Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.29 05:04
tomcaterror.bmpqoq
04.29 04:04
qoq.ps1
04.29 04:04
Important_Document.pdf...
04.29 04:04
dllbase64reverse.txt.exe
04.29 10:04
RuntimeBroker.exe
04.29 10:04
2555d50c-0b7e-4aa3-8d8...
04.29 10:04
csr.bin
04.29 10:04
test.exe
04.29 10:04
FreePhotoShop%20Meme%2...
04.29 10:04
discord.exe

Latest News
04.30 01:04
[Control systems] ABB ...
04.30 12:04
한국암호포럼 주관, ‘2025년 국가암호...
04.30 12:04
[보안칼럼] SKT 해킹, 지능형 지속 ...
04.30 12:04
RSAC 2025: Agentic AI ...
04.30 12:04
CyberSG TIG Collaborat...
04.30 12:04
Peeking at Poking Heal...
04.30 12:04
Salt Typhoon hacks to ...
04.30 12:04
Microsoft announces th...
04.30 12:04
Ransomware Hack Said t...
04.30 12:04
UK Treasury to Work Wi...

Dropped Files | ZeroBOX

Name	ac571031e8942ec6_AntiAV.data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\AntiAV.data
Size	2.1MB
Processes	3052 (7z.exe) 2892 (cmd.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`8fb1de53e465392c71af32957d3f89c5`
SHA1	`10434c0399fdfd618ce6d7acb0e715fd49f9f8c9`
SHA256	`ac571031e8942ec6302b5059679b6dfd216ded646eeea0f5ca0eeace4f924adc`
CRC32	`EE85843D`
ssdeep	`24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xU:R9kqGu7okoZscCnf0/Zs9N`
Yara	NPKI_Zero - File included NPKI
VirusTotal	Search for analysis

Name	314fd855dfdad1b8_file.bin Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\file.bin
Size	1.5MB
Processes	2772 (kizuna.exe) 2892 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`ec06e9f840a9cc49a001c3ee5b7fc35d`
SHA1	`f8c9c39b8cc15e091888b2d1b4f0d2c9a7a5166f`
SHA256	`314fd855dfdad1b8a4d934447e8706f76b165fd92d975235b868b75fc91d30ca`
CRC32	`D07D0505`
ssdeep	`24576:YaJmfSpeoj0pTLJoOsZHTgDO/g9uvRvx0gci3oig/2he2CLQRxmc2:sKsoj0JIsORvx0Fi49/uSCYF`
Yara	None matched
VirusTotal	Search for analysis

Name	64929489dc8a0d66_killduplicate.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\KillDuplicate.cmd
Size	222.0B
Processes	2772 (kizuna.exe)
Type	ASCII text, with CRLF line terminators
MD5	`68cecdf24aa2fd011ece466f00ef8450`
SHA1	`2f859046187e0d5286d0566fac590b1836f6e1b7`
SHA256	`64929489dc8a0d66ea95113d4e676368edb576ea85d23564d53346b21c202770`
CRC32	`F14E4A56`
ssdeep	`6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3`
Yara	None matched
VirusTotal	Search for analysis

Name	344f076bb1211cb0_7z.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\7z.exe
Size	458.0KB
Processes	2772 (kizuna.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`619f7135621b50fd1900ff24aade1524`
SHA1	`6c7ea8bbd435163ae3945cbef30ef6b9872a4591`
SHA256	`344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2`
CRC32	`085DB415`
ssdeep	`6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V`
Yara	OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	34ad9bb80fe8bf28_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\7z.dll
Size	1.6MB
Processes	2772 (kizuna.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`72491c7b87a7c2dd350b727444f13bb4`
SHA1	`1e9338d56db7ded386878eab7bb44b8934ab1bc7`
SHA256	`34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891`
CRC32	`D5226149`
ssdeep	`24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT`
Yara	Microsoft_Office_File_Zero - Microsoft Office File IsDLL - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE64 - (no description)
VirusTotal	Search for analysis

Name	afc625f4a9aea1cf_main.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\main.bat
Size	457.0B
Processes	2772 (kizuna.exe)
Type	Little-endian UTF-16 Unicode text, with no line terminators
MD5	`80437650bb4a0cd7c1aade0de0960f84`
SHA1	`9edb806676fd673ffed2b1a0f895c9acf16b43b0`
SHA256	`afc625f4a9aea1cf51a3e2b277cb620968258d7596631a1b9eb22f7ecfef8e4d`
CRC32	`DE311C75`
ssdeep	`12:QUp+CF16g64CTFMj2LIQLvaL2W/PCVGrMLvmuCOCg7y8M9irMhub:QUpNF16g632CkeaKW/PCVGYTdN7y8miP`
Yara	None matched
VirusTotal	Search for analysis

Name	07cbbe345c78cf57_logs.uce Submit file
Filepath	C:\ProgramData\HostData\logs.uce
Size	344.0B
Processes	2204 (KiZuNa.exe)
Type	ASCII text, with CRLF line terminators
MD5	`1063597b4422f9eb17c2471437f95c96`
SHA1	`965fbaa921dccc9fbd2e4d9fa8e4e58062059f24`
SHA256	`07cbbe345c78cf57c3461235ad245ccaa0d18202c7fd8e2c84efd1251ddc5633`
CRC32	`B4C0484E`
ssdeep	`6:+xEX3CwHziO/1KliYgE/ovBwHziO/1zI7wjPJlTlDE8qu2pNKSMAMOOgxNQxN/yt:rhziO/1vwggziO/1GKTC8q3IAxOQgq2A`
Yara	None matched
VirusTotal	Search for analysis

Name	21bc43587dc1f19e_winlogson.exe Submit file
Filepath	C:\ProgramData\Dllhost\winlogson.exe
Size	7.8MB
Processes	2204 (KiZuNa.exe)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`5385a40c6af4c73f43cfa5de46b9f05a`
SHA1	`aec914b73e3c7b4efe0971d1a87e62de2b0776a4`
SHA256	`21bc43587dc1f19ec6271e69fe709b18fdefdfbfc5971a3edf00e92cb1b77995`
CRC32	`D2AE4DEE`
ssdeep	`98304:Cf4ix3tX2mzKHmCTBk1XoHtLgF9o11clR73DArjRjjoHuLc2orGpV7bAUI9+dcGL:CAiLLcg2FiF1E+AsDm1y8n`
Yara	Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	404bdfadc9231927_kizuna.exe Submit file
Filepath	c:\users\test22\appdata\local\temp\main\kizuna.exe
Size	21.0KB
Processes	2148 (7z.exe) 2892 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`dd69c595ea997ab4065bbcac85450bc9`
SHA1	`83bb41553eb05d764b2a52d6873b0bad274c7f8e`
SHA256	`404bdfadc9231927f02e6dc9f14f47196d0ebbb33a49eb8271805d277148f2a2`
CRC32	`96A99DDE`
ssdeep	`384:ibjjHZQ3NzofJHFrybCN906pXtM5PFNwN9zml4QHHSxH15/ufKWryn7:ibjjHe32BgbGqBFNwe4QHyTNV`
Yara	IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	f5958467070bc9e8_file_1.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_1.zip
Size	9.4KB
Processes	2052 (7z.exe) 2892 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`eef8dac3046e61fe546475272b77b628`
SHA1	`659776bb0a9a581285780bcafb0316e4f0898e62`
SHA256	`f5958467070bc9e8dd5eb8c49ac9894bcbb1e0281d45b0e37f7dd3c362de54b0`
CRC32	`3904D2E9`
ssdeep	`192:J5CSQCsCbEbHNuV14NzUwI9Fd10r1/Fqjam5J8pmJTTPTP3tdcGt:3WCbuHNuaUxvMhFWJwmpTPtzt`
Yara	None matched
VirusTotal	Search for analysis

Name	046d522edccb52b3_file_2.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_2.zip
Size	9.6KB
Processes	3052 (7z.exe) 2892 (cmd.exe)
Type	Zip archive data, at least v1.0 to extract
MD5	`9f9e4dfb4e86604baa0b8a4e44b5e74f`
SHA1	`af8239c60a8ce3d673f524070d43c831ed75bf3e`
SHA256	`046d522edccb52b3c03ff6eda21f99fbf6f1a887c540bed95dc5c815745ca6a3`
CRC32	`F68C3277`
ssdeep	`192:J5CSQCsCbEbHNuV14NzUwI9Fd10r1/Fqjam5J8pmJTTPTP3tdcGr:3WCbuHNuaUxvMhFWJwmpTPtzr`
Yara	None matched
VirusTotal	Search for analysis

Name	f7cc1aeb4c1aa261_file_3.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_3.zip
Size	1.5MB
Processes	3004 (7z.exe) 2892 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`517911b74daddea461dac37a0b872b83`
SHA1	`2dbfdf1b7b067d40a47f5f31dd505e17024b4fa7`
SHA256	`f7cc1aeb4c1aa26126ac0eed2ffd255cfa3fde21b2278f136f1d2310e83f2e45`
CRC32	`75A7F99A`
ssdeep	`24576:WbI/7AAb+JQl3Vd02kOC/l5X4/KiROMdWbBkDC6SX39qbwK1ZNKdvLIJvQkH:WujCK3D0AC/l5mwbBkDWYb1ZN4UJHH`
Yara	None matched
VirusTotal	Search for analysis

Name	678a3d3a0ab89b57_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2552 (powershell.exe)
Type	data
MD5	`c5dff414b2158586da4ab2cc6a111820`
SHA1	`46cf90b6b800caa133c92567c24d1488616b355d`
SHA256	`678a3d3a0ab89b57c572808e60528c00a579898fe9983c892e7c64376a31187f`
CRC32	`122C0B37`
ssdeep	`96:4tuCojGCPDXBqvsqvJCwoFtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:4tu6XoFtu6bHnorXxY`
Yara	Generic_Malware_Zero - Generic Malware Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	0113a82f52509113_dllhost.exe Submit file
Filepath	C:\ProgramData\Dllhost\dllhost.exe
Size	71.5KB
Processes	2204 (KiZuNa.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7615cc149441014b54dafe91a383c53a`
SHA1	`2d5cb93d78a02e5bf9e405363df3a8f9a5f6cc93`
SHA256	`0113a82f525091132d24bb83b705c7794a439f7146accd67254d47a13dc4cac2`
CRC32	`A98036BA`
ssdeep	`1536:cNSJ5R/XkDpTDyDbkaduGooo4lX22blOi8a6L:4SfdXqvyDbvlooocm2blOi8a2`
Yara	IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	11bd2c9f9e2397c9_winring0x64.sys Submit file
Filepath	C:\ProgramData\Dllhost\WinRing0x64.sys
Size	14.2KB
Processes	2204 (KiZuNa.exe)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`0c0195c48b6b8582fa6f6373032118da`
SHA1	`d25340ae8e92a6d29f599fef426a2bc1b5217299`
SHA256	`11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5`
CRC32	`6B0323EB`
ssdeep	`192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis