Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Dropped Files | ZeroBOX

Name	4eff7bea6d2a5ef9_wa363839.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\wa363839.exe
Size	993.0KB
Processes	2556 (photo_410.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`da8d8e61799dd75e148000fe955a3b0e`
SHA1	`03c2b092bb4ec6a905c1261c76954c6e4ff38124`
SHA256	`4eff7bea6d2a5ef9a79b30e0d1895abc94e4dd9fb4b4005ac287e2a426c76684`
CRC32	`4498B35B`
ssdeep	`24576:Qy/fONglF8amytFmRZj0ubinB3jlUlPi1L/uFQ7jwzU:X/fhjmytqZj0uGNR8617uK70`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	3beff72a3e53d77f_foto0174.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000007051\foto0174.exe
Size	727.5KB
Processes	604 (oneetx.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c022ed38a344f89b50dbcffdd84628b5`
SHA1	`dde6873e26a99e446dfbd2c59a74f731ca113e4e`
SHA256	`3beff72a3e53d77fcbe6ef24192e1e8afaa1b4f0e9ff8fa7a799fa0fb88f55c6`
CRC32	`625D547C`
ssdeep	`12288:A9y901jEXxwq7CeOJAOl1pOsfBupNb9ZK3XOAdGlunUhtjIzDRPJ+v:UyIwXqq7CpJAOzpvfYb++run4tjIzt4`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	340c8464c2007ce3_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size	162.0B
Processes	604 (oneetx.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`1b7c22a214949975556626d7217e9a39`
SHA1	`d01c97e2944166ed23e47e4a62ff471ab8fa031f`
SHA256	`340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87`
CRC32	`CC58D737`
ssdeep	`3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu`
Yara	None matched
VirusTotal	Search for analysis

Name	898eb4d426897902_594526377.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\594526377.exe
Size	136.6KB
Processes	2556 (photo_410.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9c4455631960ab54c4d5a109bcd338cc`
SHA1	`2f804eb77714c62bc84820306815e7359205b9e8`
SHA256	`898eb4d426897902a690b16cbe549781a577f632bd3aeae0f81f16ddfe0493a2`
CRC32	`FCA7C6F1`
ssdeep	`1536:zx5Pz11KZMywM5UafqtcY4+h4f5vbV3hNA9W7sYgibfbFDKsR2:F5Pz11oFvq4xjN/A9WoYgafJl2`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check ConfuserEx_Zero - Confuser .NET Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	59b07324be7cf9f7_foto34.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000008051\foto34.exe
Size	673.5KB
Processes	604 (oneetx.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a71662942f76f9d11aa47ae2373f7e1a`
SHA1	`40e745bab9099d143887b4346e49b9ec964db628`
SHA256	`59b07324be7cf9f7e15d2d890d85a8b8055af7e8cc8903ec1ed61c45a449a3e4`
CRC32	`0C9767D5`
ssdeep	`12288:Fy90sLNdQJiISt/NpqbdC4ZTjG4KLOlu2Ugvjjzzb3MqAPreeE7vq:FyJnSiIO/yTu2fvjjzzb3Mw+`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	005c748aefef6ab5_oneetx.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cb7ae701b3\oneetx.exe
Size	204.6KB
Processes	2980 (389830422.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cffcdf45269fa41fe114bad3964231c7`
SHA1	`1674597d6491da231fc6ab852ca9b630d0c6ddc3`
SHA256	`005c748aefef6ab5f6dbf4ea5ac4fcc0b5f3569ee4ebcf4a1d8fb0c7870142a1`
CRC32	`0A96F489`
ssdeep	`3072:c/frTDzurT1S3CzpdmnATE55zjExkKGruONMvhu5QTXzeJX2vkMfSDPwU:Wfrnzurs3Czpexj2kGOIu5QTyJMKk`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	675771ae0ef1ba5c_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size	89.0KB
Processes	604 (oneetx.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`cfe2ef912f30ac9bc36d8686888ca0d3`
SHA1	`ddbbb63670b2f5bd903dadcff54ff8270825499b`
SHA256	`675771ae0ef1ba5c7fdde82f950461c2c4487e56b3fc41f5c544b73c8b33f10d`
CRC32	`0DE439CF`
ssdeep	`1536:Wo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU1eaB89p:WoUCWbBNpplToUs1uNhj25LJUwaB89p`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis