popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 162.0B
Processes 3008 (lamod.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name 4319d25dc7a5fb47_foto124.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000001051\foto124.exe
Size 592.0KB
Processes 3008 (lamod.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a64bb2889b8eb84562c8f850af048d29
SHA1 22f500e9ef82fd20f7f52ce2dfd8c162ffceaeb4
SHA256 4319d25dc7a5fb4765e8c46b77926a2852a63e4425f5ba95f0de040b483837d0
CRC32 1AC7A1DB
ssdeep 12288:kMrTy90yt1tH1XIScd/ooXR+YJKPcTu9RoT35oAqIBWWviKxbVf2q:nyP11YSigqKPFR43qAqIsWaKZVD
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 3e93522cd956f987_lamod.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\a9e2a16078\lamod.exe
Size 206.8KB
Processes 2896 (h6401295.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f61a3f1b017e508ff392edccf60bb09e
SHA1 6b34531f564c2713475b071c768a97823b9a9415
SHA256 3e93522cd956f987ed418ed3fdd8ad1168790d322c655bcf8f833bf3e394b453
CRC32 F0A1113F
ssdeep 3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 79529ca8805359b0_fotod25.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000002051\fotod25.exe
Size 752.5KB
Processes 3008 (lamod.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8ae09634f07084207594fffcad86459a
SHA1 1256382d07f5f94d6d91e04ad07d09e19306c0d0
SHA256 79529ca8805359b0154f3bf53b49a25ce366e91fed274cd7d2d16390fb86d2ed
CRC32 59A18CDD
ssdeep 12288:TMrfy90oBNVSv6KI/AARBD2pvERGkiFtFbEEeRRKDj+FS/ps5Zc1H085:IyPsv6KxuBDvjyzb9eRRsj+FSxa61Uy
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name dbcdc009781edffc_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 3008 (lamod.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a5ed103ec4719a27ab3d3c01dac66f01
SHA1 c830d6980d7edea60568a518eccd36c0bc2a4924
SHA256 dbcdc009781edffc3c4e5234d3d23d26364d6bff47e2e384cffdef148d7b5b36
CRC32 F6CBC3B2
ssdeep 1536:Qo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUQHaB89p:QoUCWbBNpplToUs1uNhj25LJUSaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis