Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	3dffc1603fd43455_fotocr45.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000026051\fotocr45.exe
Size	917.0KB
Processes	1188 (oneetx.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`878f32385eda463ff5276f820100867b`
SHA1	`7c50936e06ced45289eb388e2c166eac004ed0cf`
SHA256	`3dffc1603fd43455d8a4edbb3f04bab338bce9b8c121630680b48a35276e01b2`
CRC32	`D2154ECD`
ssdeep	`24576:eyX7A98uzWBrN0hHHA9wVqGVkXhL25XmKNPYi:tXc1zWhO9HAuVNGLKX1PY`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library CAB_file_format - CAB archive file PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	340c8464c2007ce3_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size	162.0B
Processes	1188 (oneetx.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`1b7c22a214949975556626d7217e9a39`
SHA1	`d01c97e2944166ed23e47e4a62ff471ab8fa031f`
SHA256	`340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87`
CRC32	`CC58D737`
ssdeep	`3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu`
Yara	None matched
VirusTotal	Search for analysis

Name	b8c8aedd84c36385_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size	89.0KB
Processes	1188 (oneetx.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8451a2c5daa42b25333b1b2089c5ea39`
SHA1	`700cc99ec8d3113435e657070d2d6bde0a833adc`
SHA256	`b8c8aedd84c363853db934a55087a3b730cf9dc758dea3dc3a98f54217f4c9d0`
CRC32	`05D62A3B`
ssdeep	`1536:Bo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7faB89p:BoUCWbBNpplToUs1uNhj25LJUDaB89p`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals
VirusTotal	Search for analysis

Name	8304250ceeb0690e_oneetx.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\c3912af058\oneetx.exe
Size	968.2KB
Processes	2936 (c0853522.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4295d9d623a13add9284cf080f530692`
SHA1	`bdcbf8ec45f5dfb19d2aeb0e6fc62a15a66add94`
SHA256	`8304250ceeb0690e984309194e209bea77d7da957cb2922e7456a441d8955138`
CRC32	`1B02C0E7`
ssdeep	`12288:6tLTyenMEh/rI+Ea4seWbh1/PjsrCe3NsGTzbEr6JeUc/X016JNHJPXFk2LxvTr2:6tieMEe+HeWXjsldP3`
Yara	Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature IsPE32 - (no description) ConfuserEx_Zero - Confuser .NET RedLine_Stealer_Zero - RedLine stealer
VirusTotal	Search for analysis

Name	aa6a17c2c58b024c_foto0195.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000025051\foto0195.exe
Size	916.5KB
Processes	1188 (oneetx.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`80d4cd48f80cbf795e60255d207e9aa7`
SHA1	`8feee96f63806e87bb7fe76f6971badfb3633689`
SHA256	`aa6a17c2c58b024c88625631ac0731b0b75c8d74d1c0ccb570d926881ade267e`
CRC32	`C7FAABE3`
ssdeep	`24576:jyJS3vv+ctHPiZLs/9qNWXz86E+6tNOSUHEBUd:2wOaHPiZASw8HOO`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Malicious_Library_Zero - Malicious_Library CAB_file_format - CAB archive file PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis