Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
10.02 02:10
66fbfccd837ac_vadggdsa...
10.02 02:10
66fc5c187ba75_lyla343.exe
10.02 02:10
66fbfcc301a31_swws.exe
10.02 02:10
66fbd9a4db4c9_Governme...
10.02 02:10
66fb2538369cb_EdgeUpda...
10.02 02:10
cc.js
10.02 02:10
kixx.js
10.02 02:10
66f55533ca7d6_RDPWInst...
10.02 02:10
SPOOF.exe
10.02 02:10
ienetworkupdateshere.hta

Latest News
10.02 09:10
Pump up your skills: T...
10.02 09:10
Chip Firms Monitoring ...
10.02 09:10
Nvidia Partners With A...
10.02 09:10
Adam Neumann’s Latest ...
10.02 09:10
Talent Gap ‘Critical T...
10.02 09:10
5 Must-Have Tools for ...
10.02 08:10
TI Lookup: Real-World ...
10.02 08:10
RCE Vulnerability in Z...
10.02 08:10
How Hurricane Helene J...
10.02 08:10
heise-Angebot: Das neu...

Dropped Files | ZeroBOX

Name	b9921b700b9725b8_expenditures Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Expenditures
Size	86.0KB
Processes	1680 (66fbd9a4db4c9_GovernmentalSa.exe#abd)
Type	data
MD5	`49f0222027ce9239edfe22653b2cabd4`
SHA1	`c8326622726f76cdaf79a47fadc9eb5beac32237`
SHA256	`b9921b700b9725b83e0c59c33bc14af9cc1c16a15fc5c6794fbb0225187b93ec`
CRC32	`25B2B970`
ssdeep	`1536:9rQ+mhYEODU4XT1jpxaZBFt11u8vdqG7Czw0tn3GeNyYiQShFf:FQ+OONXvxabFLvsGOzw0FN80ShFf`
Yara	None matched
VirusTotal	Search for analysis

Name	352e14e0acd212b3_extends.bat Submit file
Filepath	c:\users\test22\appdata\local\temp\extends.bat
Size	8.2KB
Processes	1680 (66fbd9a4db4c9_GovernmentalSa.exe#abd) 2068 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`1d84284b8942f58060e1d05f0b1e188a`
SHA1	`b67d7f48760822e8af325f78d897e2d915de565c`
SHA256	`352e14e0acd212b3152ce18c1145028da38a7fbedf5cf736995e806f2388a113`
CRC32	`6522F376`
ssdeep	`192:RSk7ChBwSUnPg3b5RkWoKfuZWOe71t3xSvw4+frs5EOpI4ddA:RSkehBwSUPebtTPHxxtDuEOpIL`
Yara	None matched
VirusTotal	Search for analysis

Name	f36376d6c3ca12b1_projected Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Projected
Size	6.2KB
Processes	1680 (66fbd9a4db4c9_GovernmentalSa.exe#abd)
Type	data
MD5	`93e1c03496c73ce0227eebfe83b0bd3d`
SHA1	`e571d6fdee00475b54029a6af43ab1341abac5dc`
SHA256	`f36376d6c3ca12b169ec967ac62ffab30840073edb1d6f6128dfd294753a1444`
CRC32	`343427EA`
ssdeep	`192:c9HAeOqAFDw09CV/2nPvj6DdMP3r1HI5jk:c9HAHhww+/2nlP3r1Wk`
Yara	None matched
VirusTotal	Search for analysis

Name	3eb6724e3f69973f_daniel Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Daniel
Size	94.0KB
Processes	1680 (66fbd9a4db4c9_GovernmentalSa.exe#abd)
Type	data
MD5	`dbb5b61f1db614c25d7ec9d101110a59`
SHA1	`baf31207e205d36645a0eff19e87c74be1b576ea`
SHA256	`3eb6724e3f69973f4df7a5026da55fcbe1b48b9ae0661ff79e454cde052d2381`
CRC32	`39F60E19`
ssdeep	`1536:BfKWJL/lkSj+ukEB8ePAZK/dwAz4re058PpEj4UX8HPEXenq/S9gafDKasqH3UZh:BCUlkSKukEB8ePi0dPscPuj4eE2Cr3UL`
Yara	None matched
VirusTotal	Search for analysis

Name	fdbafb85b95cd634_settlement Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Settlement
Size	88.0KB
Processes	1680 (66fbd9a4db4c9_GovernmentalSa.exe#abd)
Type	data
MD5	`7c56f2bf9a311376e68263ee9c5a8393`
SHA1	`797bd5804a7a3f9425e23f9caf70aa473a46adaf`
SHA256	`fdbafb85b95cd634ec53a63e29e0a2d34704ed22e356907961a5eb9e7d056e1a`
CRC32	`BC0FEAB8`
ssdeep	`1536:TT2ToibtrGsoI0gBAfPjWmAB1y5zBhJtzXybBDfLvh0OjGCJxReKRgGzXD4F:TT2EqNGsOSmA7yt/aBrLvhVdJzsF`
Yara	None matched
VirusTotal	Search for analysis

Name	f64f9dfc4fce3514_y Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\376615\y
Size	426.3KB
Processes	2512 (cmd.exe)
Type	data
MD5	`ae3d55e50e851e400c6276ea49e81e4f`
SHA1	`2447dd509e112be9d80520bcba5a0511320baaf7`
SHA256	`f64f9dfc4fce3514662636891549ab28f2314d5b5c50a12c2dcc0282cd052a8b`
CRC32	`2D731C11`
ssdeep	`12288:NELBxGbF4GcPbUFB6vj49eD+JuL+aZ3fw:NCkePbwB6rn0q+Qw`
Yara	None matched
VirusTotal	Search for analysis

Name	49038116a1180b90_feedback Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Feedback
Size	866.5KB
Processes	1680 (66fbd9a4db4c9_GovernmentalSa.exe#abd)
Type	data
MD5	`47f486f9a09c3c92d6c63df8a59e4964`
SHA1	`0b83d8336e74a094c9e4a85df296dcb3ef8f0a02`
SHA256	`49038116a1180b904492a7df13f7f37803f192e9f778c01e83d0378c5b842437`
CRC32	`8EADE284`
ssdeep	`12288:wV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:Sxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	75f7b16d57b7956b_packs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Packs
Size	38.3KB
Processes	1680 (66fbd9a4db4c9_GovernmentalSa.exe#abd)
Type	data
MD5	`5cbc78e7462b03104122bfcea6c0570f`
SHA1	`4b9f078f630e2f5530f247ea3e194e7b3877056b`
SHA256	`75f7b16d57b7956bb74e3640c616f432b773951855297743c90b735284a74165`
CRC32	`4DC2ADC6`
ssdeep	`768:/BRCYGAaIl+BUrZnxHvg+1UQKZruAGYqTXvJJLCbMrMqDYLMLaVtMg33WQ:/blPaIoBAxY+aQKZ6AGYqThxOFcYLMmn`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nslC251.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nslC251.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	d8b7c7178fbadbf1_sleeping.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\376615\Sleeping.pif
Size	872.7KB
Processes	2068 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`18ce19b57f43ce0a5af149c96aecc685`
SHA1	`1bd5ca29fc35fc8ac346f23b155337c5b28bbc36`
SHA256	`d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd`
CRC32	`388D364B`
ssdeep	`12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	3fc3907a25dea94f_presence Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Presence
Size	60.0KB
Processes	1680 (66fbd9a4db4c9_GovernmentalSa.exe#abd)
Type	data
MD5	`ee2ef75583f3d5eabc9de0aeeb588752`
SHA1	`072fbac659a8878a5ed39b8710ced7256d0a8b31`
SHA256	`3fc3907a25dea94f2848f8431111f1270a033277212fadff68cb1541dc7abb22`
CRC32	`4D0CE4C2`
ssdeep	`1536:QUvdK9I1/uFEUqYSMxee0vzXWg9SI4lBirhbdVCj1:Nvc9KuFRqmxL07hwM1bM`
Yara	None matched
VirusTotal	Search for analysis

Name	961d4241d2a91eea_javascript Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Javascript
Size	60.0KB
Processes	1680 (66fbd9a4db4c9_GovernmentalSa.exe#abd)
Type	data
MD5	`e74399d04f69a683d98046ab88f5bba0`
SHA1	`c88af22c8c29c3405ea385fa6c792e490a12aec8`
SHA256	`961d4241d2a91eea86a27a5c746f65bce321b2bdca8048ae775a713a7cbc3ed6`
CRC32	`471557E6`
ssdeep	`1536:t6vA3p7VUJlzehAo8ZX//8CAzWWr+gS2DMcB8N8eVoGZ+:Z3QJlzKKP/FAK6+L2RBzeyG8`
Yara	None matched
VirusTotal	Search for analysis