popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 3867a60acb5d01c3_spn8rj3st7tde9sdoz97brm9.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPn8Rj3ST7TdE9SdoZ97brm9.bat
Size 70.0B
Processes 2652 (CasPol.exe)
Type ASCII text, with no line terminators
MD5 c3b3e8ad09650059e9e1c3cca3ded354
SHA1 18047a391b386d06109ee8d4a4648c139f290172
SHA256 3867a60acb5d01c3fab98597a7507068caf2c8a3fab4bd4b7ed17706e54e5290
CRC32 405CF5D0
ssdeep 3:Ljn9m1mWxpcL4E2J5do+O+qtFUrJF:fE1mQpcLJ23blWFsF
Yara None matched
VirusTotal Search for analysis
Name d9e15bb8027ff52d_7rhe9m4ggyavkmvttyuyr6j3.exe
Submit file
Filepath C:\Users\test22\Pictures\7Rhe9M4GgyAVkmvttYuyr6j3.exe
Size 7.3KB
Processes 2652 (CasPol.exe)
Type HTML document, UTF-8 Unicode text, with very long lines
MD5 77f762f953163d7639dff697104e1470
SHA1 ade9fff9ffc2d587d50c636c28e4cd8dd99548d3
SHA256 d9e15bb8027ff52d6d8d4e294c0d690f4bbf9ef3abc6001f69dcf08896fbd4ea
CRC32 B0DC8C43
ssdeep 192:5LP+u+v13xV1cSHYu+zogDLIIUObDz5p7KoxSR1yz:5D+hv13T1FH0fHIIPD9xKu
Yara None matched
VirusTotal Search for analysis
Name 87e1cf745d567435_ynjjrs4lmob9byshcm7p963b.exe
Submit file
Filepath C:\Users\test22\AppData\Local\ynJjrs4lmoB9BYSHCM7P963B.exe
Size 213.5KB
Processes 2652 (CasPol.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ab5a35864901384b1e299c8a5de97127
SHA1 1aad7ff081977149820847167723712181cd37d6
SHA256 87e1cf745d56743538a2010a9da9046e0303e3de1969ad81090486aba028278a
CRC32 A3A5FA2C
ssdeep 3072:IpLCDpyQ2j35SA9SYf9puB/6tyHFHti51egaHe:ULApy335SCvup6uFZ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 6ef7da738c904360_nqnc6ysasopwcvzx3yt6kwsu.bat
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nQNC6ySAsopWCVZx3Yt6kwsU.bat
Size 70.0B
Processes 2652 (CasPol.exe)
Type ASCII text, with no line terminators
MD5 31a87a4b41e3a2e3ba4ceb5cc2ee70ee
SHA1 f866a558b74893ea6551fe172a45e0546b3b26dc
SHA256 6ef7da738c904360518878532d6a0dcd1119ed57a6e61af77456615b98317aca
CRC32 BE9910F6
ssdeep 3:Ljn9m1mWxpcL4E2J5cSIvTWLACl:fE1mQpcLJ23cXvs
Yara None matched
VirusTotal Search for analysis