Dropped Files | ZeroBOX
Name cfb5752a7e0af641_mohta5.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000006051\mohta5.exe
Size 659.0KB
Processes 1964 (ghaaer.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d313a28dd29f4de31d8b9614fcdcf043
SHA1 da1ec04436eb43a39dd2f66ff9e1d1d277e4325e
SHA256 cfb5752a7e0af6413edda3cd03e731221e680b8cebbf5b457f8103275db31661
CRC32 9C1AF081
ssdeep 12288:jMruy905V/2Ycm9cL1Pwl6FpPlYj3QDDE5OTzhOmIOQYpN1dAuazps:dypS9Se6Fm3QDDhO3fY/1dIps
Yara
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 162.0B
Processes 1964 (ghaaer.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name cf2730fda38e3945_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 1964 (ghaaer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 c1ddaca25d84d05e809ffce1d2b468b7
SHA1 38f257a264e657a20aa2fb3b48adb53c4bce5c8f
SHA256 cf2730fda38e3945795b00cfaa3074b9ec356b0ff7b2a493a318fccd34b677dd
CRC32 24C997D3
ssdeep 1536:Go4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU0OaB89p:GoUCWbBNpplToUs1uNhj25LJUPaB89p
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 8fb3fa88d3487236_serko4.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000005051\serko4.exe
Size 531.0KB
Processes 1964 (ghaaer.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f27d56b08774ee946a086190bd0559bc
SHA1 7ae3b8c4a6896edcb72a978f1cbcd7891cadff62
SHA256 8fb3fa88d34872361db0b6b87b14e7b76f63da29223912df557456789939b5f5
CRC32 DD862EF1
ssdeep 12288:hMr6y90A+iBejYpjOfdp8i8xtEAOKdIxOOWecLO/l:byzxB+OE76tTOIIETol
Yara
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis