popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 2b9de0299a80e370_systems.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\systems.exe
Size 471.0KB
Processes 2544 (systems.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 454a942056f6d69c4a06ffedffea974a
SHA1 2dc40e77a9fb2822a8d11ad1c30715bd2974ae99
SHA256 2b9de0299a80e370e454b8512ee65abf2eac12ab3fe681201c25745978b199ed
CRC32 A436874E
ssdeep 12288:Fh1Lk70TnvjcwkhK/wO+FkH6GQx0Xs8eqUVd:Rk70TrcwkMY9xfJ3
Yara
  • Malicious_Library_Zero - Malicious_Library
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • UltraVNC_Zero - UltraVNC
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 37a4d43e917aa593_uiw3yDSfdjCt.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\uiw3yDSfdjCt.bat
Size 171.0B
Processes 2544 (systems.exe) 2460 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 4db008d01db078e6098e38ccba5d0ddc
SHA1 0a8cefffa74f339dabd33eaab6c14e415c9e8581
SHA256 37a4d43e917aa593582587b054536ec4bff3451e51c2ae3c3a6fb35f7e795fa7
CRC32 AAEC2E46
ssdeep 3:mKDDVNGvTVLqFvEROr+jn9m1mWxpcL4E2J5xAI/0dbBktKcKZG1mWxpcL4E2J5xF:hCRLqFcROr+DE1mQpcLJ23fcdbKOZG11
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2748 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 583a5db745097389_cli.exe
Submit file
Filepath c:\users\test22\appdata\local\myhiddenfolder\cli.exe
Size 421.0KB
Processes 2544 (systems.exe) 2916 (cli.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7635a980a70449cc7f8ec5640274b61f
SHA1 025ac7c7807debc1e4f4bdfea177305c68c2c6d5
SHA256 583a5db745097389dd721ddb652636a2b9547fc1031dd3854c7c3e1c5bb618a2
CRC32 64515E7A
ssdeep 6144:HLS5MMjYUOJUsiPFI+dODgNRhW3qpGVSNxPpXv+ilAJFxp3meClfzJb5:HW5Mu4ya+YDgNhphXhJlaFxp3mFVb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis