplayd.hta
Submit file
Filepath C:\Users\test22\AppData\Roaming\xplayd.hta
Size 9.5KB
Processes 2648 (powershell.exe)
Type HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5 82a46c36da6b5ae4bd7794eb6fd9f029
SHA1 a8a2efdbeb6d48bbde6072881d775dc5689cc9d2
SHA256 840226ee14837fd6a2033c9696eabf5e488fa14c2149899560d9666bbb39ad4c
CRC32 BFA84FDD
ssdeep 96:wBlppWGQCVN2WtRDOwSMMvN1t3NuRSlqTT2kXhFHHWN0WU5VWUvfnHLHKVlpWzKF:wLtCvMMV1Du8o7+shSDVpB
Yara None matched
VirusTotal Search for analysis
Name acf9522e65e38130_user.inf
Submit file
Filepath C:\Users\Public\user.inf
Size 788.0B
Processes 2924 (mshta.exe)
Type Windows setup INFormation, ASCII text, with CRLF line terminators
MD5 d0a68db6f05582ce2092d67fae613c1d
SHA1 88baf13f8ebd5b62c654f715d1d745e2c76fd9e8
SHA256 acf9522e65e38130ec356c7793743d5df4714a82a407dd78cb05ca6ccf29d804
CRC32 88027C22
ssdeep 24:Zz585anuYXZVu5IL7LxAmAq0gb4h4VA/uJIlRVn:ZXnb3lLHxAmAq0g8h4CwS7
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name c9cbca0600451df2_rolg.ps1
Submit file
Filepath C:\Users\Public\RoLg.ps1
Size 978.0B
Processes 2924 (mshta.exe)
Type ASCII text, with CRLF line terminators
MD5 5639f032072f705d335cfed170c4d955
SHA1 db4196b259225c10cf56419427c883bd3d08212b
SHA256 c9cbca0600451df271808894795215a418067ed7d656ea5d39f93437b51e30a4
CRC32 FADFD8B2
ssdeep 24:R6IWpWFzJ0WUp22nhM5OHD2EEr4YaI5C0uM:w7WAW6bnhHHD2EEr4Ya4l
Yara None matched
VirusTotal Search for analysis
Name bfbe3513fa6d7699_1337x.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\1337x.txt
Size 8.5KB
Processes 2648 (powershell.exe)
Type UTF-8 Unicode text, with CRLF line terminators
MD5 9387e14d835909fd541f7da0ac11bb1e
SHA1 1adfb1c658909dacac235f4493026e3a37775f60
SHA256 bfbe3513fa6d769977a9196b8358bf67a0ae43ae3cf657120f73f5dc97613fca
CRC32 57DDACC2
ssdeep 96:UHCC7fr/S05cDewQsGUfb/bfOjR3GmfV5SjVzfPolVzm8w3G2cMndqyjfOD1GnjQ:0Z7fraocDqXjRW5ZLuDMm9GxZVsqt6t
Yara None matched
VirusTotal Search for analysis
Name f52036306d49ca5b_jdaqmeqs.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\jdaqmeqs.0.cs
Size 319.0B
Processes 3004 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators
MD5 f3c09788c53ec7b12e03c328440a57fc
SHA1 898711631c676136cc0576370c705d5bb38df060
SHA256 f52036306d49ca5bc0c58242a311526e4d045dcd070b0981db503da5e3a55212
CRC32 99FC46F2
ssdeep 6:V/DsYLDS81zu9deaso68SRkoSoODFJwiQQAZ8SRYK4uOmtKy:V/DTLDfu/eaRE9OFJw8Ad4YKy
Yara None matched
VirusTotal Search for analysis
Name ff52e68babbba963_jdaqmeqs.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\jdaqmeqs.dll
Size 3.5KB
Processes 2228 (csc.exe) 3004 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 4ddf1cf820431150e8dc7d6092ba8922
SHA1 2e3a36bf7ab57634fadff805cd7bb2343b592876
SHA256 ff52e68babbba96336fe6b1b0e7f4ab8a6efc42902e5c5d63fad5465cfc86552
CRC32 CB152474
ssdeep 24:etGSLNiGTpeS57UdDbbdPtkZfRmP2gmI+ycuZhN5makS23PNnq:6sacDduJRmuL1ulUa3oq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 0b91154f7907ff59_erlnb.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Erlnb.exe
Size 26.0KB
Processes 2648 (powershell.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 9352ddda312eeb93823ee2e6cc9a83bc
SHA1 cfd74b8b392d6931bed72ec3251abcaff5b4b908
SHA256 0b91154f7907ff59359c2f923b2ea91970b8a2899259c4a7713056cee656453c
CRC32 ADA94EA7
ssdeep 384:jsLtqBnBCZBICogb3/3wwT47s3y3IcPf+TaslUGjCa1V6fxLXjjp:zBn9m/AWWfKasGYCa18jjp
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name bf43ee8f7d6a6d65_jdaqmeqs.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\jdaqmeqs.pdb
Size 7.5KB
Processes 2228 (csc.exe) 3004 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 93b009f1bcc46c878e400442c2720f08
SHA1 92378deed8a3ac319c4095c304eb5428f810f747
SHA256 bf43ee8f7d6a6d65b5b4a442ed98c01a2be17e47445248de80741164c117c8bd
CRC32 F996484D
ssdeep 6:zz/BamfXllNS/n691mllxrS/77715KZYXxGQu+e0KpYXW0qMoGggksl/cEDf:zz/H1W/n63SXS/pw2qXlMRD
Yara None matched
VirusTotal Search for analysis
Name b2ddefc9e913af61_jdaqmeqs.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\jdaqmeqs.cmdline
Size 311.0B
Processes 3004 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 9f26f5a28be0b682e08ca752f1c1ed49
SHA1 a5c0afadddd70934536c21560646b131773ffe0b
SHA256 b2ddefc9e913af6154b8bb97cca283e1305c64aae773664c0b8c554b7b81cdfd
CRC32 C65BCDAE
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fZymGsSAE2NmQpcLJ23fZ3:p37LvXOLMwnPAE2xOLMR
Yara None matched
VirusTotal Search for analysis
Name 447c56b23181c2b8_jdaqmeqs.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\jdaqmeqs.out
Size 607.0B
Processes 3004 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 743da1148b3ee1ad25a3dfaca4f34fd2
SHA1 6551b259e01f92b8ee40913e45bcb2963d083c18
SHA256 447c56b23181c2b8551d08445b3f13eda8aee3599593d035a09302ef316c8646
CRC32 A3287466
ssdeep 12:K4OLM9nzR37LvXOLMwnPAE2xOLM0Kai31bIKIMBj6I5BFR5y:K+9nzd3BwnIE2n0Kai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name 699f7d72f88149f1_CSC13A2.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC13A2.tmp
Size 652.0B
Processes 2228 (csc.exe)
Type MSVC .res
MD5 fd6bc7ac99094be29d6b429494994e82
SHA1 4a1970fe2fb84e5e8fd00a1e0335af92600783a7
SHA256 699f7d72f88149f13c340c0b2c64de64f24851f91a8b1d2030152b597f03284f
CRC32 1D00F830
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryLmak7Ynqq23PN5Dlq5J:+RI+ycuZhN5makS23PNnqX
Yara None matched
VirusTotal Search for analysis
Name 5b3c3756b9118bc5_RES13B3.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES13B3.tmp
Size 1.2KB
Processes 2212 (cvtres.exe) 2228 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 c29b1bb79604daa22ce89a1bf074f037
SHA1 ea9d0c4c566ee6a5b0b244b3bb1a28f471aee33d
SHA256 5b3c3756b9118bc5aa1e5fcb94aa36aff9cb574ce36336af8c8b02a44245c9c9
CRC32 C5B8AF6A
ssdeep 24:H1J9Yern0yPmHKUnhKLI+ycuZhN5makS23PNnqjtd:aern1PmVnhKL1ulUa3oqjH
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_jdaqmeqs.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\jdaqmeqs.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis