popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name bf9fcbf1262db5f4_hsn_sac.dbf
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\HSN_SAC.dbf
Size 4.6MB
Processes 2372 (ideainv.sfx.exe)
Type FoxBase+/dBase III DBF, 17941 records * 270, update-date 21-6-16, codepage ID=0x1, at offset 97 1st record "01 Live Animals; Animal Products "
MD5 b34ca400a963c0430fee4351dd905b4e
SHA1 dbe91538900e4d75f8a2c22a8b6b28a2a5f539a3
SHA256 bf9fcbf1262db5f4a70bcb56033ee1faaa4297536e1728b02157dbfb5b82d6c9
CRC32 944C575A
ssdeep 49152:fBw/PZqPKWxixBV1G1J1a1w77z2s0f6qhPx7iZ+aUzbj3djk:b
Yara None matched
VirusTotal Search for analysis
Name e4d35de8f472e464_export.xls
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\EXPORT.xls
Size 39.5KB
Processes 2372 (ideainv.sfx.exe)
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: oem, Last Saved By: iqbaljit singh, Name of Creating Application: Microsoft Excel, Last Printed: Sat Jul 11 07:37:22 2020, Create Time/Date: Fri Apr 27 07:25:46 2007, Last Saved Time/Date: Thu Mar 4 12:23:43 2021, Security: 0
MD5 0b3e4c3bdc43b46400a058e90c726c36
SHA1 04e1805b06d31aa84a57081ff6b5f2a9107f0a47
SHA256 e4d35de8f472e464b5ea2ccec72e3cb2ecea2f36f0f87eadb1868ffcc09dfa60
CRC32 273D9E8D
ssdeep 768:rbrqZRtXZxEtjPOtioVjDGUU1qfDlaGGx+cL/IEOtsHYz3rKAc+:y/xEtjPOtioVjDGUU1qfDlaGGx+cL/Ib
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name ff22cfcd4b82ef8c_ideainv.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ideainv.EXE
Size 24.4MB
Processes 2372 (ideainv.sfx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2e14988ee8857e54f09ac48a452ce3cf
SHA1 d4207f9b45a3695ea67d636a88e4ec08560b63f5
SHA256 ff22cfcd4b82ef8cf8fb130faa88922c79a719f1667d32f17413157242da707f
CRC32 AFD809A3
ssdeep 98304:kqFuZbaSVasU/P68leQPAwNfOY/ZxYthclRbu3Svo:ZFQaSVasU/P6ZhclRa3Eo
Yara
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
VirusTotal Search for analysis
Name e03dae3300626d43_invupdt.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\invupdt.txt
Size 9.0B
Processes 2372 (ideainv.sfx.exe)
Type ASCII text, with no line terminators
MD5 40373df01b6224d8462d85f6f9b8a929
SHA1 97d6c797dff8351b4a81a937c5d648c254a298f0
SHA256 e03dae3300626d4301712c30691f1d92ca2e2ee3443ce1307540276f7043da9c
CRC32 99370827
ssdeep 3:BXQ:hQ
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_8447984
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\__tmp_rar_sfx_access_check_8447984
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 6816c06ed5c8b320_itc04.xlsm
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ITC04.xlsm
Size 2.0MB
Processes 2372 (ideainv.sfx.exe)
Type Microsoft Excel 2007+
MD5 67e951647c4eaf87a83f2d84be79b86b
SHA1 6d8753be97a7ab4575170f827c7cc9b8efbc5eca
SHA256 6816c06ed5c8b32046c15de91a21f9b7803faada23d1f255e0e4b2e65541dc1d
CRC32 964DA69F
ssdeep 49152:cEE1o7b1qyBHJQABNiEZpTgXcVy1wTTM2EsoPU8awHJ1qs2rSJ/xv1WNl2EhooOf:cEEevtYFwpOcVy1wPM2EncCHC9rg/xA4
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries]
VirusTotal Search for analysis