Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_C109.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\C109.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	a065227445f91c52_run.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\C109.tmp\run.bat
Size	5.2KB
Processes	1072 (run.exe)
Type	ASCII text, with CRLF line terminators
MD5	`f6f35898666ded2aeed41e85fd3b582f`
SHA1	`b52bd3770166bac46ab6eb151647343c3b604e9a`
SHA256	`a065227445f91c5201f9f5fb8065b488ee203a570d3608a0501d516be6e7cf51`
CRC32	`476ABFCC`
ssdeep	`96:0C/Uos0NnSokUQs1sOSsUEppbgbgTmXtZwqFf2Z0WhUatxR4oXTn:x7GPRoXb`
Yara	None matched
VirusTotal	Search for analysis

Name	91ba7f2f2bd49c8e_590aee7bdd69b59b.customDestinations-ms~RF227abb8.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF227abb8.TMP
Size	7.8KB
Processes	2376 (powershell.exe) 2836 (powershell.exe)
Type	data
MD5	`858fbf54b9d4e2d2cde85d5190bc7573`
SHA1	`ad8672eff918909f24a2eec2f882b3133f74dd19`
SHA256	`91ba7f2f2bd49c8e764771dc4bb2ab37d520e9972d31d036502429382d476535`
CRC32	`6C64B548`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworztDHXyWlUVul:ctvXo5tvbHnorZTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ef50f2acca59baa3_hash.exe Submit file
Filepath	C:\Windows\mimi\hash.exe
Size	29.5KB
Processes	2376 (powershell.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
MD5	`9879e4811c6e80b9aac5801af2541e9f`
SHA1	`59b4d5acb18e1cd2341186739c844813c0081d04`
SHA256	`ef50f2acca59baa3c2565a2241fd895d535b10586beb65bd72f9e0bea6462649`
CRC32	`C03C20E6`
ssdeep	`768:cWymqOm+2hq2StkO6BnUcXlxlqB6e9gnbcuyD7UFO:cWy4m+r2kncXkT9gnouy8FO`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	15b1158d806de140_curl.exe Submit file
Filepath	C:\Windows\mimi\curl.exe
Size	5.2MB
Processes	2836 (powershell.exe)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`104023cef829fce3e34bf1514daff629`
SHA1	`b6e7b949109298ec7ff1aa64404a859b5b41ccae`
SHA256	`15b1158d806de14013fdc3f0e81dca725481d2393249994a122c0a70721ae9f5`
CRC32	`860E015C`
ssdeep	`98304:sZAOsqvbnypxMKKzxrirSL+7goHUs5YrZDv:BqvbnI2uIVo/5Yrxv`
Yara	ftp_command - ftp command Malicious_Library_Zero - Malicious_Library NMap - NMAP PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	5c66f8cfd98dc3ef_cve.exe Submit file
Filepath	C:\Windows\mimi\cve.exe
Size	9.6MB
Processes	3000 (powershell.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`cf2588c7be85b5a0c9d67250b470cf1d`
SHA1	`ff8a6558bbed6f006e676a3d6909a838156cbf10`
SHA256	`5c66f8cfd98dc3ef3c82568bcbd93d9ef24fecf0dbf98c142f601a7690a11d83`
CRC32	`7D2E35C4`
ssdeep	`196608:fjm+UGFLOtEp6dQmRJ8dA6lwkaqdVTWbytLbF4MRWnjqtni:K+UwatddQuslwwdkbyP4Myjeni`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature ASPack_Zero - ASPack packed file IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis