Dropped Files | ZeroBOX

Name	3b462f4db0471866_eckb.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\afcfj\eckb.exe
Size	542.5KB
Processes	2752 (MICROS~1.EXE)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`496d52974a2b46f70f155b696814ad38`
SHA1	`8197e6e087568ce455cfea832f9b5318cd8f4656`
SHA256	`3b462f4db0471866ee181d9443901bea858dd4cf75fef45cca8ab04dd197e94a`
CRC32	`9F66AE72`
ssdeep	`12288:jWonrSWGOnKLDWqVnbijCwSFnT/uRlomeUfnGIh2qnXttukB:CzWXnKLCq1bsGFT/u1pflcqfuk`
Yara	Is_DotNET_EXE - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	511b5701d8eae6fa_system!.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\system!.exe
Size	1.3MB
Processes	2552 (LitPay.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`1b43157f6fc824533d1eb3b31dace277`
SHA1	`c65c1e8aca761b98cd365194e8cb9c61f1dbadfb`
SHA256	`511b5701d8eae6fac6d2e3a8925a60acab40ba2a63cded7b3e195f3586ccbb63`
CRC32	`8881D4FA`
ssdeep	`24576:ayCjxqJ8fWSTYwIC92zG4URHCzi5WUjrwadoSw9yW0xgXpSxNjo9:hCj+STIC0S48HCHIrwaur0EpaNU`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE64 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis