popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name cf8417cdc951eed2_n.vbs
Submit file
Filepath C:\Windows\debug\m\n.vbs
Size 211.0B
Processes 2556 (m.dat) 2688 (wscript.exe)
Type ASCII text, with CRLF line terminators
MD5 c4258287aa2aa93135e6d1462b1cd58f
SHA1 16bdfae57a969931d2b7321dd48ec39dfbe8be14
SHA256 cf8417cdc951eed2c10d424b312a0fbf222321e785e655548d9b054a2d87c273
CRC32 AB3DDD2E
ssdeep 3:jfTAEm81GX8G8Rm8x7zL4X9GToNsxIsMv5UMHdHoA+tAzAURd6ShImn:jbANiP0+7zctGTg+KRFoNAsURkShIm
Yara None matched
VirusTotal Search for analysis
Name 0ab85d2da0f7a9b6_c1.bat
Submit file
Filepath C:\Windows\debug\m\c1.bat
Size 867.0B
Processes 2556 (m.dat) 2812 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 9a412e42384f31ad8c61cbd32076603c
SHA1 7a1caef46f6c7549ab17d98f1328fff4673cacb2
SHA256 0ab85d2da0f7a9b644d4b7a964a7b1728d1f9eb716b9abe2f1d9c611d7ee4617
CRC32 0C8356BB
ssdeep 24:g5gtvjrM//TscnzvqrT4cMjPLe7Lq7TooLlak:sO7r0oQoErlak
Yara None matched
VirusTotal Search for analysis
Name 1b019e434a871b79_csrss.exe
Submit file
Filepath C:\Windows\debug\m\csrss.exe
Size 2.8MB
Processes 2556 (m.dat) 2812 (cmd.exe)
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 fb0577a1c32ba19ade1f5cc23b755fe1
SHA1 ce0e8ea9dfccdb110facd4875c7fc80bc80849c0
SHA256 1b019e434a871b799def0d148101719f889f49c5ef169291ea766705760f649a
CRC32 C7579DEA
ssdeep 49152:X8M8BhZ3fVSkIrb/TKvO90d7HjmAFd4A64nsfJwroCCgXBVjrb/sD1UPkv4jC4UZ:7C3NrP7PRjC4i
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Antivirus - Contains references to security software
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 36ba3a7621fb7e47_config.json
Submit file
Filepath C:\Windows\debug\m\config.json
Size 2.8KB
Processes 2556 (m.dat)
Type ASCII text
MD5 1ac91ebff6f6578c6e24c432ae4abf6c
SHA1 c2328f05009d3bd8b8e2b11b3ea25b1d26c1a039
SHA256 36ba3a7621fb7e479b1f2d217cb6cd481ee406249b32eb917a9c80a5ce20ef4b
CRC32 2E687D97
ssdeep 48:CtWTHcfLWHW8b9b2lZ9lCfnT1L8njzL6fM9ELDELfHjbUdQkPw4KD5r:CtWTGyHpT1L8njzL6fnLQLbYTWDp
Yara None matched
VirusTotal Search for analysis
Name 1b74416ba48010da_server2.reg
Submit file
Filepath C:\Windows\debug\m\server2.reg
Size 284.0B
Processes 2556 (m.dat) 2812 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 41678ca725e5e2964ccfebde111d243a
SHA1 451890c89b9268a321831ae0ca17cf128c973c2a
SHA256 1b74416ba48010dad0467ce77f8d1044e75be2dd003a18cdad0d6f2112e3b565
CRC32 238B5240
ssdeep 6:jBJ0nMhRKLNKaULC6/KbsFM7V8ADLVQXcPJ7VK6Wj1CWtGrlW0f:jBJ0SK0nLn/ys88AdbRRK9RCWArlW0f
Yara None matched
VirusTotal Search for analysis
Name f9f8291c7d3f5397_server.reg
Submit file
Filepath C:\Windows\debug\m\server.reg
Size 272.0B
Processes 2556 (m.dat) 2812 (cmd.exe)
Type ASCII text, with CRLF line terminators
MD5 7c2301b0fa96dac6f800704acca36342
SHA1 d5733429c9acee4e452bae53499fa67309beb855
SHA256 f9f8291c7d3f5397e249aa6ec402ebc45d47cf455b25588970382048aa67b985
CRC32 B4CFA5BD
ssdeep 6:jBJ0nMhRKLNKaULC6/Kbl43M7V8ADLVQXcPJ7VK6Wj1CWf4NrlW0f4u:jBJ0SK0nLn/yT8AdbRRK9RCWqrlW0B
Yara None matched
VirusTotal Search for analysis
Name 8d70b99cd76de4f8_winlogon.exe
Submit file
Filepath C:\Windows\debug\m\winlogon.exe
Size 5.1MB
Processes 2556 (m.dat)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 bc59c52a71f212985286c1e27220b99f
SHA1 30cef45a02b599bef0ebe22c708274eb2d61f320
SHA256 8d70b99cd76de4f8a019654bde6fc2c465d6340830d2b394177fba755440a6c2
CRC32 468CE08D
ssdeep 98304:E93zHsk5RtuI9b+LmroN3r7qrn4YPBrhSkqCjNepZOyVA+Hs:OHs6rn4QBraCRe7RdH
Yara
  • Malicious_Library_Zero - Malicious_Library
  • XMRig_Miner_IN - XMRig Miner
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 11bd2c9f9e2397c9_winring0x64.sys
Submit file
Filepath C:\Windows\debug\m\WinRing0x64.sys
Size 14.2KB
Processes 2556 (m.dat)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 0c0195c48b6b8582fa6f6373032118da
SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA256 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
CRC32 6B0323EB
ssdeep 192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_31263187
Empty file or file not found
Filepath C:\Windows\debug\__tmp_rar_sfx_access_check_31263187
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name f689ee9af94b00e9_lsass.exe
Submit file
Filepath C:\Windows\debug\m\lsass.exe
Size 323.5KB
Processes 2556 (m.dat)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 beceae2fdc4f7729a93e94ac2ccd78cc
SHA1 47c112c23c7bdf2af24a20bd512f91ff6af76bc6
SHA256 f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97
CRC32 0B9140C7
ssdeep 6144:yejl5QCuDlXW4+DiErv2yKU9pclGrDkXNBe:vl5QCKdW4+DiNlXNBe
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis