popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 40b0ab5b65c65b48_832866432405
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\832866432405
Size 84.8KB
Processes 1184 (oneetx.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 b1bb4260f604c5660b5b27194b66a68a
SHA1 a1afca5540aa6ec00047c3a857a4cbe2a092d002
SHA256 40b0ab5b65c65b4834a5b3fab98657f852e858053c16fde11541c7cc98a054e4
CRC32 220A42CD
ssdeep 1536:08qQRlKO3tN2xkDDD/QptztsoI8e9dGwRJHX+q3sClGgrrOydcUr:NRl1r2xwD8Lyo7OGwRpX+n2GOrOydcy
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 28f5e5e43a67a48c_oneetx.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\6fd2e6071d\oneetx.exe
Size 211.5KB
Processes 3044 (csrsv.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 13c6b003e4cd8319299a50a51e14a222
SHA1 00f9e5a0204defd1a569bfbdf0c690b351349dde
SHA256 28f5e5e43a67a48c6a41f9814a50b6faf5d20dfee6b17e867429efca82394681
CRC32 A8C8C3B9
ssdeep 6144:tWh1VL9EWeJanEYL7OuuT7Ujz41FiPRL:tg1VdSYL3uT7e0KF
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name 6e77875e1ef76b39_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\27d75989acd3e0\clip64.dll
Size 89.0KB
Processes 1184 (oneetx.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 fb32ce419c5bea931a9e3c4ad70dec00
SHA1 e1ca25f572063dba1d25e58929ddce168338998f
SHA256 6e77875e1ef76b39cfc68d919b4919da77d320bf208d826b643bd7ba48a5b38c
CRC32 E38B4C88
ssdeep 1536:ao4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUe0aB89p:aoUCWbBNpplToUs1uNhj25LJULaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
VirusTotal Search for analysis
Name af4ddfd4d441c924_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\27d75989acd3e0\cred64.dll
Size 1.0MB
Processes 1184 (oneetx.exe)
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 a995fde990914d0ae4278af25213cac0
SHA1 e610383a2c2ebd1de209539c1f6ec7e35436329f
SHA256 af4ddfd4d441c924a034ef6bf800b07ac0bcfdf42616ef64178f2487c1d917e8
CRC32 16D5AA29
ssdeep 24576:H1q/R30hIa8JrC+azFbWZhEYvKuTZyRydkC:HHIa8JrCHzQZhEY3AQD
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Ave_Maria_Zero - Remote Access Trojan that is also called WARZONE RAT
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis