popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 29d80002e186cfa3_h5014516.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\h5014516.exe
Size 966.1KB
Processes 2120 (x1386670.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 1bb24158ded0e2b665827c7ae13dffe0
SHA1 46a23dde1a40b68b8bcc5f9d543fe290f8d673bd
SHA256 29d80002e186cfa320a5820464c2b225654cf0fab80fe0a8828895bbf777424f
CRC32 0613675F
ssdeep 12288:6tLTyenMEh/rI+Ea4seWbh1/PjsrCe3NsGTzbEr6JeUc/X016JNHJPXFk2LxvTr2:6tieMEe+HeWXjsldP3
Yara
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • ConfuserEx_Zero - Confuser .NET
  • RedLine_Stealer_Zero - RedLine stealer
VirusTotal Search for analysis
Name 9a12ed34756b0233_i3964868.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\i3964868.exe
Size 286.4KB
Processes 1476 (NmI5NGQx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bcbbc0da035f957fc43beb70a691ef5c
SHA1 da23e42f32835506448f3f608fbd7229b1508779
SHA256 9a12ed34756b0233db23f9bb8bdf98a4ddb3ab357d9fa18d04a7332e04095081
CRC32 32ED65CA
ssdeep 6144:xDKW1Lgbdl0TBBvjc/nDB/vg5oqwTRRe8qPUnyM:Bh1Lk70TnvjcPhvpHTRFqsb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • UltraVNC_Zero - UltraVNC
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c1f54ef2f218a133_x2563617.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\x2563617.exe
Size 306.0KB
Processes 2120 (x1386670.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9261e4c9d0b0d3dfd9962d43d2279329
SHA1 fe476e97e31c90b0a9ae5ffdcbdfea00bcae35d5
SHA256 c1f54ef2f218a1334ec8a845d48de775e2fcfdf0f7a65da899f0e879040708e1
CRC32 2BCC7FE0
ssdeep 6144:K2y+bnr+2p0yN90QE6tSuQ01bGpw1hngPUS3K8L+qzHmq:WMrOy90avp5Gp8WMYVjJ
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Malicious_Library_Zero - Malicious_Library
  • CAB_file_format - CAB archive file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 2cd7317910c95098_g3946968.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP002.TMP\g3946968.exe
Size 186.6KB
Processes 2164 (x2563617.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 858556b1735359435d20aaf01eaae6f8
SHA1 cc650c4ed115340ef0151d57546f449cad55e767
SHA256 2cd7317910c95098a63fab542081ed9afe48e9a2b6b60fedb5f455b88cf9e9d9
CRC32 ABDE9686
ssdeep 3072:mDKW1LgppLRHMY0TBfJvjcTp5XNSolP1DF3HECsxU6f:mDKW1Lgbdl0TBBvjc/NS61DF3EJU
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • UltraVNC_Zero - UltraVNC
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name d9de90414ddf23d7_x1386670.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\x1386670.exe
Size 750.5KB
Processes 1476 (NmI5NGQx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7798e21850d673a10681cd94d42cf9b1
SHA1 243769506f02a2f57df25f0279f22603a3dc3181
SHA256 d9de90414ddf23d710780f7153996eac80da8a786ba6f301355fd8c95ea4619c
CRC32 894DCE56
ssdeep 12288:WMrny904hS5a0L7j50gZuMcVnyqGfdvlGMt/hLJI1VAj5Km52rbkeAm:1y/hS5J3jOgZ/V+Mz1IAN523kO
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Malicious_Library_Zero - Malicious_Library
  • CAB_file_format - CAB archive file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 72987ad0d900099e_f8338132.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP002.TMP\f8338132.exe
Size 146.0KB
Processes 2164 (x2563617.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 70ef918ef632a925491193ca32071d89
SHA1 eb7b1d334c6f921b937fd56b5738cae5b794c6e1
SHA256 72987ad0d900099eb014740953726fbb4077f475a26ae64cb676ce5e75a97a44
CRC32 D77BFC56
ssdeep 3072:vV+m5cVQmRSx9WCEkEhPW67V8BjVhtZN8e8ht:vj4oihwlVht3
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • ConfuserEx_Zero - Confuser .NET
VirusTotal Search for analysis