Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.01 02:05
LoginMain(1)
05.01 02:05
LoginMain
05.01 02:05
veneziaLogin.js.pobrane
05.01 02:05
troubleshot-modal-info...
05.01 02:05
LoginMain(4)
05.01 02:05
LoginMain(3)
05.01 02:05
LoginMain(2)
05.01 02:05
LoginMain(6)
05.01 02:05
LoginMain(5)
05.01 02:05
background

Latest News
05.01 05:05
Gaze Upon Robby The Ro...
05.01 04:05
Steganography Analysis...
05.01 04:05
North Korea Stole Your...
05.01 04:05
SonicWall Confirms Act...
05.01 04:05
Elektronische Patiente...
05.01 04:05
Anzeige: Digitale Souv...
05.01 02:05
Vintage Stereo Stack B...
05.01 02:05
Key Saudi Rule Change ...
05.01 01:05
티오리, 옥타(Okta)와 협력…신원 기...
05.01 01:05
Tesla Board Started Se...

Dropped Files | ZeroBOX

Name	b935d90f9b00b0b8_ectosphere Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ectosphere
Size	84.0KB
Processes	2544 (csrss.exe) 2644 (csrss.exe) 2696 (csrss.exe) 2744 (csrss.exe) 2796 (csrss.exe) 2840 (csrss.exe) 2884 (csrss.exe) 2952 (csrss.exe) 2996 (csrss.exe) 3040 (csrss.exe) 604 (csrss.exe) 2088 (csrss.exe) 2100 (csrss.exe) 2188 (csrss.exe) 2248 (csrss.exe) 2420 (csrss.exe) 2504 (csrss.exe) 2564 (csrss.exe) 2604 (csrss.exe) 2592 (csrss.exe) 2792 (csrss.exe) 2868 (csrss.exe) 2944 (csrss.exe) 3012 (csrss.exe) 3060 (csrss.exe) 828 (csrss.exe) 1964 (csrss.exe) 1812 (csrss.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`113814e3b1209175e884341b51fc0bdf`
SHA1	`7c83377c2c2cec1634945d155fa3e0879ee63cb6`
SHA256	`b935d90f9b00b0b8bb1d4b843bf286afbbec8a1216be1b067663e75d68606073`
CRC32	`C7B2D2CA`
ssdeep	`1536:rCIK2zcc/L2gEDSUY3qHZL8BE17xlILvQFWCuiW:G41CYKZveUfW`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	8fd454003651b71c_csrss.vbs Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrss.vbs
Size	272.0B
Processes	2644 (csrss.exe)
Type	data
MD5	`e4584b607bd8a50e9ae2ae33b7eae9c5`
SHA1	`9439029f80c4aae3687b8b6266d61ab5b7c0b003`
SHA256	`8fd454003651b71cd1c2340808c4d450e8d7865f3f77cecc9adda8c614e92429`
CRC32	`9664020E`
ssdeep	`6:DMM8lfm3OOQdUfcls/UEZ+lX1Al1AJ36nriIM8lfQVn:DsO+vNls/Q1A1m4mA2n`
Yara	None matched
VirusTotal	Search for analysis

Name	f928f0fbbec30989_molecast Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\molecast
Size	483.0KB
Processes	2544 (csrss.exe) 2644 (csrss.exe) 2696 (csrss.exe) 2744 (csrss.exe) 2796 (csrss.exe) 2840 (csrss.exe) 2884 (csrss.exe) 2952 (csrss.exe) 2996 (csrss.exe) 3040 (csrss.exe) 604 (csrss.exe) 2088 (csrss.exe) 2100 (csrss.exe) 2188 (csrss.exe) 2248 (csrss.exe) 2420 (csrss.exe) 2504 (csrss.exe) 2564 (csrss.exe) 2604 (csrss.exe) 2592 (csrss.exe) 2792 (csrss.exe) 2868 (csrss.exe) 2944 (csrss.exe) 3012 (csrss.exe) 3060 (csrss.exe) 828 (csrss.exe) 1964 (csrss.exe) 1812 (csrss.exe)
Type	data
MD5	`65d01b06462d271b0da948efc42081be`
SHA1	`6b8c187e6ca73d254a88c943822d1b72b3feb7f6`
SHA256	`f928f0fbbec309890cdb92b5f19d119afc7215894122798430f51f279b065fd0`
CRC32	`4074BC4A`
ssdeep	`12288:MQItZ/MjbSWgz4dWITpu594esrXaQMidR2WW24LCJ1LZtj4:MQiZQW4IIResrXaQXRO9GJ19e`
Yara	None matched
VirusTotal	Search for analysis

Name	ffcfe6a6032cdcef_csrss.exe Submit file
Filepath	C:\Users\test22\AppData\Local\directory\csrss.exe
Size	1.3MB
Processes	2544 (csrss.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bf038a5d89d10a8c54f9173ae6f1218d`
SHA1	`56f40b2d1c24973dfc2797041b415adb889498b9`
SHA256	`ffcfe6a6032cdcef4790afe356d82939369b5e49ba72719b3e592a4de7fd9890`
CRC32	`5E77CF27`
ssdeep	`24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8agY86JDHZpZxXNGf8PA9kZKbv:VTvC/MTQYxsWR7agIJrZpfdGfsO`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	eb09e172e4e39735_autEFDE.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autEFDE.tmp
Size	385.0KB
Processes	2544 (csrss.exe)
Type	data
MD5	`60e07ea2b1e286070466181eb103b440`
SHA1	`0980fa02c2851fdc7b81a9d1bc86629fb669abc7`
SHA256	`eb09e172e4e39735182759cd26a81f475d710e545eae283c12255a637e52ace1`
CRC32	`C0A23520`
ssdeep	`6144:tpc7ZnBpdJzD4VSNurl71uSnKxUep4pcm/PIG0vBNm6+2dmFXB5tAIP6inYNFHPH:tsB35KSSPX/ANmdTx+ISiGlPQGx`
Yara	None matched
VirusTotal	Search for analysis

Name	3c253455ab8d6c9d_autF00E.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\autF00E.tmp
Size	42.5KB
Processes	2544 (csrss.exe)
Type	data
MD5	`2f7a894c748cc07d323363c0965002bf`
SHA1	`a23f199062c152bfd9e5d80bb48147c2d7d83a81`
SHA256	`3c253455ab8d6c9d8de187e03f6e0321568aaad6100095a162abd1443e15e677`
CRC32	`4E21FF61`
ssdeep	`768:SKhw7ds6QtguTU18mMbXPCCurFKHUN89nNW2XCVN5fttkah0km:S0w7dsKmU18mMbXPC1BP+ns2XAXFt6km`
Yara	None matched
VirusTotal	Search for analysis