popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name b380dd44db675719_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 2104 (oneetx.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 4061d8dd5006b99d06fa208c0063dfcf
SHA1 38e7df8d8e631f3e9b227df3b9326d187e18cce5
SHA256 b380dd44db67571959bc5f04a5d9c1ec51e48c0617c59e7c4bcbf794a90320f0
CRC32 5BED789B
ssdeep 1536:Ro4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU0GaB89p:RoUCWbBNpplToUs1uNhj25LJUzaB89p
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name eb7e8334a5323f85_oneetx.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\595f021478\oneetx.exe
Size 229.0KB
Processes 2248 (ge565254.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6c07711a17452b855149a95cda6fc830
SHA1 5b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256 eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
CRC32 8334B78F
ssdeep 6144:7iVQQG75dpcElElt/DgK1yuFShFJm2D+:rBKE6LguFS7Jo
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 162.0B
Processes 2104 (oneetx.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name f6890939ae6773ea_foto0154.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000004051\foto0154.exe
Size 973.0KB
Processes 2104 (oneetx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 cca8e5cd2e3fcdea08a90fba304bc2d2
SHA1 fce3f6421517ad8a3c222aef12f2733e484a4500
SHA256 f6890939ae6773ea8ea7f8175171863d781124a15572cef92e96a48d427428d6
CRC32 00662B4F
ssdeep 24576:pycx8OL8qA9ouA1OZVJPqWP9HVWqutEJgtySWGe:cc9jA2uvZVME9HVsmgC
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 5653c5b76ee1c819_fotocr17.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000005051\fotocr17.exe
Size 839.0KB
Processes 2104 (oneetx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d0c8d3b4c5079d2f8c7033a2de82cb71
SHA1 68b943348baafac3b4dd13ac8c829fa91885b992
SHA256 5653c5b76ee1c8197f9ebcf6d86c74efbda7068bff8009556446d2b4b190c01f
CRC32 4B7BDDEB
ssdeep 12288:oMrvy90e83Tg1CB0dSUJvCR0BrHnR7c9X/mMdh8CuIeFbPgIpTMCJgIbBS3r7tGZ:nyGTg1NHnR7c7dWCiT4Isrkmtyp
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis