popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 3cb6f7bbefac6d1f_profile.dll
Submit file
Filepath C:\Windows\Temp\{AC844AAF-71D0-4EEA-8CB7-885DD29CB5B7}\.ba\profile.dll
Size 241.0KB
Processes 2652 (ram.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 a957f7e18d5493a99d151ff504214d09
SHA1 cfdb6cb20382b68888b0efd8e761649d60c0a7b5
SHA256 3cb6f7bbefac6d1fa487ddaec82d4565cf2f564ec5f14eca1cbd5c987735ae9a
CRC32 2070ECE6
ssdeep 3072:PpZbEp4RQSZ9m/ppNnQZE1/eNtRIfKD4Ak0qnwUl50Pm7TzB1zN:PpZBTwqpc24AuMsB1
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 94203c0d10129d93_aesthete_20250207193238.cleanroom.log
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Aesthete_20250207193238.cleanroom.log
Size 757.0B
Processes 2540 (ram.exe)
Type ASCII text, with CRLF line terminators
MD5 ecccfddc18af16c89df6119de398aab5
SHA1 563158908639b9d08ce816de76b613989a252c79
SHA256 94203c0d10129d936401e3155294d72c97b59e3991f56a6060c0a0a49508f54b
CRC32 56066F06
ssdeep 12:npcTd7uXNSX2W/xOLMOpcTScT/ZSRcP2EmRKYOLMpcT/ZSRcP2EWKYOLM5cT/ZSv:ilYNSmAnLfrIcP2hirIcP29yrIcP2V1r
Yara None matched
VirusTotal Search for analysis
Name 9366725e71cf2999_ram.exe
Submit file
Filepath C:\Windows\Temp\{E039CF43-5A4F-4EE7-A7B6-A922B7D60560}\.cr\ram.exe
Size 6.8MB
Processes 2540 (ram.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
MD5 93860d60d2df0f9da732e45513e7ba5d
SHA1 ce6acbd9d61da9d988fb86a01daebecd0291d005
SHA256 9366725e71cf2999398b7b257286637b9fcb11d8b49a4afb96649921dfb31b1b
CRC32 37DB3BAA
ssdeep 196608:v/urAt9I7l4UXW4AzZS4NQdQtmAbGRHjoeJ:v7Ea/4AkAQdsmA88eJ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • CAB_file_format - CAB archive file
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • ASPack_Zero - ASPack packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 4647a4cbd1b866fa_restart.msg
Submit file
Filepath C:\Windows\Temp\{AC844AAF-71D0-4EEA-8CB7-885DD29CB5B7}\.ba\restart.msg
Size 863.5KB
Processes 2652 (ram.exe)
Type data
MD5 d1f6010adeeeb153fcbf492a2013176d
SHA1 990b47b4948badd2b9499f2ca2bc065a639a6bdd
SHA256 4647a4cbd1b866fa7425682aefdd5236812ce099e37d5f21a973eaea694182da
CRC32 FA228E4B
ssdeep 24576:tdIK6Yxz3Rs0+nFVhRbCroJbGlZ+guRVb9YmYu:jIHG36DrbSqGP+gs9Wu
Yara None matched
VirusTotal Search for analysis
Name 9e677a5be6234b8e_aesthete_20250207193242.log
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Aesthete_20250207193242.log
Size 1.1KB
Processes 2652 (ram.exe)
Type ASCII text, with CRLF line terminators
MD5 b95818e4a2188d572ff5a31f2e68f6bc
SHA1 5db37a6dc6a71d9fde2867a9589caf65f7d8ee83
SHA256 9e677a5be6234b8e013c60e279c3e2ede75733e81a75a83d0e93947e6734563d
CRC32 E9E4F5BE
ssdeep 24:Sn1YNSmAmrfAKun4KIunscP2hSnscP29iBcP2V15BcP2oBcP2hBcP2A:S+NMmG4IjYSjkigOjg3gWgJ
Yara None matched
VirusTotal Search for analysis
Name e63d72eb447dba2e_transform.asp
Submit file
Filepath C:\Windows\Temp\{AC844AAF-71D0-4EEA-8CB7-885DD29CB5B7}\.ba\transform.asp
Size 45.3KB
Processes 2652 (ram.exe)
Type data
MD5 63afa5cdf59535a6ee3a44c29972f740
SHA1 90d721394d8c683078a146253f8e903767d6cae3
SHA256 e63d72eb447dba2e5110fe4cae4483f6395272ce26b79638ced29116037facef
CRC32 6B93095A
ssdeep 768:x8lrznAZDc2nq0rVPT0zeYCmeJ8yD2rdVcFq6Iihp3P9GG1Q5NGGINwPpkB1DWnT:xK7AZgQ50zYmxVUjFGG8ONNDWnB4RXG
Yara None matched
VirusTotal Search for analysis
Name 55285f72c479667b_serum.dll
Submit file
Filepath C:\Windows\Temp\{AC844AAF-71D0-4EEA-8CB7-885DD29CB5B7}\.ba\Serum.dll
Size 130.9KB
Processes 2652 (ram.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 20aa36c2ce87d64cb58e7e32f0546fb1
SHA1 d65d8b30c3343c4f22d2765325f7e518ba5cec2e
SHA256 55285f72c479667b7e4c395ec503f81e5ef560d224a0ffc5347dcb44b2bcd394
CRC32 52A1875C
ssdeep 3072:IkTriNUIh3uSrTkYKx5e/cwbQyBySybXOXczFWSroaj2x5:Owjw9CAcpron
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 9b696ad0ec3b37ba_bundleextensiondata.xml
Submit file
Filepath C:\Windows\Temp\{AC844AAF-71D0-4EEA-8CB7-885DD29CB5B7}\.ba\BundleExtensionData.xml
Size 252.0B
Processes 2652 (ram.exe)
Type XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 a35990570afaa7d023fd2ebbe229afb8
SHA1 86688b13d3364adb90bba552f544d4d546afd63d
SHA256 9b696ad0ec3b37bac11da76bcd51ad907d31ee9638dad7bb8fdd5aef919ef621
CRC32 A09044DF
ssdeep 6:QFulcLk0YR5Ie8GcUlLulFwENeWlYmH1fMWGVUlLulFwEnk:QF/LXYRWe8OLqF3Ye1kWGaLqFhk
Yara None matched
VirusTotal Search for analysis
Name 1f7a9cf0f11e5d30_winx_dvd_ripper_platinum.exe
Submit file
Filepath C:\Windows\Temp\{AC844AAF-71D0-4EEA-8CB7-885DD29CB5B7}\.ba\WinX_DVD_Ripper_Platinum.exe
Size 15.1MB
Processes 2652 (ram.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 3c64548b4aedbd79411d69029bdae67f
SHA1 c27d42f5984ec27f63db147dfec7828c1c877990
SHA256 1f7a9cf0f11e5d30538e7162aa69c9216839dda3928b25368434f7e6e96ea0fb
CRC32 79EA26D9
ssdeep 393216:qaqu1+JjEJ0I2pzwlTFUxr+osjf4OX42Q:rFq7sJ3Q
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 639980c48dd692e9_libeay32.dll
Submit file
Filepath C:\Windows\Temp\{AC844AAF-71D0-4EEA-8CB7-885DD29CB5B7}\.ba\libeay32.dll
Size 1.0MB
Processes 2652 (ram.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 73a8cdc0bb5b95c1ba6deb39d71f0349
SHA1 bef1bb7843d0e424d55203bfa6fa3f40eedc9379
SHA256 639980c48dd692e9ff3144f3d932aa07e501f12197d587ec47eb5ec8f6b7696a
CRC32 921DA7BF
ssdeep 12288:yoZQ5pJHNPVE3u4PoJWjSLoKXuq7wF3rx63rjxKpVPYbujmbsaWTmx0:hQx1+uoiiSLUFbx67gpebmmIa1x0
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name b7ba5020860eef12_bootstrapperapplicationdata.xml
Submit file
Filepath C:\Windows\Temp\{AC844AAF-71D0-4EEA-8CB7-885DD29CB5B7}\.ba\BootstrapperApplicationData.xml
Size 2.3KB
Processes 2652 (ram.exe)
Type XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 dfd882fc7a7427413097437512706355
SHA1 c029952467fb3063822d86de2d5a3462973b9a67
SHA256 b7ba5020860eef12b6da279d426f5f1687e877c7fa559589e8e06d21f6e4ffb6
CRC32 ECE07355
ssdeep 48:y+03N6hOQT8PDkwcne1MRJ0z0wvycBexR4VvgkWHmi16rLi1rYBr5zl:+PYwcn6M20wvycuRovgk/W6rLW2r/
Yara None matched
VirusTotal Search for analysis