Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
03.12 02:03
vcc.exe
03.12 02:03
niceworkingskillwithbe...
03.12 02:03
kissingwithbestexperie...
03.12 11:03
boilfdsefSQ.exe
03.12 11:03
1776871603.exe
03.12 11:03
crossings.exe
03.12 11:03
PhonerLite.exe
03.12 11:03
thawdtyh.exe
03.12 11:03
casse.exe
03.12 11:03
GoldAge3ATOm68k

Latest News
03.12 10:03
2025 is cloud security...
03.12 10:03
US lawmakers warn agai...
03.12 10:03
Over 778K cryptowallet...
03.12 10:03
Misconfigured AWS S3 b...
03.12 10:03
Legacy SOAR vs. next-g...
03.12 10:03
How Oak Ridge National...
03.12 10:03
Former Trump cyber lea...
03.12 10:03
Expert: Amateur hacker...
03.12 10:03
Clop leaks data purpor...
03.12 10:03
CISA removes backing f...

Dropped Files | ZeroBOX

Name	ef8cc98dc70961f2_hwjxn9pj.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hwjxn9pj.cmdline
Size	311.0B
Processes	1832 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`77722a455581a502df61b868acfe066e`
SHA1	`94df76f642c2f6925b9e9d024f2dbf5b56aaf4a8`
SHA256	`ef8cc98dc70961f25bdb7aac8a035a83f372b315db0a10da2ca44855c8f392cb`
CRC32	`85777F07`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fJJemGsSAE2NmQpcLJ23fJGA:p37LvXOLM2nPAE2xOLML`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_hwjxn9pj.err Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\hwjxn9pj.err
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	52de106629b27ce5_hwjxn9pj.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hwjxn9pj.dll
Size	3.5KB
Processes	2452 (csc.exe) 1832 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c8cbfb357bca1fa8e8e276df2787b0c4`
SHA1	`106db7dc997eff1b73a39becaac6fecbb4ee0afd`
SHA256	`52de106629b27ce57058c38098f5adff977715a1e635a6ae7989c1a32db3fe74`
CRC32	`04B1E971`
ssdeep	`24:etGSFN6G7wcrCl/Z/kKQlurpUbdPtkZfZG1DGw18CSmI+ycuZhNYPakSroPNnq:6iuClJrpMuJZG17OCh1ulYPa3rQq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Network_Downloader - File Downloader IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	0ed5b0823e71e0e3_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	1832 (powershell.exe)
Type	data
MD5	`f4a8a3e56bca0190031a365f104571cf`
SHA1	`7a4eac7016b8feca961f757cfe05bfeb4b76c10f`
SHA256	`0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41`
CRC32	`E95A2C69`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	b9122bdbe184527a_hwjxn9pj.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hwjxn9pj.0.cs
Size	474.0B
Processes	1832 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5	`3147a19ec1e2ca4dc2344665354ef9a2`
SHA1	`f6e6a3847f7ae30fb279f19fc17839fbf4e6a329`
SHA256	`b9122bdbe184527ab997355269a37fce8762e712edbf6c68aa8845d0dd07a98e`
CRC32	`3A64646B`
ssdeep	`6:V/DsYLDS81zu43cMGtplQXReKJ8SRHy4HnQr5IfbYYp8TBy:V/DTLDfu45XfHjQFmgy`
Yara	Network_Downloader - File Downloader
VirusTotal	Search for analysis

Name	03f09c2a25106cfe_CSC456B.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC456B.tmp
Size	652.0B
Processes	2452 (csc.exe)
Type	MSVC .res
MD5	`e205b8642a0208f4b82dfc8f25c03947`
SHA1	`66d28799bd5d8cf484a8983dd8f2e14aeff9bc99`
SHA256	`03f09c2a25106cfee446916ae8e5fe073478b85ce037b83d0081d26dadc048d8`
CRC32	`7C8EFCDC`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryGPak7YnqqroPN5Dlq5J:+RI+ycuZhNYPakSroPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	503b5181670548b7_hwjxn9pj.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hwjxn9pj.out
Size	598.0B
Processes	1832 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`5c086936581360fe8af9117c379ac5a4`
SHA1	`2cbdf2b79aada1bf7fadc30ca0964171387cea65`
SHA256	`503b5181670548b7b882bc8227869363a4c09b7514aedb1e40d70c4c84657ad0`
CRC32	`84F23588`
ssdeep	`12:K4X/NzR37LvXOLM2nPAE2xOLMKKai31bIKIMBj6I5BFR5y:KyNzd3B2nIE2nKKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	e6401cf97a545ec4_RES45DA.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES45DA.tmp
Size	1.2KB
Processes	2280 (cvtres.exe) 2452 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`e5cc6be8372834d634c2e70c27a4371d`
SHA1	`0a0fd2cfc1310878fdf1d063ca46c0b2bdd120e2`
SHA256	`e6401cf97a545ec4825fec9ea98ff5a76d3a51d1baa45c9050fba4af6bfe40be`
CRC32	`9DDC6FC8`
ssdeep	`24:Hxd6J9YerngdmH/UnhKLI+ycuZhNYPakSroPNnqjtd:RdfernEmcnhKL1ulYPa3rQqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	c080a08ae2a3e0f6_hwjxn9pj.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hwjxn9pj.pdb
Size	7.5KB
Processes	2452 (csc.exe) 1832 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`ad4e0de3f6b1ee1a1b3da6030b7562b2`
SHA1	`7094afcdcb9ebed62a942175d0cf936d88c7f683`
SHA256	`c080a08ae2a3e0f6cc492d7c5d368f33bcea9c493fdd711e5594ee95db64071a`
CRC32	`CB2F1511`
ssdeep	`6:zz/BamfXllNS/Wz101mllxrS/77715KZYXnz1MoGggksl/3YXBGQu+e0KWEi+:zz/H1W/Wz1cSXS/pw2z1MmqRi`
Yara	None matched
VirusTotal	Search for analysis