Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 02:09
This New Video Game Is...
09.21 02:09
FTC finds social media...
09.21 02:09
FTC finds social media...
09.21 01:09
Automate detection and...
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...
09.21 12:09
Middle East backdoored...

Dropped Files | ZeroBOX

Name	d6431d5645fffd05_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2976 (powershell.exe)
Type	data
MD5	`260d23ce04a8f8555a73b7d2dc15e911`
SHA1	`ebad746fb7de847c50f7502a44f6e35534733efd`
SHA256	`d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588`
CRC32	`11D6B213`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	3285933552ef4f43_vys7aoggirlcpxx1kyeaoal7.exe Submit file
Filepath	C:\Users\test22\AppData\Local\VYs7aogGIrLCpxX1KYEaoAL7.exe
Size	409.5KB
Processes	2152 (InstallUtil.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ac0e89743359913cf03f8d71e8971c43`
SHA1	`e00fea44399e6822946e4c301eb7426ddabd6ca6`
SHA256	`3285933552ef4f43a2f98030df7e1770d03d093c3959551c18bdc5e6c83b32ae`
CRC32	`D9997D7D`
ssdeep	`6144:vEtEGUyT5kLu7NnIVyU4Uo/V+YPZdYYQiLXRrYoYFEHRT:vEt5JT5kL4IVyU0zZiE1`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ba7ebcf97d5fd34e_ctr52ja5gkrmkrw4wjnncbwq.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CtR52JA5gkRmkrw4WjnncBWq.bat
Size	70.0B
Processes	2152 (InstallUtil.exe)
Type	ASCII text, with no line terminators
MD5	`8ab0d9ca6e527ee6cc9fec4a528ac55a`
SHA1	`2e2dde44bbb4f7b61f89b213b89fd8196889eaa3`
SHA256	`ba7ebcf97d5fd34ea97c8d4aaaca5401eb1b58c1cc15666c2c21143f4e04e8c6`
CRC32	`91FE15A9`
ssdeep	`3:Ljn9m1mWxpcL4E2J5zaCvpmVdXbn:fE1mQpcLJ23e8I3r`
Yara	None matched
VirusTotal	Search for analysis

Name	8c74c2928c681016_3c428b1a3e5f57d887ec4b864fac5dcc Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Size	252.0B
Processes	2152 (InstallUtil.exe)
Type	data
MD5	`313e1208bf8eb8153caee99d447ea6d2`
SHA1	`16ab9a3cb4c18a619fe4f78618b2bdf7a49d409e`
SHA256	`8c74c2928c681016e684fdc3ea74ac9f0ab9604d9edc94052abc6a0d76d33594`
CRC32	`B11EF0B1`
ssdeep	`6:kKFk5LDcJcbjcalgRAOAUSW0zeEpV1Ew1OXISMlcV/:Nk5LYNtWOxSW0zeYrsMlU/`
Yara	None matched
VirusTotal	Search for analysis

Name	cb3ccbb76031e5e0_3c428b1a3e5f57d887ec4b864fac5dcc Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Size	914.0B
Processes	2152 (InstallUtil.exe)
Type	data
MD5	`e4a68ac854ac5242460afd72481b2a44`
SHA1	`df3c24f9bfd666761b268073fe06d1cc8d4f82a4`
SHA256	`cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f`
CRC32	`5017495B`
ssdeep	`24:c0oGlGm7qGlGd7SK1tcudP5M/C0VQYyL4R3fum:+JnJ17tcudRMq6QsF`
Yara	None matched
VirusTotal	Search for analysis

Name	d6dc9378519fbc92_bpr52zbykzlntuwhlgwv3ugk.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bPR52zbYKzlnTUwhlGwv3UGk.bat
Size	70.0B
Processes	2152 (InstallUtil.exe)
Type	ASCII text, with no line terminators
MD5	`8d0a8f760a98840ac9c8b365a7bb7378`
SHA1	`1de779e3f9ef32eb19aefe3863fe28e3b3cd9b2a`
SHA256	`d6dc9378519fbc92727deec5c6072dca229f5c7a7129a2e073a259ac6088b8e3`
CRC32	`57F205AA`
ssdeep	`3:Ljn9m1mWxpcL4E2J5/dKUXQyxG4kgcJHF:fE1mQpcLJ23VKOQyAzgOl`
Yara	None matched
VirusTotal	Search for analysis

Name	62f2308826a23b60_z8shbnj525wmwlcm3i5temzz.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Z8SHBnj525WmwLcm3I5TEMZZ.exe
Size	7.2MB
Processes	2152 (InstallUtil.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5dc97eacc5086f917367b3e29d0e459e`
SHA1	`07915bd1303b2ae84ddcf5f807206ab79614ddd2`
SHA256	`62f2308826a23b60d83afc8cb01d11bde2bdfa03f14492450f23924c4487e64f`
CRC32	`35E5BBBC`
ssdeep	`196608:91OIOXv4i0wt9t4j9hBbF5+Id/vz+mhHkB08SuyWkeQ:3OI+v74j9/btd/bnhHS0Huy1eQ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis