Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 02:09
Inside a Portable Sate...
09.20 02:09
리튬포어스, 카카오프렌즈 ‘휴대용 미니 ...
09.20 02:09
제이피에스코스메틱 선형훈 대표이사, 산업...
09.20 02:09
Fence Agents Remediati...
09.20 01:09
재능넷, AI 기반 시각화 전문 지식 서...
09.20 01:09
[PASCON 2024-영상] 카스퍼스키...
09.20 01:09
2024-09-19 UNC1860 Ira...
09.20 01:09
Nvidia Teams Up With A...
09.20 12:09
[PASCON 2024-영상] 펜타린크 ...
09.20 11:09
ISC Stormcast For Frid...

Dropped Files | ZeroBOX

Name	339df21c2e9e1195_6121.tmp.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\6121.tmp.tmp
Size	5.9KB
Processes	1364 (regsvr32.exe)
Type	PDF document, version 1.7
MD5	`de53f43368e107f6c642e05ac4ba5ec2`
SHA1	`eb77ec7f1caccfec53c42bda32786f7c5dac49c9`
SHA256	`339df21c2e9e11957624ba83ed8b64f33ce882e8435a5be4a88245d00086b21b`
CRC32	`073FF8E3`
ssdeep	`96:H0Z/IJM4I2ZHqG8vzNWOSj14F4hw7cPBeVWycjb4twZCL+XBoCabmElQCFZkS7P9:OIdIYDAzNWObm9yyUuC6oFZkSzJCn1S`
Yara	PDF_Format_Z - PDF Format
VirusTotal	Search for analysis

Name	cd2900bd64871e56_d93f411851d7c929.customDestinations-ms~RF1268094.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1268094.TMP
Size	7.8KB
Processes	2080 (powershell.exe) 2536 (powershell.exe)
Type	data
MD5	`703dde4cef41212bad479c742c6de518`
SHA1	`4a15ad11e4c9eedc051a44e6e2f133246583f199`
SHA256	`cd2900bd64871e56e500bb534ef2a5b8fb1efcf2788a04f88a115e800437f633`
CRC32	`240C986F`
ssdeep	`96:AtuCcBGCPDXBqvsqvJCwoFtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:AtCgXoFtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	96bcec06264976f3_2d85f72862b55c4eadd9e66e06947f3d Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Size	1.4KB
Processes	2788 (iexplore.exe) 2568 (wscript.exe)
Type	data
MD5	`0cd2f9e0da1773e9ed864da5e370e74e`
SHA1	`cabd2a79a1076a31f21d253635cb039d4329a5e8`
SHA256	`96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6`
CRC32	`65E5A5B2`
ssdeep	`24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1`
Yara	None matched
VirusTotal	Search for analysis

Name	844c4c2d34718bd1_wgowlr2.lvrj Submit file
Filepath	C:\ProgramData\wGoWlR2.lVRJ
Size	26.3MB
Processes	2568 (wscript.exe) 2788 (iexplore.exe) 2716 (iexplore.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`42f4b52d41b8b79b6af093d678dcfcef`
SHA1	`067f1b59550f539868a88a53a0eeef3105054c90`
SHA256	`844c4c2d34718bd1e347c2455f3d311f0182b8100509c71dcd7d3c0f0c6288a0`
CRC32	`8BC0A187`
ssdeep	`49152:SqMreCMivtM5Q82hjo7MUuOgauEtqoN2FeirIOQmJSupZhA4mwRrjG5l7MgNkFic:0`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files) hide_executable_file - Hide executable file anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	8870f7eea03b5ac3_B6E9.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\B6E9.tmp
Size	9.6MB
Processes	2208 (regsvr32.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`625b39d48d6ec3de3b02a3a9fc3f8e9a`
SHA1	`3fd4e0b041607c36febfa10accc300bc248de226`
SHA256	`8870f7eea03b5ac30696f60ba3735ddd89ed9cdf0078eb4e173343898e5432d3`
CRC32	`96C761B7`
ssdeep	`196608:9lU72ub7r03wClnu0aXecXpK1vAYm4dq8wnHFDo:nU7w3rMV4IMsfU`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	ec75fa48797a79d7_ieserviceupdate.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\IEServer\Update\IEServiceUpdate.dat
Size	11.1MB
Processes	2208 (regsvr32.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`a0dd33b6b8c3ac9bee46a95586df345f`
SHA1	`fdab0f08ab26f75cb251c95a73177a0afa3b545a`
SHA256	`ec75fa48797a79d752f2ef51bb9fa67436ce9bd91eb97f806366f9daeedfdce2`
CRC32	`D7413D57`
ssdeep	`196608:ns6M08CVKC93EORPK6sBUgTvM19GceHrUJyg+95h0/a2V:s00u3nANc49/N`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	c47a35a347a6a8e2_80DF.tmp.enc Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\80DF.tmp.enc
Size	404.0B
Processes	1364 (regsvr32.exe)
Type	a.out VAX demand paged (first page unmapped) pure executable
MD5	`0967454cd45d648313f73917311810c8`
SHA1	`f3699ba709018212ecce371f3b92718954c7fea6`
SHA256	`c47a35a347a6a8e2f387d5bc10bc9f34de99b3444e7660e664c88fbc02c596e5`
CRC32	`97F3B5AB`
ssdeep	`12:R6J7DbnRerdpzHnSYyYI64KhiGgM2YkCY+1zEsc:G1S7zHSYyYKqkM2TbKz5c`
Yara	None matched
VirusTotal	Search for analysis

Name	a49d1a58d9647afd_recoverystore.{4e741937-5bb2-11ef-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E741937-5BB2-11EF-948E-94DE278C3274}.dat
Size	4.5KB
Processes	2716 (iexplore.exe) 2788 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`df2764e40c42453cf1f44f391ed59eeb`
SHA1	`cc1393b569f4041aac2b9d071caf62de6a3745a9`
SHA256	`a49d1a58d9647afdd89bed80f71c23f32ba3ea3247b6308d0ce084dc8691da76`
CRC32	`B76D9C56`
ssdeep	`12:rlfF2arEg5+IaCrI0F7+F2ssrEg5+IaCrI0F7ugQNlTqbaxoNlTqbaxSR:rqa5/1ss5/3QNlWhNlW3`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	086a722e8fe1413c_index.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012020080720200808\index.dat
Size	32.0KB
Type	Internet Explorer cache file version Ver 5.2
MD5	`6386e4c5f5c9ba6e4d313406d194bd37`
SHA1	`a69128590163f9d4d04c6399730789218f6ba302`
SHA256	`086a722e8fe1413c5a773dc1cb5957609120c5ea53c1e82884dd342271698cd7`
CRC32	`63306B06`
ssdeep	`48:qsETU+lGKs4MlXMKs4jXhGPFdSo1TcRo3+14gyR:qsOUaGKstcKsSX2Fdj1F+h`
Yara	None matched
VirusTotal	Search for analysis

Name	6e80e9ae85e318ca_¿à¸¸àï´ô.html Submit file
Size	14.8KB
Type	HTML document, UTF-8 Unicode text, with CRLF line terminators
MD5	`5c96fc3b4cdce1f36f7b1093da7cd850`
SHA1	`fa9e43f41e5b9e95431a764edda03d797344b031`
SHA256	`6e80e9ae85e318caad7f84a12a5996afbe73ca8fde0882c750cedbd5eccbf7f6`
CRC32	`1E733CEE`
ssdeep	`192:szteC8H+O+7eIfeDebfPUmhz5QBqBQYNXimN55QKwQGc:0q3CrUAuB9Y9imN5uaGc`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_cer1047.tmp Empty file or file not found
Filepath	C:\Windows\cer1047.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	798506c63b0a6087_80DF.tmp.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\80DF.tmp.zip
Size	272.0B
Processes	1364 (regsvr32.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`ee9a79d38e5291c2b35e8f59b669ed37`
SHA1	`76cceee18588ce76ff966e7052a49b61acbe72cb`
SHA256	`798506c63b0a608711bb801d7143f6e4867de9d1f9ec3d2ce46ac464da28c58a`
CRC32	`D84F0E7F`
ssdeep	`6:5ji7ZptiN8D7sFaij0gj6HxbKksR/Q0RtUcf:5jeZ2N8D8P0g29KkwJf`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	8302ffe4a9f0282f_xqaw1xg.byhb Submit file
Filepath	C:\ProgramData\xQAW1Xg.bYhB
Size	19.7MB
Processes	2184 (certutil.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`486370be06493d78a9922b3a6e424909`
SHA1	`db5a86c4ae2b9517cbd92da6433fa234aa20a409`
SHA256	`8302ffe4a9f0282f440d57a79946b29381630d17e87726171a32f1d8cbb378e6`
CRC32	`6CEE16AC`
ssdeep	`393216:fif9LuMH8idluIz8I6JIe7DJtyg8XTGRWXpyfqRE4/7p7xCzil:fit8idluqsF7DzK6RWIqNxCzu`
Yara	ROMCOM_RAT - Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	170e8fd898dd74e0_6121.tmp.enc Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\6121.tmp.enc
Size	5.9KB
Processes	1364 (regsvr32.exe)
Type	data
MD5	`48c02d2b18810f6d7632bbc5d00acdb2`
SHA1	`884dec754745b29f796f67cdaa948e2f844b0fb1`
SHA256	`170e8fd898dd74e070b81a358bf3f9426457454912c11c16c82c1ce9fe32685f`
CRC32	`B517043D`
ssdeep	`96:dmzTKJjxHpbFZ2zXKO8jRKh5yxGDvn0v/vgkwn0rrAyhpApHD+q8FmLN+w:daT8jxzZ2zOtKaGT0v/4VnurDhHxa`
Yara	None matched
VirusTotal	Search for analysis

Name	3018d9d092970b5f_2d85f72862b55c4eadd9e66e06947f3d Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Size	192.0B
Processes	2788 (iexplore.exe)
Type	data
MD5	`e5558fdaa3c650a0c0f76601b5e937d0`
SHA1	`b26e9bf2dc4e089a958951a0333596d05db65817`
SHA256	`3018d9d092970b5f2ea1e4fecfedce2a2ab748d8120092664e79ecc391b0370e`
CRC32	`7A0C5C82`
ssdeep	`3:kkFklpfgHfllXlE/HT8k1FlJtNNX8RolJuRdxLlGB9lQRYwpDdt:kKP4T88fRNMa8RdWBwRd`
Yara	None matched
VirusTotal	Search for analysis

Name	02a7f29d7fa71772_B6A9.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\B6A9.tmp.bat
Size	160.0B
Processes	2208 (regsvr32.exe) 2300 (cmd.exe)
Type	ASCII text, with CRLF line terminators
MD5	`8a185076d60c58e6ace39bd37c394de5`
SHA1	`7dcebdda2728151259595b0554d6108782263d1a`
SHA256	`02a7f29d7fa71772237296677065800115e056485756158686f2f9ec14631c6e`
CRC32	`2E39F6F9`
ssdeep	`3:CFF/NI9mWOmWxpcL4EaKC5/oulIafONmWxpcL4EaKC5/oulI3feQVAEgI98VH:C/FI9m1mQpcLJaZ5flKmQpcLJaZ5flOO`
Yara	None matched
VirusTotal	Search for analysis

Name	1be9d6a874a1852b_6121.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\6121.tmp
Size	24.9KB
Processes	1364 (regsvr32.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`454fcfbcdbd5b55a1648696345f404c3`
SHA1	`20f98e0c502d9904cd9ef93e0d817b86af557a32`
SHA256	`1be9d6a874a1852b9bb0c4f78bc2bd1a67989363b3807d61226c4cf53b5ea0d7`
CRC32	`EB30EABF`
ssdeep	`384:k9O8RUGnJrWexdsxL2ezzf9VflT7s5Qu+:k9O8vJrWexlkn`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	500be5225c6fea32_{4e741938-5bb2-11ef-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4E741938-5BB2-11EF-948E-94DE278C3274}.dat
Size	6.5KB
Processes	2716 (iexplore.exe) 2568 (wscript.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c619c6d26b23f3716a09c23d75bd4d26`
SHA1	`94fcb174e99a2959e190d7bf8553a52bb6bed357`
SHA256	`500be5225c6fea32ac3b5a0a4b6efa350df092bac63a2225416621151ebd419d`
CRC32	`AEB21000`
ssdeep	`96:DQ365J7rMR2rwrpk5noUG3sZFykzHIKk7a:DQ365J7rJRZFykz27a`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	1beb05868ce93bcc_IE9CompatViewList[1].xml Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\IE9CompatViewList[1].xml
Size	141.8KB
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`9b63e0fb3785ffa49686dd75e303d177`
SHA1	`e3992de5a1b8f58a11a52ad71f275ae413927eb4`
SHA256	`1beb05868ce93bcc8fafc46adccdda6d104f3c6f6c6ed454d8a6c0c208d9bd0e`
CRC32	`F778EDEF`
ssdeep	`3072:AoSMrEDL1FwhdFFaz6l8vHG+TbFPAzepobjyG7I1K1IB2+Tir8v1IG9aIedyPcFC:dSMrEDL1FwhdFFaz6l8vHG+TbFPAzepR`
Yara	None matched
VirusTotal	Search for analysis

Name	33eb8be4885ece58_80DF.tmp.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\80DF.tmp.tmp
Size	441.0B
Processes	1364 (regsvr32.exe)
Type	PDF document, version 1.7
MD5	`bb06275e4adcc4aea2763b191cf413fe`
SHA1	`3b6f69302241d5a06972bc06daf36e048f3e1884`
SHA256	`33eb8be4885ece581994d7bb1de7b5e045fb8dad4177fe1eab1b579cc730e0cf`
CRC32	`7BA8863D`
ssdeep	`12:InDZPhPkE575mCas5TCk7oP8txwi+rHSv:cDZ58EBpCHP8tiiwHSv`
Yara	PDF_Format_Z - PDF Format
VirusTotal	Search for analysis

Name	b0f2d9c9d9a685f1_d7f0.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\D7F0.tmp.bat
Size	70.0B
Processes	2208 (regsvr32.exe)
Type	ASCII text, with CRLF line terminators
MD5	`14d3bf63b402afe65605e6a3b816dd47`
SHA1	`be2723893de6741596f4d59c802bd911b9610720`
SHA256	`b0f2d9c9d9a685f1a5375879d54aa2b08a7f3ea4dd8991ddbc301f1dc0852bcf`
CRC32	`6E814537`
ssdeep	`3:CFF/NI9Id/BOuFfKFQVAEgI98VH:C/FI9eFf9VhgI9EH`
Yara	None matched
VirusTotal	Search for analysis

Name	ffccdf7e9bbc4342_B6EA.tmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\B6EA.tmp
Size	9.6MB
Processes	2208 (regsvr32.exe)
Type	PDF document, version 1.7
MD5	`5753ccbe0b644c09e94e5d149722afa8`
SHA1	`2d2aa92a26912375dc18246222591a8ad06318a2`
SHA256	`ffccdf7e9bbc43427726680a73d76c99894f1b5332ad690e9b556e7c73ece3d5`
CRC32	`434293DC`
ssdeep	`196608:mXOFn2NfNs1JGhpgtUwsHlkdXIY3tPlQz/A82wU2ZPcTBc:J2vsC9FkJx3tPov2weBc`
Yara	PDF_Format_Z - PDF Format
VirusTotal	Search for analysis

Name	bdc0ef433bf49f57_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2536 (powershell.exe)
Type	data
MD5	`c101222965a98c1824661a372b0a3181`
SHA1	`11999a9b1b3730a56340b44a162ce368e98d33da`
SHA256	`bdc0ef433bf49f57d02d80163345e8c252252b03659b6efd563d54e791d8796f`
CRC32	`653D54E7`
ssdeep	`96:stuCcBGCPDXBqvsqvJCwoptuCcBGCPDXBqvsEHyqvJCworn47HwxOlUVul:stCgXoptCgbHnorDxA`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	2f71943f44695515_6121.tmp.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\temp\6121.tmp.zip
Size	5.8KB
Processes	1364 (regsvr32.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`f11fc392081b66415b3206969400893d`
SHA1	`0ddb0dd0c0fecb7de901dc00d69b98804397ebb5`
SHA256	`2f71943f446955158080d7d5cdb891e63d89559070fc4a0428ffb58cdd7c67e1`
CRC32	`3D43A168`
ssdeep	`96:NTNn2sNUoH7Nsg/bGAp7u/RtU8SdhdG/ly4ZuZwf+lqcBdbckoTkt1tvoGEkC:dN2SHbSIGAhkRK8SJG/l27ldXbQF`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	b8f7f6af426e9f6e_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2136 (powershell.exe)
Type	data
MD5	`55c2fd0134bf2c51eb0c4eb3c18c3c7b`
SHA1	`3535e2e390038f8252a03b15afea5e32e55951c7`
SHA256	`b8f7f6af426e9f6e28153b002c80d3347155fe0aa518055aab986a4ec8e39b05`
CRC32	`6B7D8A2C`
ssdeep	`96:stuCcBGCPDXBqvsqvJCwoptuCcBGCPDXBqvsEHyqvJCworm4tDHXyOlUVul:stCgXoptCgbHnorpTyA`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis