popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name ebd0a597e4b1dbc7_juybrb.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\JUYBRB.exe
Size 1.1MB
Processes 2312 (sheet.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 987d937d365e55bb9cc9da4c47c23baf
SHA1 43dd8938a9cbf7824fdd7f0dfbdd49cd63c2cde1
SHA256 ebd0a597e4b1dbc7ff8680b61dfe359ebfe602cdcff8ce3f3aa02b29085c1bed
CRC32 1943B19E
ssdeep 24576:0RmJkcoQricOIQxiZY1iaTzAT+RYpC2Mj5H3AwU55miJ2B:RJZoQrbTFZY1iaX1RYLqADYB
Yara
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 076bc8e1bf9b5a3a_sheet.js
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sheet.js
Size 123.5KB
Processes 2312 (sheet.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 0e6548a247361ef0ad4213e0febddd84
SHA1 11099f44c25e6209a5e04132001c858b9bae799d
SHA256 076bc8e1bf9b5a3aab2cbd801b951afa838210e7165fba1cd00d6c687136fda1
CRC32 7BC4D6F8
ssdeep 1536:ViOl+2+rNoMNFgG99W+2QSEooATaRryo9mx0dB/va/w/XJs91AuPR+YAx:/l+2ONFPAeR2inB/nRW/PRa
Yara
  • Win_Trojan_Formbook_Zero - Used Formbook
  • hide_executable_file - Hide executable file
VirusTotal Search for analysis
Name 76fc5de571f9a7fd_client.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Client.exe
Size 56.0KB
Processes 2312 (sheet.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 dc53c9d0858c68c9e4ed6ed8e7c9d0c8
SHA1 a57304e4a03c60c82469bac41d3bf964fac42eb4
SHA256 76fc5de571f9a7fd4c665fdf7b3ecd72153fbbed05752152cce58ee8dccaa794
CRC32 BD1CCD57
ssdeep 768:gldiv4Kbwg2V+YV5LfADYI1WQZ3nqLMh0AoE7pwaambG4lRPpbk8rhXI6HT:I+bMs3qLzECafbX3bpIcT
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • UPX_Zero - UPX packed file
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name 4454f6250448bb08_budget.xlsx
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\budget.xlsx
Size 20.7KB
Processes 2312 (sheet.exe)
Type Microsoft Excel 2007+
MD5 f73ebdb3d2562351e70c5476172ff4c4
SHA1 49bf5e4428855a9b9f311e7127fd4ce0d5f89eb3
SHA256 4454f6250448bb08bbde2c54ac7308323bd60814461009cedba512781bc4d226
CRC32 69641BAA
ssdeep 384:VM+qgZ9iNpO/Tn+GwbUlM9zSBHGId8MzMrKagGjkJ922:O4ZgpCn+GExyG+8MzU6x
Yara None matched
VirusTotal Search for analysis
Name b243270e308d533c_build.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\build.exe
Size 95.5KB
Processes 2312 (sheet.exe)
Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 ef85556dba997801a26947dd25139bed
SHA1 14079e54460c5782d5be270f5197e56d78cd5155
SHA256 b243270e308d533c62e4909ae1205eb3f38d8bd60fe5a3de9945b8e6a7e07f58
CRC32 5C017623
ssdeep 1536:FqsIhaqpalbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed20tmulgS6pQl:DGaKaYP+zi0ZbYe1g0ujyzdIQ
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • UPX_Zero - UPX packed file
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
VirusTotal Search for analysis
Name f432f4169b2e2464_lztixh.vbs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\LZTIXH.vbs
Size 833.0B
Processes 2404 (JUYBRB.exe)
Type ASCII text, with CRLF line terminators
MD5 796e567c4aa1f785d5caec9346f638af
SHA1 25bbe0929b45ea2a1c0ae650970c86eb1de015ee
SHA256 f432f4169b2e246415d2ae709a745fe341fdcf6751daaf732dbfb5c3d35754cd
CRC32 E1678041
ssdeep 24:dF/UTCU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UT3t+G+7xLxe0WABNVIqZaVzgA
Yara
  • VBScript_Check_All_Process - VBScript Check All Process
  • enclosed - (no description)
VirusTotal Search for analysis