Dropped Files | ZeroBOX
Name f5cb9476e4b5576b_db.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\db.dat
Size 557.9KB
Processes 2996 (jgzhang.exe)
Type data
MD5 ee5d452cc4ee71e1f544582bf6fca143
SHA1 a193952075b2b4a83759098754e814a931b8ba90
SHA256 f5cb9476e4b5576bb94eae1d278093b6470b0238226d4c05ec8c76747d57cbfe
CRC32 373F01CF
ssdeep 12288:QUd0UAQgTkZYxdNLCj2ICMBYCTKTZmF5zRn5cdE:QUddADm/jGsOTZmF5zRGW
Yara None matched
VirusTotal Search for analysis
Name baa3acf778b3bcf4_jgzhang.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\jgzhang.exe
Size 328.0KB
Processes 2648 (power.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bbaa394e6b0ecb7808722986b90d290c
SHA1 682e835d7ea19c9aa3d464436d673e5c89ab2bb6
SHA256 baa3acf778b3bcf4b7be932384799e8c95a5dc56c0faea8cbf7a33195ab47e73
CRC32 73058F90
ssdeep 6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33WEPT:evjas8uHEAAtvBpk3EPT
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 24a53033a2e89acf_db.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\db.dll
Size 52.0KB
Processes 2996 (jgzhang.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 1b20e998d058e813dfc515867d31124f
SHA1 c9dc9c42a748af18ae1a8c882b90a2b9e3313e6f
SHA256 24a53033a2e89acf65f6a5e60d35cb223585817032635e81bf31264eb7dabd00
CRC32 05945495
ssdeep 384:XehpWSsdMRgTh4QPt0RaYaGCp9FclU2sSadM7yjR+Lcuczw0RoR/5rdy7olDJfUw:ipW6+grtlU2v7yGLwwouflpZ2tVtkTF
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name b597b1c638ae81f0_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\07c6bc37dc5087\cred64.dll
Size 1.0MB
Processes 2916 (nbveek.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 2c4e958144bd089aa93a564721ed28bb
SHA1 38ef85f66b7fdc293661e91ba69f31598c5b5919
SHA256 b597b1c638ae81f03ec4baafa68dda316d57e6398fe095a58ecc89e8bcc61855
CRC32 D82A4E07
ssdeep 24576:MVaH8jJPWhQnZzrZ+7xr1rZfVlTxd43vW35m:KAhQnZzrZSxxZfVlUu
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Ave_Maria_Zero - Remote Access Trojan that is also called WARZONE RAT
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 57c011aeceb54ab5_ss31.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ss31.exe
Size 579.5KB
Processes 2648 (power.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ecf708ffb402f5956e63e73313d8c46f
SHA1 9333f29c771a162cdf3b00a07ea6a94623e33762
SHA256 57c011aeceb54ab58d9d2ea21a115ca66145c445e172492ace12cce697c0852e
CRC32 9D6CAD6B
ssdeep 6144:Q14SqFpEYpaak+GM+/EDqPz8lEjF52y7gA8vvdI/CO4XXdbHwGcAv:Qb1Yprkp/EDqrf2ysF84VHH
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Generic_Malware_Zero - Generic Malware
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name b01458450f0584c3_832866432405
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\832866432405
Size 36.1KB
Processes 2916 (nbveek.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 1094dbe61289771e0051019d761aa61b
SHA1 14afec78e9da4e3b86de55ea74cfffc72687fa7a
SHA256 b01458450f0584c37699a677c4073cb00d733523fb7e1b51d02ae0b424aa83c2
CRC32 001A9083
ssdeep 384:0JaiPMgLAXPoXHl9NPJYZhH3RhlfFZQA5s9D6wd9BEmz1+tisuMiPp/U:0AbAAXPoXpPJYxh9s9D6wdvEmp+t3tuc
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name b1f486289739badf_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\07c6bc37dc5087\clip64.dll
Size 89.0KB
Processes 2916 (nbveek.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 d3074d3a19629c3c6a533c86733e044e
SHA1 5b15823311f97036dbaf4a3418c6f50ffade0eb9
SHA256 b1f486289739badf85c2266b7c2bbbc6c620b05a6084081d09d0911c51f7c401
CRC32 5E5F26F5
ssdeep 1536:ouON8V8ybtiqY2bpxLW9woUsScAbcauNhV2ZszsWuKcdJUfaI89p:ouhVZbtvbpxLHoUsYuNhV25LJUfaI89p
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 619bbbc9e9ddd1f6_player3.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Player3.exe
Size 244.5KB
Processes 2648 (power.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 43a3e1c9723e124a9b495cd474a05dcb
SHA1 d293f427eaa8efc18bb8929a9f54fb61e03bdd89
SHA256 619bbbc9e9ddd1f6b7961cacb33d99c8f558499a33751b28d91085aab8cb95ab
CRC32 203E0068
ssdeep 6144:y324aAQBPEFA7OTnYZf/NPPoNqgu1ynfDwnE:yQcF/uf/9ozu1yG
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis