popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 12d59b63b5e8301d_8E9A.tmp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8E9A.tmp.exe
Size 32.5KB
Processes 2396 (explorer.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 ee14a993b4f9bf8b3f0421f0a44c2057
SHA1 e5c03509023e186e2b5dbe92262e4d8b70c406ff
SHA256 12d59b63b5e8301d2f5a55e47931d91d2e17a1bcefc6941afe45c777222314a9
CRC32 5AA6B2D6
ssdeep 384:y+wOeemMOdqtlbRHvEdEmPLtzVFyXyLgZgJaqbNyHBw0V5AR8gtFqBLTm9zZwXJP:lEugjBzGWg6YvBzVOXFh9WkO/h+/zW
Yara
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 7f11c4396fa77e17_9263.tmp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\9263.tmp.exe
Size 10.0KB
Processes 2396 (explorer.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6c8e0b575f1a144d7338604b7f0c433d
SHA1 3281369b5b2e4c72c0491d503dafbfb4ccafb43e
SHA256 7f11c4396fa77e175d38b42db81ee72ea732f5174667c6f7a2c885ff8b7553de
CRC32 9755535F
ssdeep 192:nPt08DGJs1wIu+KvrPubCjP9bk8kAnCUd9Tq+Ryi2gbh:nqE/HKeCjO8eW2eh
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a54251cc17f4d320_egirwvbj
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\egirwvbj\egirwvbj
Size 701.1KB
Processes 2396 (explorer.exe)
Type data
MD5 787c40c578b3ad9d4a48b4c65f8ae3ef
SHA1 eda5413e0376fb9dac85fc6a5db29bd4883640af
SHA256 a54251cc17f4d320641d2a3a17f91628518e5391348bdbba780ad9dde37b9f25
CRC32 88F002B8
ssdeep 12288:pzTTYuIX+E7JjdFAqRfroWOf8MkHKMh89VUWR4b+xWV2hbAt:dTnG7JhFBFcWUOi9VXWMbAt
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_8E9A.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\8E9A.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 4d2bed7b84733fd0_traf.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\traf.exe
Size 13.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 77947379b9e26603db5a24e63d9e68fc
SHA1 7f4f613ab87573b7d69b66b0fedb01db65878961
SHA256 4d2bed7b84733fd0b18cdc6c01aa7518d62981d4d0e633c00caa648d0e188937
CRC32 826883E6
ssdeep 192:vBAlEMZWAY5nCtCY61l40CMvPSohzWLz5xWfgOQ/muu/d5THm4Ot0O:JAnLAXNy/m3/bTK0O
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ced877bf82c1bb46_8e9a.tmp.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8E9A.tmp.lnk
Size 732.0B
Processes 2668 (8E9A.tmp.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Jan 26 22:47:21 2025, mtime=Sun Jan 26 22:47:29 2025, atime=Sun Jan 26 22:47:29 2025, length=33280, window=hide
MD5 b34d39df95dd3738faafcaa959f21905
SHA1 d651b0cb85e91d9ffa118648dd04b699e78d8f34
SHA256 ced877bf82c1bb46486147456382f357e3e82a729f78e54e9a5b1917f370fc1b
CRC32 99D0E913
ssdeep 12:85XA+q4cZCrR8EvSEPqfPMUSLTXH4FizCCOLAH0NEgAuP:85wMsERdNaMVT3TzNeNEHuP
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis