Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	13f15b7daeb52496_cce3fe3b0d8d805f.timestamp Submit file
Filepath	C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d805f.timestamp
Size	57.0B
Processes	1648 (java.exe) 2268 (javaw.exe)
Type	ASCII text, with CRLF line terminators
MD5	`4ecc96e1f72ed23308ee9feacbd771fd`
SHA1	`d1b37df01398c03b529196e6c6faba332e077532`
SHA256	`13f15b7daeb52496f81b1c8fa8c10670cbbaa4817e46fdfe64ae5ee86a4b2638`
CRC32	`4FC3F6B8`
ssdeep	`3:oFj4I5vpN38y:oJ5X3x`
Yara	None matched
VirusTotal	Search for analysis

Name	cc1f7f46569c47b6_m1728216960411752240726055893726.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\m1728216960411752240726055893726.tmp
Size	13.9MB
Processes	1648 (java.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`a74e3a679307d0c527f75e471229a6b0`
SHA1	`aea3fe7535be76a64ad06292dae50595abf5e3a8`
SHA256	`cc1f7f46569c47b6aaf3000374073e30f92350b876d69bc02771664fa5212014`
CRC32	`19C8D4F4`
ssdeep	`196608:z8hYfEvpheKvjlSCiV6IsDyPJMZQrBPCq4oezb3ksmTNtz0aUSVIVMTdn4MKPI:CbpheKvUADyPJi+L947ksOVY2n4MII`
Yara	zip_file_format - ZIP file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	f1225df0c346e0d4_jna1299671536493696708.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jna--877171118\jna1299671536493696708.dll
Size	207.0KB
Processes	2268 (javaw.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`856291fc5f373c1368a70b6bf31697ce`
SHA1	`d03cb1df184c322cd8285f7cee50c5f861e24116`
SHA256	`f1225df0c346e0d4fde129771a7ce81c6a23e01950ae59f38fde86e626d8cd59`
CRC32	`F4AB3820`
ssdeep	`6144:p2fC4fC1yjN1+XIrCY2X2RivXs9G6qFyWc:p+C2C1yjN1+X/XcWc`
Yara	Malicious_Library_Zero - Malicious_Library Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	824fae3331b95e2f_1fc2efa290.sql Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1FC2EFA290.sql
Size	40.0KB
Processes	2268 (javaw.exe)
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	092f73b6547a6509_jnativehook-7dc8e1f206faa540cfb3bcb55a4388d7df75bdd5.x86.dll Submit file
Filepath	c:\users\test22\appdata\local\temp\jnativehook-7dc8e1f206faa540cfb3bcb55a4388d7df75bdd5.x86.dll
Size	61.0KB
Processes	1648 (java.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`e15b1d7acc4e2e8093789cc3e0073275`
SHA1	`7dc8e1f206faa540cfb3bcb55a4388d7df75bdd5`
SHA256	`092f73b6547a650980af9cb7ed6ff6b2dab03af7ba51cbe4e9c7ae96da2e8129`
CRC32	`E7152848`
ssdeep	`768:XEUMnAGoCVN555XelYFY8qobiXCqIP0Lz0L:JMA5iDHIYfbldn`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis