popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name b1bd1588d9865bbd_autEF52.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autEF52.tmp
Size 42.6KB
Processes 2552 (csrss.exe)
Type data
MD5 7164106aa8c85bb56f62c0133c3cbe3a
SHA1 38881951a2f13939aa50223842201bebf88578e9
SHA256 b1bd1588d9865bbd97bbc46a14f07f70ee0af5d8e1544bfd403619ecf7bb8ddb
CRC32 424B3360
ssdeep 768:88b3/GXeaUhOssb3qMPWCb6N7GQO9Z8vN/MI8fAzH4Sxa1fHygnFN81r:88GqsoCbM7GQuISY74pfjn01r
Yara None matched
VirusTotal Search for analysis
Name 8b2a333145057818_ddd.exe
Submit file
Filepath C:\Users\test22\AppData\Local\directory\ddd.exe
Size 1.4MB
Processes 2552 (csrss.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a1c95767e2aae895bca002778203b26e
SHA1 ee02ae312b7a4b12335cfc38a3260503aebca0a8
SHA256 8b2a33314505781855da6824132f4b392cda4eea4862932b1b887673f656338c
CRC32 D99FE926
ssdeep 24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8apZtCx7NAumZ2CvYZdqROwKmzOYxrnP:sTvC/MTQYxsWR7apZt6po0ZERlKqXN
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 9aeb3e90a42d4c33_seskin
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\seskin
Size 84.0KB
Processes 2552 (csrss.exe) 2692 (ddd.exe) 2764 (ddd.exe) 2840 (ddd.exe) 2920 (ddd.exe) 3068 (ddd.exe) 2100 (ddd.exe) 2228 (ddd.exe) 2680 (ddd.exe) 1272 (ddd.exe) 1812 (ddd.exe) 2280 (ddd.exe) 2808 (ddd.exe) 2984 (ddd.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 e35f6cb972a5dea274b746d9e4c25fe3
SHA1 3a0d7f1f0e631be14a2041f28d3979cf0ef76999
SHA256 9aeb3e90a42d4c33d932a4191bd20a84b7db2627fd04896a98ceb3100a207391
CRC32 D67F38FE
ssdeep 1536:iTxmUESoG4OkaVBpwhJYCocC39uKmiUJ0x7OjdKaSNo:O5EhOVTO8miUo7O4Bo
Yara
  • Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal Search for analysis
Name 21b86e670e2d0079_autEF13.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autEF13.tmp
Size 430.6KB
Processes 2552 (csrss.exe)
Type data
MD5 e3a95e254603a86eb35a2939c0326cce
SHA1 85f6ef63993c057870363e53571318697de8c4fe
SHA256 21b86e670e2d0079508af5893853a7d4db0ccd4ce512a94223943087a8944920
CRC32 7D8B2191
ssdeep 12288:n/2M5am6KmN6bQI2KRSrlT5q/1qdJkrJmWjY:n5N6KmgjZSPq2Jk7Y
Yara None matched
VirusTotal Search for analysis
Name 798be554a2e1e9ae_ddd.vbs
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ddd.vbs
Size 268.0B
Processes 2692 (ddd.exe)
Type data
MD5 2478ba3de11f05cdf0c8632a5596d37d
SHA1 8e68b841a239eb4a7330835fd1c743eef7586e88
SHA256 798be554a2e1e9ae9151268ecda1d2bb043af103707c5c696f5308a956dc55f7
CRC32 16FE36EA
ssdeep 6:DMM8lfm3OOQdUfcls/UEZ+lX1Al1AP6nriIM8lfQVn:DsO+vNls/Q1A1lmA2n
Yara None matched
VirusTotal Search for analysis
Name ab4339f959ca3577_troopwise
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\troopwise
Size 483.0KB
Processes 2552 (csrss.exe) 2692 (ddd.exe) 2764 (ddd.exe) 2840 (ddd.exe) 2920 (ddd.exe) 3068 (ddd.exe) 2100 (ddd.exe) 2228 (ddd.exe) 2680 (ddd.exe) 1272 (ddd.exe) 1812 (ddd.exe) 2280 (ddd.exe) 2808 (ddd.exe) 2984 (ddd.exe)
Type data
MD5 9619fc607012065ef16b514a91852c0d
SHA1 0133014b86dcb7a403afef4980eabc0c2217f9c9
SHA256 ab4339f959ca357732c8698c02e557f11272236b4b5dd8da6ae496d64ddc4505
CRC32 A945146B
ssdeep 12288:T8pe9+nkA3jwhOtrd35gm/foMELbUt6n+e023:T8e8kATVtLzLELbUt6+c
Yara None matched
VirusTotal Search for analysis