popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name bbc59eb43822e646_pTs26-2J
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\pTs26-2J
Size 18.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 53ea322f91d6f0de8448b68583284d22
SHA1 b6c835867fbf7e432b834f7366eb0407f3eebbfa
SHA256 bbc59eb43822e64660cc4ccbca37d6dc016eaa9b85b2c6f5b40826bb03188b34
CRC32 CA013001
ssdeep 24:LLY10KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6ocW:4z+JH3yJUheCVE9V8MX0PFlNU12W
Yara None matched
VirusTotal Search for analysis
Name 1f1a186ea26bd246_sqlite3.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sqlite3.dll
Size 1.0MB
Processes 3020 (icacls.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 ce5c15b5092877974d5b6476ad1cb2d7
SHA1 76a6fc307d1524081cba1886d312df97c9dd658f
SHA256 1f1a186ea26bd2462ea2a9cf35a816b92caf0897fdf332af3a61569e0ba97b24
CRC32 2F164792
ssdeep 24576:FRwXVREXm6CX7FgiX+y3sxroF/Ktlne05qj7:BmTXhznqroFYlno
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 512e4e95427a8c66_pTs26-2J
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\pTs26-2J
Size 36.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 f4c540f52d5c08d24a79805eda1d7abf
SHA1 22be46826df7693f58736adb232ab2da790f2571
SHA256 512e4e95427a8c66b2993b27bb23d99cdab2ebd6e9e8937c7f6a39ed8c6a5b94
CRC32 95C9FB3A
ssdeep 24:TLmg/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fB34444z:T5/ecVTgPOpEveoJZFrU1cQB34444z
Yara None matched
VirusTotal Search for analysis
Name 8ca12e8b973a1974_sqlite3.def
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sqlite3.def
Size 7.0KB
Processes 3020 (icacls.exe)
Type ASCII text
MD5 88b78a6f643d3341ae9bf96d5816f1c2
SHA1 66d8bb79c945396ffbea9a272ca5baee0eeecf2a
SHA256 8ca12e8b973a1974e160ae2e55f2b59870314df159ba2dc54c7349acee176ebe
CRC32 567FF289
ssdeep 96:GcuN/mwU+anR+7GgbqXdMcAM3K4tGvAF+GEhwIOVtvaENw+Y0aR:E/8+7GgbqbKWrF+GEebvaENw+cR
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2552 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name f2c68180a53c3788_x.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\x.exe
Size 331.5KB
Processes 2552 (powershell.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 617dcd9957272b40fa2b51acd8a77d72
SHA1 371e2c24363cf0d3372cbf5e250bf9eb3c2ba69e
SHA256 f2c68180a53c3788b6bc6d8d0c426fa607e82bb0012999396dc8015a91972eb4
CRC32 61EB559A
ssdeep 6144:EzdN7xuncrUNB/NNj0JJtWr30Sb9gD150AHyZhgvbDOGeyrg:EzTxGLHr30o9gDLGavfAyrg
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • ConfuserEx_Zero - Confuser .NET
  • IsPE32 - (no description)
VirusTotal Search for analysis