Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...

Dropped Files | ZeroBOX

Name	a32e0a83001d2c5d_2.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\2.tmp
Size	36.0B
Processes	2628 (1PDF.FaturaDetay_202407.exe)
Type	Microsoft Cabinet archive data, 36 bytes
MD5	`8708699d2c73bed30a0a08d80f96d6d7`
SHA1	`684cb9d317146553e8c5269c8afb1539565f4f78`
SHA256	`a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f`
CRC32	`EAB67334`
ssdeep	`3:wDl:wDl`
Yara	CAB_file_format - CAB archive file
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF6edceb.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF6edceb.TMP
Size	7.8KB
Processes	2796 (powershell.exe) 2916 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	2d8e573a56755e38_uninstall.exe Submit file
Filepath	C:\TheDream\Uninstall.exe
Size	97.5KB
Processes	2628 (1PDF.FaturaDetay_202407.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`da79f594d4dd480d36d7d1e644568c57`
SHA1	`bc2bdb17395ad28007a619738eea59aafebe643d`
SHA256	`2d8e573a56755e3824c13fc32f763253b69be59597531a40c1bfd4502629d024`
CRC32	`20A5A731`
ssdeep	`1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o75K:kzgjO/Zd1RePDmZ8tf05iW4u1K`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet mzp_file_format - MZP(Delphi) file format
VirusTotal	Search for analysis

Name	4c8c1f2d9ef8192c_log.txt Submit file
Filepath	C:\TheDream\log.txt
Size	78.0B
Processes	2988 (RootDesign.exe) 2228 (RootDesign.exe) 2464 (RootDesign.exe) 2828 (RootDesign.exe) 2712 (RootDesign.exe)
Type	ASCII text, with CRLF line terminators
MD5	`e5194869aa1e865bef36ee36b51aa863`
SHA1	`51e5896c5ae667ab0c3a6a7206a22d0332d2aa45`
SHA256	`4c8c1f2d9ef8192c3afd48d716c3c572acbde061dad28c93b96b4dd322094ee4`
CRC32	`06DB7BBA`
ssdeep	`3:3ov9GvAabpUqX2pUqX2pUqX2y:0AllUsCUsCUsX`
Yara	None matched
VirusTotal	Search for analysis

Name	66ed40ce55f936c6_temp_0.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\temp_0.tmp
Size	128.6KB
Processes	2628 (1PDF.FaturaDetay_202407.exe)
Type	Microsoft Cabinet archive data, 131730 bytes, 2 files
MD5	`ad18b228b469baa1ad4d7c0c807942f7`
SHA1	`4fc6c97468feb059742e5e15cd4277e4aaf3387e`
SHA256	`66ed40ce55f936c6ce7f9c48ef601c1c05be5087d227831762ee00ec89393fae`
CRC32	`CD66BD9E`
ssdeep	`3072:qTP1tGorH0CaW7g+r/cdkpTILxKzFjsc2eIhpZkHIQULNLo2QMhQBR:etsorUC7ggXpTILMYSQpIIQENMshQT`
Yara	CAB_file_format - CAB archive file
VirusTotal	Search for analysis

Name	a5794b8e199ca1a7_rootdesign.exe Submit file
Filepath	C:\TheDream\RootDesign.exe
Size	126.0KB
Processes	2628 (1PDF.FaturaDetay_202407.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ba563203779c4ad6b2e619c42463f4a8`
SHA1	`d85458664b6c971d2e24da84a2dbbb88a03fc542`
SHA256	`a5794b8e199ca1a7c35cb4d393282fde4a73e9f9190153e97a13eb9baf3a35e6`
CRC32	`4BD9E6B2`
ssdeep	`3072:/dLS/2sr5ZtpvlCVxLVd0PkbF8eYGkLhV:/4XvvUL7zbF8eYGkV`
Yara	ConfuserEx_Zero - Confuser .NET PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis

Name	f532cb767e847224_uninstall.ini Submit file
Filepath	C:\TheDream\Uninstall.ini
Size	2.3KB
Processes	2628 (1PDF.FaturaDetay_202407.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`4f8b1beb68c93a56f83dd477d9375fb7`
SHA1	`f09ce978520b5cda8c3d8e604adcb5abc8ba1b44`
SHA256	`f532cb767e847224e99d5f4852f151cedcac96d65a815bfd1dfe5f3e61f9b2ae`
CRC32	`03BF2B1A`
ssdeep	`48:U91B391BH91F91O91G91BC91591w91n91S91rm91291Q91L91Rez05QLJjqM1sYn:C1713131I1w1y1L1e191c1rQ1g1+1R1A`
Yara	None matched
VirusTotal	Search for analysis

Name	91bcb614144a9721_readme.txt Submit file
Filepath	C:\Users\test22\Desktop\readme.txt
Size	1.3KB
Processes	2464 (RootDesign.exe) 2828 (RootDesign.exe) 2712 (RootDesign.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f87a14daa7116e7ccd375aadf5a665b9`
SHA1	`eff1d54eb33a855353663c926059bd632fb2615d`
SHA256	`91bcb614144a9721f646e5ea6e7673a323db2f950ff3c9acfac919f9357d4fa4`
CRC32	`5224E98B`
ssdeep	`24:3nhJoJwQVD4ZbXLKPHJ0wCJ+nW+SbAOf1tLIMjaIIFkfMlXJP694wqQG:3KDgbXQk+SH9FIwaViMl54qQG`
Yara	None matched
VirusTotal	Search for analysis