popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 162.0B
Processes 2388 (oneetx.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name b8c8aedd84c36385_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 2388 (oneetx.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 8451a2c5daa42b25333b1b2089c5ea39
SHA1 700cc99ec8d3113435e657070d2d6bde0a833adc
SHA256 b8c8aedd84c363853db934a55087a3b730cf9dc758dea3dc3a98f54217f4c9d0
CRC32 05D62A3B
ssdeep 1536:Bo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7faB89p:BoUCWbBNpplToUs1uNhj25LJUDaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
VirusTotal Search for analysis
Name caf869582ba1c8bf_fotocr05.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000032051\fotocr05.exe
Size 805.0KB
Processes 2388 (oneetx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e868051155abbe334988bd4365272bb1
SHA1 3779fe3625c8ec60fb33fad74778bdd46c4462b2
SHA256 caf869582ba1c8bf4d06ef9cde0bc1c0cf2aaa8fd5a45a001de3bfdd1c25e960
CRC32 11E5B040
ssdeep 24576:FyeUY7NNSWf3oeNmqa+SEwMgxveAnH6USx:geJ9fYxqaxAAnH
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Malicious_Library_Zero - Malicious_Library
  • CAB_file_format - CAB archive file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name e5d303e354ab773e_oneetx.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\c3912af058\oneetx.exe
Size 966.3KB
Processes 2136 (h4990012.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 5c72d26db38de2cd3210b07e2033f196
SHA1 74735b5cc80f50707d25b07f81458b1586c51410
SHA256 e5d303e354ab773e626d61d3dcf38a776c90bf64b42349d0050a686f0f2b4f0a
CRC32 B24FB896
ssdeep 12288:6tLTyenMEh/rI+Ea4seWbh1/PjsrCe3NsGTzbEr6JeUc/X016JNHJPXFk2LxvTr2:6tieMEe+HeWXjsldP3
Yara
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • ConfuserEx_Zero - Confuser .NET
  • RedLine_Stealer_Zero - RedLine stealer
VirusTotal Search for analysis
Name f1e8ab05cd369fd0_metado.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\a9e2a16078\metado.exe
Size 209.4KB
Processes 176 (m6117018.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a6c19157d62b277bf1e76110a16427e4
SHA1 9918937fe4d21a0fd2d4f060962aa698064339e7
SHA256 f1e8ab05cd369fd03db4f52e3892a57624f9db11ab87d1f276b879b7b2196478
CRC32 DA17622D
ssdeep 3072:meTRJ0kHbnpN23kQKp5XzutZXKGrpeN84LuZAIybiy3xEfbi:FTR2AnpN2wDurXBeBuZAIMEj
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name 6de5d46f7c23f775_foto495.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000031051\foto495.exe
Size 803.0KB
Processes 2388 (oneetx.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e0b08c02a7b63cbdac950bd44495315c
SHA1 cf6667f3fc686847909771bdbc4928de265087b7
SHA256 6de5d46f7c23f775017da7cb331aaf59fb28e82e4e4dc1a370e90bd5219d0f89
CRC32 88093C5E
ssdeep 12288:iMrXy90pifOSpqVTUuyA/OQSOLKD/apUmpXVSfHxheern0EQ3USqAiJ:lymjAuk0/UGcLeunF6USqBJ
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Malicious_Library_Zero - Malicious_Library
  • CAB_file_format - CAB archive file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis