popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name bbc59eb43822e646_chp1CB.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\chp1CB.tmp
Size 18.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 53ea322f91d6f0de8448b68583284d22
SHA1 b6c835867fbf7e432b834f7366eb0407f3eebbfa
SHA256 bbc59eb43822e64660cc4ccbca37d6dc016eaa9b85b2c6f5b40826bb03188b34
CRC32 CA013001
ssdeep 24:LLY10KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6ocW:4z+JH3yJUheCVE9V8MX0PFlNU12W
Yara None matched
VirusTotal Search for analysis
Name 93ab2478006babcf_Local State
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\TmpUserData\Local State
Size 270.4KB
Type ASCII text, with very long lines, with no line terminators
MD5 981339fd92f4295e8c9d4b2a6bd93705
SHA1 e3a49ed0d9bf44fefa0acb1bab6d67f917899426
SHA256 93ab2478006babcf249f97d49f9b042290a32b8cf55d960889cf12a6fdfcc7c1
CRC32 692DA9BE
ssdeep 6144:+rbB79wUgbGC8PreI+5zqjYMG1roemrAB:QB7eZGCKJ+5uUMGlkS
Yara None matched
VirusTotal Search for analysis
Name b3d510ef04275ca8_ndzrljywndhla
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ndzrljywndhla
Size 2.0B
Processes 2664 (recover.exe) 1796 (process.exe)
Type Little-endian UTF-16 Unicode text, with no line terminators
MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
CRC32 88F83096
ssdeep 3:Qn:Qn
Yara None matched
VirusTotal Search for analysis
Name e5aa1acd8c864164_tmpF8C7.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpF8C7.exe
Size 973.0KB
Processes 2544 (powershell.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 6b2ea6f71bd2165cc92875b0b87862de
SHA1 913189ac1120dd8aa61658c53e71a0b9c2908c46
SHA256 e5aa1acd8c864164ebb1e0c2cfede53df7791f504c1eb1faa15d5f637e938ebd
CRC32 65CAF087
ssdeep 24576:GQiWi8MRydqbKDQjOL28sji/kBjDlzG7Hr6ze/zycghOQvx0rxA:GQiJoNNAi/kBjtC2wN2arxA
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 439d8da1af452a7a_Secure Preferences
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\TmpUserData\Default\Secure Preferences
Size 34.1KB
Type UTF-8 Unicode text, with very long lines, with no line terminators
MD5 72f37b3ba9b35ee5ecb1b0ae14309e1e
SHA1 6bdeaaee9519f8f2e102ed79f76a94601b6e7515
SHA256 439d8da1af452a7a1e54d8b115645ae1628f53b94e36b904eea399ee727f603d
CRC32 EDC99A05
ssdeep 768:gaYRdUQm7LHLOL7vM1kXqKf/pUZNCgVLH2HfCr6Rj0nu6/opli:gRmprOLjAn4u
Yara None matched
VirusTotal Search for analysis
Name e616da3e035237fb_logs.dat
Submit file
Filepath C:\ProgramData\remcos\logs.dat
Size 260.0B
Processes 1796 (process.exe)
Type data
MD5 29861d3c72941165e6175918c362aa65
SHA1 803875f31c0d983df7f162432f2ea4e135fbacf3
SHA256 e616da3e035237fb9f9816aa6744c86b2f99d55fd0750f887affe586960bff7f
CRC32 F8B5EB0D
ssdeep 6:Ml9ltslj5YcIeeDAlOWA4dbJWEogltmgXl1oV:Sslbec0WNW+ltZI
Yara None matched
VirusTotal Search for analysis
Name c64c13c5a9530c63_tmp581D.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp581D.tmp
Size 1.5KB
Processes 2704 (tmpF8C7.exe)
Type XML 1.0 document, ASCII text
MD5 20e6f89ab04c1d42365ade89bad7c9b5
SHA1 ebb5cd2ef650b71f3ca21559c31f41a94d638562
SHA256 c64c13c5a9530c6334ac18b986285350318ebb955ac7ddcb746b8ddfed094a1b
CRC32 3ECF57A1
ssdeep 24:2di4+S2qhH/1ny1mEUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt4hxvn:cgefAYrFdOFzOzN33ODOiDdKrsuT4nv
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF13a9d0.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF13a9d0.TMP
Size 7.8KB
Processes 2544 (powershell.exe) 2904 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name e3b0c44298fc1c14_Cookies
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\TmpUserData\Default\Network\Cookies
Size 0.0B
Processes 1796 (process.exe)
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 24ab737570fa0547_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2716 (powershell.exe) 2612 (powershell.exe)
Type data
MD5 f0195a647b80b8d0fea53f51e20f2d6f
SHA1 67f7305664857fd61233d91f9fe41e48b42d0876
SHA256 24ab737570fa0547ac66b10543cd727925e32c386bcdf81e87e2d01e4375d658
CRC32 9381D2C8
ssdeep 96:4tuCcBGCPDXBqvsqvJCwo1tuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:4tCgXo1tCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis