popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\a091ec0a6e2227\cred64.dll
Size 162.0B
Processes 2200 (legends.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name 477252e3531300fe_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\a091ec0a6e2227\clip64.dll
Size 89.0KB
Processes 2200 (legends.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 73c0c85e39b9a63b42f6c4ff6d634f8b
SHA1 efb047b4177ad78268f6fc8bf959f58f1123eb51
SHA256 477252e3531300fe2a21a679fba3664803179e91a1a4d5dd44080dbd41126368
CRC32 ECB61B6E
ssdeep 1536:Ao4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUDpaB89p:AoUCWbBNpplToUs1uNhj25LJUVaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
VirusTotal Search for analysis
Name 6c5cff0045168007_kds7uq5kknv.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000028001\kds7uq5kknv.exe
Size 2.0MB
Processes 2200 (legends.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 433dbed8a7afbf15bfee967c63a50769
SHA1 858e1279c2f6a47051eb963012099d11d60a881d
SHA256 6c5cff00451680070af8daca0a59ee6a6f467f6b3152f60de6cec6cdcb9cf601
CRC32 72014A56
ssdeep 12288:8+GMPjZBXBlm7PRfbjn9pmhpeXN9wqdOlt:VP7QPRz/mhpK4
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 882a3074a09b253e_legends.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\41bde21dc7\legends.exe
Size 964.3KB
Processes 2116 (s8328851.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 4f8ad4fd693c035a650968dc087696a1
SHA1 c63addb241a9f663ac32357b317ac538ab851f7f
SHA256 882a3074a09b253e5dcc5039a78b41bf1cbf966c11afbf578b865e763a1beef3
CRC32 8A188774
ssdeep 12288:7jMPHYYxLyeU0b/ZOsIu1kRz0WkZLhXxRb1L7PkPXZ3wQcIKPBz6VXclRM6f3tya:fMP3XjvIpOLdRPIiL5
Yara
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • ConfuserEx_Zero - Confuser .NET
  • RedLine_Stealer_Zero - RedLine stealer
VirusTotal Search for analysis