popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d40d6e4219762952_kathy.cmd
Submit file
Filepath c:\users\test22\appdata\local\temp\kathy.cmd
Size 13.7KB
Processes 1700 (file.exe) 2068 (cmd.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 c4981f3a5228cb7df18526017be817c6
SHA1 1c3691bfea44a197df09841784cdcaf7cbae3ec5
SHA256 d40d6e421976295250834db769af750c92012dcc88dc65507681faf6e4330c19
CRC32 D7BBD54F
ssdeep 384:6ycHejPS9h4hAx/aKlJ/FoeFBdz7pjneNKQOOln1dGV:6yrmFxxlJ/+eZDQKQ/1y
Yara None matched
VirusTotal Search for analysis
Name 0e1b8db2db793387_holders
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Holders
Size 32.5KB
Processes 1700 (file.exe)
Type data
MD5 30d6715fcb0d2ecea58ef12c55f47667
SHA1 c9db2ae4074ddb7379bbb4f6839b8321be526fa0
SHA256 0e1b8db2db7933870edaa0bccdc6a606f6e55597dde8f99638928f91728ea272
CRC32 8A2E2962
ssdeep 768:w7cF3u8NXQfHL4N36/X01TnsCBwfHRdsEglZlxJvu8lresgN01a:XdNQsZCX01TsCBwfHRd0jBlHC01a
Yara None matched
VirusTotal Search for analysis
Name 90ea0b7abbd52a05_armor
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Armor
Size 393.0B
Processes 1700 (file.exe)
Type data
MD5 539436411a91ffff5f656b26255c8626
SHA1 671cee8628e8cf7658c2705018203b6c2c77b149
SHA256 90ea0b7abbd52a052ff34a28e840821a87f36676952eb89fa50ea813d2ade6ef
CRC32 F80DB5D8
ssdeep 12:UVR3NhyGSGCbTQxbs/0pQHPZdZELq6h17:UP9hyGSnPQxqtP5ELqCB
Yara None matched
VirusTotal Search for analysis
Name b64170d3071397e9_edinburgh
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Edinburgh
Size 67.0KB
Processes 1700 (file.exe)
Type data
MD5 a2773a9de9c8deb990a654e343f1258d
SHA1 cc83f93154c2cd956ee2bbd10f974c1db7cd91c8
SHA256 b64170d3071397e910f47f9f298abc22c33841f759b8ee9d999c6a27a2a4a2c0
CRC32 9A22A7AD
ssdeep 1536:5D+MONonbeOJB564wkBY8+gSEyZYJwUp+zJfcjN3zaUjJmldNIC:5DEibHV6ro/SE/8zdUNjaUjclj5
Yara None matched
VirusTotal Search for analysis
Name 237d1bca6e056df5_instrumental.pif
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\473722\Instrumental.pif
Size 872.7KB
Processes 2068 (cmd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c56b5f0201a3b3de53e561fe76912bfd
SHA1 2a4062e10a5de813f5688221dbeb3f3ff33eb417
SHA256 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
CRC32 76090EE7
ssdeep 12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nspBFB1.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nspBFB1.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 28d4a2a735bf820c_keeps
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Keeps
Size 872.3KB
Processes 1700 (file.exe)
Type data
MD5 fc1fceed4119e874078b3a5fd502477d
SHA1 cddaf83c2aa7bab873ff8b9e3781c338645c81ac
SHA256 28d4a2a735bf820c7c4e48017ed1c0cbcc9351820fa561861b10f86a0022bf76
CRC32 AF728DBC
ssdeep 12288:HpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:HT3E53Myyzl0hMf1tr7Caw8M01
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 3cc341685fded40e_circumstances
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Circumstances
Size 90.0KB
Processes 1700 (file.exe)
Type data
MD5 acbcde3c125a72ebd6a2ae8315f50b63
SHA1 9a1548555b64caf4b0f7e2e14a1b30e700c81552
SHA256 3cc341685fded40e7973a6918312e174f7e9ee3c9f3fd32420f2b1cb21109361
CRC32 3A81BC37
ssdeep 1536:ApWIjQXUCEFFz2o0FzVeCaYa+N8qMFy/9IC1JUX44iNpONdqXu4yRrPWF1WQ9ZP6:Ap8UZ7zWlhNVMFg9l3Uo4iNpONdqXu4i
Yara None matched
VirusTotal Search for analysis
Name 06922a1830ea2523_f
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\473722\f
Size 400.5KB
Processes 2524 (cmd.exe)
Type data
MD5 9c49b4a1f3a17bf4e3e1bc660f245e6c
SHA1 12aa8f0438d64b13c9e7d6886c9d431c89e7f95a
SHA256 06922a1830ea25238ef27d3e47d18f96a003fda2f5ac166b7134a68b180c2363
CRC32 37B638CA
ssdeep 12288:ZHuocEaSUpbgXE+aaAKn28LIYFDMap4qo4agzL4n6Y:ZHudSag0J8MYFDMaWwagzU6Y
Yara None matched
VirusTotal Search for analysis
Name 3c29f332850330bc_calm
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Calm
Size 55.0KB
Processes 1700 (file.exe)
Type data
MD5 caf941605fb0c9b10e1ac279eee961ac
SHA1 7d88fee90d42f11540810d458c73dfe41b9ab85c
SHA256 3c29f332850330bcebab673d0bd18b3313eacd7576d5cf8effd158169cca4a34
CRC32 4DEDD669
ssdeep 768:M+HYYD9Z3IubYJVk+kFcTIFyFBS0XJG+gJXBm3Rrn7WyhZLb/qrWbWy9CIcnZCFV:9HjDLIYFlUi0XJzIen7WyhZ/fWgcIDL9
Yara None matched
VirusTotal Search for analysis
Name 11c9db0ee88e1de8_luxembourg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Luxembourg
Size 89.0KB
Processes 1700 (file.exe)
Type data
MD5 1c809e014a5fbf2c2782f00fc96140cd
SHA1 4d35a46db91a9cd4118ed05063f5db8adc885e34
SHA256 11c9db0ee88e1de82a3a745db8d9d6acf23ad120e18cfb308ad5a538c8868f0d
CRC32 13C43623
ssdeep 1536:beqMzDVY3xm4tuiZwuh81hEy0ZEmYx/dnOe5MwGz1N1Re61Ga3nzPQcCCGB08zwV:beqmC3xm4YyQ+ZEmYH35MwGh061n3nzT
Yara None matched
VirusTotal Search for analysis
Name 3cf292881045f3d5_elliott
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Elliott
Size 67.0KB
Processes 1700 (file.exe)
Type data
MD5 a9f377ceb60f84537bbaf960970cca82
SHA1 07bc24abaab9953be6018f92566b37f107e908a3
SHA256 3cf292881045f3d50364f423aca2fbd87e6f7339fe8db36568a1dd4b78a0b842
CRC32 6C5D8AD7
ssdeep 1536:WBjVrLaFKOUdKIIQDQqO6Muto58cLBiVTiRMPJ:WBprLr2IIpbutVc6
Yara None matched
VirusTotal Search for analysis