Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.02 08:07
log2.exe
07.02 08:07
log1.exe
07.02 07:07
svchost.exe
07.02 07:07
asec.exe
07.02 07:07
kdmapper.exe
07.02 07:07
buildcr.exe
07.02 07:07
csrss.exe
07.02 07:07
IHBHXXQF.exe
07.02 07:07
snukingorig2.5.exe
07.02 07:07
igccu.exe

Latest News
07.02 08:07
Infostealers on the Ri...
07.02 07:07
A Playbook for Detecti...
07.02 07:07
The Evolution of Phish...
07.02 07:07
CISA Report Finds Most...
07.02 06:07
Cyber A.I. Group Annou...
07.02 06:07
Despite adoption hurdl...
07.02 06:07
The importance of inte...
07.02 06:07
regreSSHion: Critical ...
07.02 06:07
ポルシェカレラカップブラジル、Microso...
07.02 06:07
Celebrate Repair Indep...

Dropped Files | ZeroBOX

Name	fbb15a5b013c3e5d_tmpB984.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpB984.tmp
Size	288.0KB
Type	SQLite 3.x database, last written using SQLite version 3031001
MD5	`44da0e59f632f910506c78209a307b40`
SHA1	`28d6970d9ba31a6a8c6c92cd2ffc8f55408ddb7d`
SHA256	`fbb15a5b013c3e5d27729745bdfe6a04e96971135ff70d03e8cb114afd8ac4f1`
CRC32	`D7521975`
ssdeep	`192:LXva0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v/:z1zkVmvQhyn+Zoz67i`
Yara	None matched
VirusTotal	Search for analysis

Name	ffb18189c8e04084_tmpB948.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpB948.tmp
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`c19826403c4c8e5086a8d49e37c94838`
SHA1	`4d19768231a3373fb0fa91d5513e21ad772b137b`
SHA256	`ffb18189c8e040846bba547b243fda347516329d58a44b26fd8616549249e077`
CRC32	`36EBD488`
ssdeep	`48:ToLOpEO5J/KdGU1/X2ydikE6HDHCp0mSzW34KXEw:ENwudLE6jOSzLw`
Yara	None matched
VirusTotal	Search for analysis

Name	2b875f4d5f072242_uacwev.bat Submit file
Filepath	C:\ProgramData\uacwev.bat
Size	383.0B
Processes	4420 (srvs.tmp) 2424 (cmd.exe)
Type	ASCII text, with CRLF line terminators
MD5	`ace1a6c2ea9446d1bd4b645d00bc2c46`
SHA1	`a9c41e189775db5a507785c1c527ff9fb7a07bd6`
SHA256	`2b875f4d5f0722425969fd5963fa0276a101ce63ddb91e5960f2860ab0aedbf4`
CRC32	`5989CF99`
ssdeep	`6:bDSUx2cL4iPeZbpmLp2cLM+BtOx2cL9s2cLZbpmLKAB2FpJoyVl5QoiVlUvKw7wH:nShsSdmMN+BtZwXSdmarPl5z4lc2`
Yara	None matched
VirusTotal	Search for analysis

Name	3acef212e738893e_srvs.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-5IS72.tmp\srvs.tmp
Size	708.5KB
Processes	1892 (srvs.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`025b645d99b2eed57b669c7287d24c9e`
SHA1	`6883b676e66a277f43cb4d2eca130c6c47cfed51`
SHA256	`3acef212e738893efc7451c2a7c321ab0f48352b76c46bd6a14b5aeb054453a0`
CRC32	`0DC9CDDE`
ssdeep	`12288:CqIBjQ2zOnrPY37gzHIA6OhHhE6pmWERI/g2arNdXda94LbW/APblaSt3yx9IN:PI5Q2zOnrPY37gzHIA6aBE6EWE2gnl2+`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet escalate_priv - Escalade priviledges screenshot - Take screenshot keylogger - Run a keylogger spreading_file - Malware can spread east-west file win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token win_private_profile - Affect private profile win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) borland_delphi - Borland Delphi 2.0 - 7.0 / 2005 - 2007 Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	6c5bdba65823d907_tmpB94A.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpB94A.tmp
Size	80.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`2879b25c64012e6d19d0d34da682dcdd`
SHA1	`554af0d1d9d3c0daf0567f75128426c48ad7f3c5`
SHA256	`6c5bdba65823d9079daae7ca8fe953fbdea165742db98a7e4f0de3e5c2252758`
CRC32	`EF73B05C`
ssdeep	`96:ZBv7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9uE:ZBMOUNlCTJMb3rEDFAl67/`
Yara	None matched
VirusTotal	Search for analysis

Name	40a7e712d6cf7f4e_ccleaner.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk
Size	489.0B
Processes	4420 (srvs.tmp)
Type	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5	`300e6edd248e2f1e6a95863d46369cdf`
SHA1	`4d0c3b999e2e05516768afe2c5ba88029f58ab0d`
SHA256	`40a7e712d6cf7f4ebbab482874cb4dd8d2d8b3c345931a3645ba79acebd6ee85`
CRC32	`6701BD9A`
ssdeep	`6:4xtCl0qeAvqfhEttmWi7B7QRYrNSbhEZMqYrNEMbhE1klC:8wl0qekqf4XGNSbtNEMbjl`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	88f9dc0b9a633e43_tmpB995.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpB995.tmp
Size	512.0KB
Type	SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5	`dd47ebe6866ad2ab59d0caa1de28d09e`
SHA1	`afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663`
SHA256	`88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3`
CRC32	`8DEE9EEA`
ssdeep	`24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm`
Yara	None matched
VirusTotal	Search for analysis

Name	7c7c1ab434c6d263_uxtheme.dll Submit file
Filepath	C:\ProgramData\uxtheme.dll
Size	52.2KB
Processes	4420 (srvs.tmp) 2424 (cmd.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`ab2dfff902a3396c2d829fc5f47d0f96`
SHA1	`8c89f1d3080419a23fc83d999d711923fd3d4c09`
SHA256	`7c7c1ab434c6d26365624712c833374ed1dee19f548b3386e64972bdda925694`
CRC32	`E1380B43`
ssdeep	`768:XgAs/cZz3DfEqTIYv4gKNwFPxPeUIIL8bC4g:ISzrEqTIm4gKN2PxPP8C4g`
Yara	PE_Header_Zero - PE File Signature Zero IsPE64 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasOverlay - Overlay Check HasDigitalSignature - DigitalSignature Check
VirusTotal	Search for analysis

Name	12b3c77f660d66c5_tmpB903.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpB903.tmp
Size	86.5KB
Type	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	`87ef5025c70d86c0899a4093e6f9a06b`
SHA1	`ff1fb0801ea158c6d8dcf9dfa77de8ca687f84a1`
SHA256	`12b3c77f660d66c553ac8fb84369b1d75969005882381e46ee5448549ce1ba3f`
CRC32	`69D8DE6F`
ssdeep	`1536:chIoz+vs0tKqq+9uMIdSWdQT7ayMxbbWxpxjU3Nci0N0GDIEW/a1Yiur:OIoz+00sg7dna/xbwU36i4IEW/J`
Yara	None matched
VirusTotal	Search for analysis

Name	4cc2f239f8838c6e_tmpB914.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpB914.tmp
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`2a51cf5f096c5924c7f47732d12e7c92`
SHA1	`6fcb446f6e2af378bb6aae032d58fbf939c98826`
SHA256	`4cc2f239f8838c6ec8297440c1455f09491854bcc3ac644fbcb53fe42dfb6ee2`
CRC32	`E70F8913`
ssdeep	`48:O3k+YzHF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:kSe7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	848d04f917e919ca_swnetwork.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\swnetwork.exe
Size	204.5KB
Processes	8620 (clr3.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3a7d2f1815f84f8f678af316d2475e34`
SHA1	`f13b3cfee8d1f65583a9dd7fc98362e105f19d8e`
SHA256	`848d04f917e919caaf01ce7d1210a92c8516f1df5832d7a78d72f9c3b9aa4973`
CRC32	`062E1E0E`
ssdeep	`3072:DDKW1LgppLRHMY0TBfJvjcTp5XOEz5bEZRgtT57cIw4ed0ZfEe2+:DDKW1Lgbdl0TBBvjc/OZUw4E0fX`
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile UltraVNC_Zero - UltraVNC IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check
VirusTotal	Search for analysis

Name	c1fe973ec51d405d_srvs.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\srvs.exe
Size	9.1MB
Processes	8620 (clr3.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`79143f8bb899f89ad0a244017e4934dd`
SHA1	`ac491a1e24185677ac59eb1d937b990941e4acd9`
SHA256	`c1fe973ec51d405df053a593909e50a2f6929e95966557e0b5188861ca983c56`
CRC32	`9BDF52AF`
ssdeep	`196608:5diWhHuOZ9gaOUTEX6Ln714t+zQotTA82laPYOSPQW5RznW:7iaEkCt+zQoG82lAL2QW5Ri`
Yara	PE_Header_Zero - PE File Signature Zero escalate_priv - Escalade priviledges win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check HasDigitalSignature - DigitalSignature Check borland_delphi - Borland Delphi 2.0 - 7.0 / 2005 - 2007
VirusTotal	Search for analysis

Name	2984d41816d24e4f_pass.exe Submit file
Filepath	C:\ProgramData\pass.exe
Size	8.7MB
Processes	4420 (srvs.tmp) 2424 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fe66a84c175bcd25b2a6221fa3c74976`
SHA1	`69745ac398f3cbbb61fa253625faff2c5e7defe0`
SHA256	`2984d41816d24e4f00f4aabead77f558d25134f70099d0da610adcefce82126c`
CRC32	`F56602B3`
ssdeep	`196608:6+Cvx+UaVrcYF6nP66ZVazTaelJ7PEQzrLwaJfJiGqx:6jVsIYFBgVaZTLwapJix`
Yara	PE_Header_Zero - PE File Signature Zero escalate_priv - Escalade priviledges win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check borland_delphi - Borland Delphi 2.0 - 7.0 / 2005 - 2007
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-GM8PS.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	4420 (srvs.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	PE_Header_Zero - PE File Signature Zero win_files_operation - Affect private profile IsPE64 - (no description) IsConsole - (no description) HasRichSignature - Rich Signature Check
VirusTotal	Search for analysis