Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.29 05:04
tomcaterror.bmpqoq
04.29 04:04
qoq.ps1
04.29 04:04
Important_Document.pdf...
04.29 04:04
dllbase64reverse.txt.exe
04.29 10:04
RuntimeBroker.exe
04.29 10:04
2555d50c-0b7e-4aa3-8d8...
04.29 10:04
csr.bin
04.29 10:04
test.exe
04.29 10:04
FreePhotoShop%20Meme%2...
04.29 10:04
discord.exe

Latest News
04.29 10:04
Uncovering MintsLoader...
04.29 10:04
Blinded from Above: Ho...
04.29 10:04
Midea Reports Strong R...
04.29 10:04
Global Manufacturing L...
04.29 10:04
Threat Actors Accelera...
04.29 10:04
Millions of Apple Airp...
04.29 10:04
From Stocks to Dollar,...
04.29 10:04
[NEU] [hoch] Redmine.o...
04.29 10:04
Making Security Invisi...
04.29 09:04
Pro-Russian hackers st...

Dropped Files | ZeroBOX

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1826897.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1826897.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	8132514aa1fede00_file_1.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_1.zip
Size	9.4KB
Processes	2500 (7z.exe) 2204 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`35abe82689f4a3c7a2605676e48bf09f`
SHA1	`7071e2309e06dc977cd3e5d2c3e3e52120048da7`
SHA256	`8132514aa1fede004cb88592df7d35c75cde3cee411add8bfd3e1a1b6ac64060`
CRC32	`FB58E7F2`
ssdeep	`192:c+bhv7cox4u1S2lrciEaX78a2vclu/Wgukw5nCfCEDUPen1MZ:bbZYo582lrxEaX78dvUyXukWCKEDOe12`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	5c0159552bbb20a1_AntiAV.data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\AntiAV.data
Size	2.1MB
Processes	2356 (7z.exe) 2204 (cmd.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`6e5be021acd3afbf30501b1683943326`
SHA1	`b57c59735b66a5194f4026503b7574ed3c1bd11a`
SHA256	`5c0159552bbb20a109f02452953e12f35ba4c1c33374160e96b8fdb40573efec`
CRC32	`21443F8A`
ssdeep	`24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xr:R9kqGu7okoZscCnf0/Zs9G`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	8a9235655b1a499d_dllhost.exe Submit file
Filepath	C:\ProgramData\Dllhost\dllhost.exe
Size	62.0KB
Processes	2648 (4343.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4aa5e32bfe02ac555756dc9a3c9ce583`
SHA1	`50b52a46ad59cc8fdac2ced8a0dd3fceeb559d5f`
SHA256	`8a9235655b1a499d7dd9639c7494c3664e026b72b023d64ea8166808784a8967`
CRC32	`8E7E3EE7`
ssdeep	`768:+vfLyCdU0puufOIK1Nekmd52a3bCnP2PmxeETwM:+3LE0pu59ikmdYebCnO+xeEsM`
Yara	Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9ef2e8714e85dcd1_winlogson.exe Submit file
Filepath	C:\ProgramData\Dllhost\winlogson.exe
Size	7.9MB
Processes	2648 (4343.exe)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`4813fa6d610e180b097eae0ce636d2aa`
SHA1	`1e9cd17ea32af1337dd9a664431c809dd8a64d76`
SHA256	`9ef2e8714e85dcd116b709894b43babb4a0872225ae7363152013b7fd1bc95bc`
CRC32	`04A4594C`
ssdeep	`98304:ZLsUYfB9pOp/BWLbrkShfa+XQD/YPLTDtU5SXXMQHJw7ZB87TtIeUK+MzfL7cybS:Kgp/NQ7rfWOlb1paSbkJFsxfKLNIS`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	8969d97a9fbe1c6e_file_2.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_2.zip
Size	9.6KB
Processes	2452 (7z.exe) 2204 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`b7b899287de3ebda807065b6cdeb62d6`
SHA1	`da3f9e59d00f26d70feefa421028809611eb657e`
SHA256	`8969d97a9fbe1c6e80f6d8c41607317ea6fdc044000b85bcb7e0517e32850629`
CRC32	`DF9E0578`
ssdeep	`192:KoWAptBzAOLstxZOtQDTMQVEd77JrkVfatvaEG6Zatgp2ojm082:KfA7VA56i4QSd3xkVfatvaEAtgp2uL`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	36be24b4a1198450_file_4.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_4.zip
Size	9.8KB
Processes	2356 (7z.exe) 2204 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`6fd2582bf1efaf165932ee59157253a0`
SHA1	`fb3271f3d917140f0dc05aa45112b5a17ea91219`
SHA256	`36be24b4a119845065875c4c5204a12d6023a3ca2bb0268f9e411ca702c51fd8`
CRC32	`B0A6DE0C`
ssdeep	`192:xUfEbKoLO1vrQ7z/7jCoAM9ON+QxkSlibU1nQQ6F0kbHWlLLCz:sDoLOxQ/PCLM9ON/xxGUnQ9Klm`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	64929489dc8a0d66_killduplicate.cmd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\KillDuplicate.cmd
Size	222.0B
Processes	1952 (conhost.exe)
Type	ASCII text, with CRLF line terminators
MD5	`68cecdf24aa2fd011ece466f00ef8450`
SHA1	`2f859046187e0d5286d0566fac590b1836f6e1b7`
SHA256	`64929489dc8a0d66ea95113d4e676368edb576ea85d23564d53346b21c202770`
CRC32	`F14E4A56`
ssdeep	`6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3`
Yara	None matched
VirusTotal	Search for analysis

Name	344f076bb1211cb0_7z.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\7z.exe
Size	458.0KB
Processes	1952 (conhost.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`619f7135621b50fd1900ff24aade1524`
SHA1	`6c7ea8bbd435163ae3945cbef30ef6b9872a4591`
SHA256	`344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2`
CRC32	`085DB415`
ssdeep	`6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	dd5598d17bf0baad_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2912 (powershell.exe)
Type	data
MD5	`35b14389055c963f4b3810bfabfb4c8e`
SHA1	`1125679c2af07e4473e892f3b8520537662c8e9a`
SHA256	`dd5598d17bf0baad083fc1d7b24cdca7fe3ad9001c1b827b5b2a98f4ace93dda`
CRC32	`FB7ED279`
ssdeep	`96:UtuCeGCPDXBqvsqvJCwoBtuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoBtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	34ad9bb80fe8bf28_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\7z.dll
Size	1.6MB
Processes	1952 (conhost.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`72491c7b87a7c2dd350b727444f13bb4`
SHA1	`1e9338d56db7ded386878eab7bb44b8934ab1bc7`
SHA256	`34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891`
CRC32	`D5226149`
ssdeep	`24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT`
Yara	Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	d41b37a36864b96b_file.bin Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\file.bin
Size	1.5MB
Processes	1952 (conhost.exe) 2204 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`8765d18a735710d8037ececb93d8872f`
SHA1	`52b06b3474dd2bd4780adddf70b2151cc354cb69`
SHA256	`d41b37a36864b96b0655c1dc32ed19c536f91df7cd215991f9ef1ff564c5deb9`
CRC32	`5123A8F7`
ssdeep	`49152:wzRdka5Gmk+/4ONeE+8q2t+vn/XyqaD+CwWA+vX2Z5trXF:wX56+gOG8mvL0d5A++Zvp`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	5a55b0615861e4da_main.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\main.bat
Size	450.0B
Processes	1952 (conhost.exe)
Type	Little-endian UTF-16 Unicode text, with no line terminators
MD5	`4e2e5ad3c30b6af3037af9a33b1cf58a`
SHA1	`775919b4d7a01ef121817696077ede58fb0c2f97`
SHA256	`5a55b0615861e4dafdc1c94091cc63d3d16f38efe6eff475025452f40ed48fcc`
CRC32	`85FC1103`
ssdeep	`12:QUp+CF16g64CTFMj2LIQLvVnQWY4CVGrMLvmuCywJhguF8rVrR61Jy:QUpNF16g632CkeFQWNCVGYTbwJWuF8rN`
Yara	None matched
VirusTotal	Search for analysis

Name	188c03341a0a8d53_file_3.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_3.zip
Size	9.7KB
Processes	2404 (7z.exe) 2204 (cmd.exe)
Type	Zip archive data, at least v1.0 to extract
MD5	`ffaba803c6ec78bb858443fbfb00323e`
SHA1	`1bbaf1c1bd99adbe1b978d49665fa105e3f9da95`
SHA256	`188c03341a0a8d53c8985ba1cf1ae7a7ec170bb9a08b538b79156b256b912a23`
CRC32	`79D44758`
ssdeep	`192:GoWAptBzAOLstxZOtQDTMQVEd77JrkVfatvaEG6Zatgp2ojm08r:GfA7VA56i4QSd3xkVfatvaEAtgp2u+`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	a50ac00c790835e0_4343.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\4343.exe
Size	21.0KB
Processes	2556 (7z.exe) 2204 (cmd.exe) 1952 (conhost.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`22ee22fcb2969032444ebbe2c179dc0e`
SHA1	`e57ca20322e3bf0b06700b1ab4ccaabbe48137d8`
SHA256	`a50ac00c790835e0ed05ea8cc2f0ca0e42fcd9a1fe23dcffc2aea2c342173ed0`
CRC32	`250F180F`
ssdeep	`384:gbjjHZQ3NTofJHFrybCN906pXtM5PFNwN9zmjAs/c15/ufcWrynX:gbjjHe3KBgbGqBFNwAAs/cNz`
Yara	UPX_Zero - UPX packed file Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	11bd2c9f9e2397c9_winring0x64.sys Submit file
Filepath	C:\ProgramData\Dllhost\WinRing0x64.sys
Size	14.2KB
Processes	2648 (4343.exe)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`0c0195c48b6b8582fa6f6373032118da`
SHA1	`d25340ae8e92a6d29f599fef426a2bc1b5217299`
SHA256	`11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5`
CRC32	`6B0323EB`
ssdeep	`192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	bc943efe9e3fe5b0_file_5.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main\extracted\file_5.zip
Size	1.5MB
Processes	2308 (7z.exe) 2204 (cmd.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`492555b812d27c537f498c8d0dcc3664`
SHA1	`81d903ea0dc5908fa5cd14a741f8f4dbbd9c90f4`
SHA256	`bc943efe9e3fe5b06146ab204144de7e33be38b264b64151caff3d240dbbf633`
CRC32	`5D7363B5`
ssdeep	`24576:zbI/7AAb+JQl3Vd02kOC/l5X4/KiROMdWbBkDC6SX39qbwK1ZNKdvLIJvQ271N:zujCK3D0AC/l5mwbBkDWYb1ZN4UJ9pN`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	6784c5bab4326796_logs.uce Submit file
Filepath	C:\logs.uce
Size	341.0B
Processes	2648 (4343.exe)
Type	ASCII text, with CRLF line terminators
MD5	`6bd75314afd3d59c94352183832751a6`
SHA1	`e3b3706ca0bbed4689fab4a06d1d209847711b39`
SHA256	`6784c5bab4326796585b57eb84c3c9d2bce407588c2ce2ac3d71458899c7afb9`
CRC32	`B189F954`
ssdeep	`6:DiYgE/ov8TSQpg4nSEiYgE/ov8TSQpg4nSdI7wXP1tNa5J/m+qE0PeR5UyGnAKHy:uwg8+qSFwg8+qSktqjPeRKFAEy`
Yara	None matched
VirusTotal	Search for analysis