Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...
09.20 03:09
Google: PIN-Schutz für...
09.20 03:09
Chrome-Update für Work...
09.20 03:09
Attacker or IT admin? ...
09.20 03:09
EU’s Von der Leyen Ple...
09.20 02:09
Threat Intelligence Sn...
09.20 02:09
Compliance webinar ser...

Dropped Files | ZeroBOX

Name	f3327793e3fd1f3f_TmpF4FE.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\TmpF4FE.tmp
Size	2.6KB
Processes	2908 (RegAsm.exe)
Type	data
MD5	`1420d30f964eac2c85b2ccfe968eebce`
SHA1	`bdf9a6876578a3e38079c4f8cf5d6c79687ad750`
SHA256	`f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9`
CRC32	`24D8A5AF`
ssdeep	`48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g`
Yara	None matched
VirusTotal	Search for analysis

Name	fcdab9639af874cb_2.exe Submit file
Filepath	C:\Windows\Temp\2.exe
Size	435.5KB
Processes	2556 (66e27cc59b93f_111.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1f3cfcf8aad3e5e3164405d272aa213e`
SHA1	`96f1c646d19deab4ff071fbc6b3c73c87ce56e49`
SHA256	`fcdab9639af874cba780e20c21a9bc662b160dc313ddb75e5f82f779f1680101`
CRC32	`CD3F5CE7`
ssdeep	`6144:MDKW1Lgbdl0TBBvjc/2LBslU004yXs9bh1O5us/tkGGIpn4x3tp8:ah1Lk70Tnvjc+q07XsnI52n8`
Yara	Malicious_Library_Zero - Malicious_Library MALWARE_Win_VT_RedLine - Detects RedLine infostealer PE_Header_Zero - PE File Signature UltraVNC_Zero - UltraVNC IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	f3327793e3fd1f3f_TmpF4FF.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\TmpF4FF.tmp
Size	2.6KB
Processes	2796 (2.exe)
Type	data
MD5	`1420d30f964eac2c85b2ccfe968eebce`
SHA1	`bdf9a6876578a3e38079c4f8cf5d6c79687ad750`
SHA256	`f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9`
CRC32	`24D8A5AF`
ssdeep	`48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g`
Yara	None matched
VirusTotal	Search for analysis

Name	f3d5417adab3fcf3_1.exe Submit file
Filepath	C:\Windows\Temp\1.exe
Size	312.5KB
Processes	2556 (66e27cc59b93f_111.exe)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ab06af28eabd848a572023a76ce875ac`
SHA1	`80a6338acd08b1c52b008179ed1c43fa6892fac5`
SHA256	`f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458`
CRC32	`38EDC67A`
ssdeep	`6144:yMBav/6NbgdGyUe+nHarbN/sTeZdTCHqbu8uHTQNZxNSlggZ1zz8fkg:xsvWbgdhJ0GZsITg+uRHTQjmlggZ2`
Yara	PE_Header_Zero - PE File Signature Antivirus - Contains references to security software Is_DotNET_EXE - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_19261593 Empty file or file not found
Filepath	C:\Windows\Temp\__tmp_rar_sfx_access_check_19261593
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis