popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 2dde0ef2b4a0d559_logs.dat
Submit file
Filepath C:\ProgramData\Remcos\logs.dat
Size 260.0B
Processes 2996 (windowsjx.exe)
Type data
MD5 edab3a4e27770a439f0cda2a62e2d647
SHA1 78ff7864bf2b6c1b02a8fef822c94cd99e436b80
SHA256 2dde0ef2b4a0d55951ee5ca774a7d017c1a6fdd2b74e9427fe0bffbe23f35aec
CRC32 EAA15E5C
ssdeep 6:6lVduS65YcIeeDAlOWA4dbJWEogltmgXl1oV:6lVyec0WNW+ltZI
Yara None matched
VirusTotal Search for analysis
Name 8f47dbd8189dbe96_invoice_a_202.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\invoice_a_202.exe
Size 465.0KB
Processes 2572 (wscript.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f9e94909637a6b6471565022188ab2be
SHA1 b7b70fe9831829ebbe8e810d4d0a6253205dd640
SHA256 8f47dbd8189dbe96bda7511f2a37277ee9fab8a763619d120c0fe49d953124b7
CRC32 794BB34B
ssdeep 6144:2/Ya3uK4MW5sl80PF2hV/4puXyjSJ5DwFiyycdFXErWksAOZZgjXAccD6N:2/YaejslPd2f/4njSJJwLZ4sfZgpN
Yara
  • Network_Downloader - File Downloader
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • infoStealer_browser_b_Zero - browser info stealer
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 822cbb0bef4ca3df_install.vbs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\install.vbs
Size 392.0B
Processes 2792 (invoice_a_202.exe) 2864 (wscript.exe)
Type data
MD5 a709fe06db2d825ee491b8bac6569204
SHA1 add15c4998d5ed7ceb83714514a6285f52cfcecb
SHA256 822cbb0bef4ca3dff8f2ae70537a990a2c4330db5b484f5e51282cb43ece8e46
CRC32 F71EBBA0
ssdeep 12:4D8o++ugypjBQMBvFQ4lOnb5SprNF0M/0aimi:4Dh+S0FNObYrNF0Nait
Yara None matched
VirusTotal Search for analysis
Name 95528d76bb3641c4_time_20240711_042547.jpg
Submit file
Filepath C:\Users\test22\AppData\Roaming\Screenshots\time_20240711_042547.jpg
Size 29.7KB
Processes 2996 (windowsjx.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 e973663ffcd91a15154d2ee4eee91a92
SHA1 925533505e57c303db099280e504ed3ceaa28e31
SHA256 95528d76bb3641c4fb5c4b72c5213bd2142a26f7924a5075caff779a347534c2
CRC32 29AAD411
ssdeep 384:B7vLfr7LbgJOhooypmFf48Z3GUaf4xgCgrJxVO26UztA:BjErqf48Z3GM+CgjVle
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name a2eb8ec643b32f38_bqiniwtuyc.js
Submit file
Filepath C:\Users\test22\AppData\Roaming\bQiNiwTuYc.js
Size 3.6KB
Processes 2572 (wscript.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 794372001398b622ff579acfaef83033
SHA1 16a5959aff569a269103456b282dd803651f4e06
SHA256 a2eb8ec643b32f38c67006ea8b9ab00b449546b4869dd4e43fb45fc5fba45968
CRC32 78E752A2
ssdeep 96:00UAUU/bAuojKxyimicjumLmTVBedfwBvVBDUJDSCOPAtG8x7Op:00UAUUDAuom8ihcjumLmTVBedYtVBDUo
Yara None matched
VirusTotal Search for analysis