popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a32e0a83001d2c5d_2.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\$inst\2.tmp
Size 36.0B
Processes 1460 (SIP.03746.XSLSX.exe)
Type Microsoft Cabinet archive data, 36 bytes
MD5 8708699d2c73bed30a0a08d80f96d6d7
SHA1 684cb9d317146553e8c5269c8afb1539565f4f78
SHA256 a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f
CRC32 EAB67334
ssdeep 3:wDl:wDl
Yara
  • CAB_file_format - CAB archive file
VirusTotal Search for analysis
Name d6431d5645fffd05_d93f411851d7c929.customDestinations-ms~RF1825221.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1825221.TMP
Size 7.8KB
Processes 2192 (powershell.exe) 2280 (powershell.exe)
Type data
MD5 260d23ce04a8f8555a73b7d2dc15e911
SHA1 ebad746fb7de847c50f7502a44f6e35534733efd
SHA256 d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588
CRC32 11D6B213
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 2d8e573a56755e38_uninstall.exe
Submit file
Filepath C:\TheDream\Uninstall.exe
Size 97.5KB
Processes 1460 (SIP.03746.XSLSX.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 da79f594d4dd480d36d7d1e644568c57
SHA1 bc2bdb17395ad28007a619738eea59aafebe643d
SHA256 2d8e573a56755e3824c13fc32f763253b69be59597531a40c1bfd4502629d024
CRC32 20A5A731
ssdeep 1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o75K:kzgjO/Zd1RePDmZ8tf05iW4u1K
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • mzp_file_format - MZP(Delphi) file format
VirusTotal Search for analysis
Name e4c17066fd7f2228_temp_0.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\$inst\temp_0.tmp
Size 128.1KB
Processes 1460 (SIP.03746.XSLSX.exe)
Type Microsoft Cabinet archive data, 131210 bytes, 2 files
MD5 09373b4bee930ea698fd516622be606d
SHA1 ac6b9f67bc156b62e2bb848385a8b214276ce9a0
SHA256 e4c17066fd7f22286d2bf35e4cb88278bcfd50f26a8296292dcfcdb87e411e70
CRC32 58F945DA
ssdeep 3072:79Baxf+ewISZRj2smvhST5PE47JNub3WfuDY0Y8rz3+izmCNw:7Gx1d0RjzV5Pnz63LLHBNw
Yara
  • CAB_file_format - CAB archive file
VirusTotal Search for analysis
Name a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1824b7a.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1824b7a.TMP
Size 7.8KB
Type data
MD5 b0c9ff441742f3847ea27da9dee7f2cd
SHA1 c42a1eb32ba953a0ce5d8635caabf71b5b281495
SHA256 a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4
CRC32 0BBCAB1A
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name bbda59896347af0b_rootdesign.exe
Submit file
Filepath C:\TheDream\RootDesign.exe
Size 125.5KB
Processes 1460 (SIP.03746.XSLSX.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 e739795e2208eb8e10ee98b92b52a5ca
SHA1 0ac1bd3681544350158ff9d7c44d1732b5673178
SHA256 bbda59896347af0b13c361b9fb97c42c1903e1cd1fad498c8192416c408139c5
CRC32 DB2F0D26
ssdeep 1536:w0DwGNVSLevGMF86LEgrKVJMQht2MdGnetU1ocHBPr9hHB0ofiLTV7LZ:lRNVlNWCrIVvtU6chPHHB0ofivhV
Yara
  • ConfuserEx_Zero - Confuser .NET
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name f532cb767e847224_uninstall.ini
Submit file
Filepath C:\TheDream\Uninstall.ini
Size 2.3KB
Processes 1460 (SIP.03746.XSLSX.exe)
Type ISO-8859 text, with CRLF line terminators
MD5 4f8b1beb68c93a56f83dd477d9375fb7
SHA1 f09ce978520b5cda8c3d8e604adcb5abc8ba1b44
SHA256 f532cb767e847224e99d5f4852f151cedcac96d65a815bfd1dfe5f3e61f9b2ae
CRC32 03BF2B1A
ssdeep 48:U91B391BH91F91O91G91BC91591w91n91S91rm91291Q91L91Rez05QLJjqM1sYn:C1713131I1w1y1L1e191c1rQ1g1+1R1A
Yara None matched
VirusTotal Search for analysis
Name 91bcb614144a9721_readme.txt
Submit file
Filepath C:\Users\test22\Desktop\readme.txt
Size 1.3KB
Processes 2748 (RootDesign.exe) 3020 (RootDesign.exe) 2136 (RootDesign.exe) 2424 (RootDesign.exe) 2760 (RootDesign.exe) 2496 (RootDesign.exe) 1960 (RootDesign.exe) 1932 (RootDesign.exe) 516 (RootDesign.exe) 748 (RootDesign.exe) 1872 (RootDesign.exe) 2132 (RootDesign.exe) 2176 (RootDesign.exe) 1712 (RootDesign.exe) 2196 (RootDesign.exe) 2612 (RootDesign.exe) 2604 (RootDesign.exe)
Type UTF-8 Unicode text, with CRLF line terminators
MD5 f87a14daa7116e7ccd375aadf5a665b9
SHA1 eff1d54eb33a855353663c926059bd632fb2615d
SHA256 91bcb614144a9721f646e5ea6e7673a323db2f950ff3c9acfac919f9357d4fa4
CRC32 5224E98B
ssdeep 24:3nhJoJwQVD4ZbXLKPHJ0wCJ+nW+SbAOf1tLIMjaIIFkfMlXJP694wqQG:3KDgbXQk+SH9FIwaViMl54qQG
Yara None matched
VirusTotal Search for analysis
Name d242df5786f8bf51_log.txt
Submit file
Filepath C:\TheDream\log.txt
Size 276.0B
Processes 2356 (RootDesign.exe) 2748 (RootDesign.exe) 3020 (RootDesign.exe) 2136 (RootDesign.exe) 2424 (RootDesign.exe) 2760 (RootDesign.exe) 2496 (RootDesign.exe) 1960 (RootDesign.exe) 1932 (RootDesign.exe) 516 (RootDesign.exe) 748 (RootDesign.exe) 1872 (RootDesign.exe) 2132 (RootDesign.exe) 2176 (RootDesign.exe) 1712 (RootDesign.exe) 2196 (RootDesign.exe) 2612 (RootDesign.exe) 2604 (RootDesign.exe)
Type ASCII text, with CRLF line terminators
MD5 68cc39cecebe491143d050c3cc8d527e
SHA1 54c4fdbe25e6db85c79b4f3de906f61cdc0b9cdf
SHA256 d242df5786f8bf5174a62bfee35247de102620c55ed84b5ab9fdbb45a22c8c64
CRC32 73707BA3
ssdeep 6:+qlUsCUsCUsCUsCUsCUsCUsCUsCUsCUsCUsCUsCUsCUsCUsCUsCUsX:+U
Yara None matched
VirusTotal Search for analysis