popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 6cc3d443fbe3d1b3_foto164.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000005051\foto164.exe
Size 572.0KB
Processes 3000 (lamod.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1902cac37e821bb6683af2833a93fdcf
SHA1 566cc3616fb92961b1fa55fba2cc83fa44e14c6f
SHA256 6cc3d443fbe3d1b39ddbc7c68739efdc92a8a3814d1682b6546ecdc16e7d4951
CRC32 799F22BE
ssdeep 12288:DMrGy907GTjnvRU2wqUdFDsztX/MhVHE+c9j:ByeGTjnvRW4ztPkE+c9
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ae69a5af6c94b59f_fotod75.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000006051\fotod75.exe
Size 712.5KB
Processes 3000 (lamod.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ddd6c4c754226328829c66300e12d714
SHA1 5866b31d1d0608934e2c0969f7a6cbc05615db30
SHA256 ae69a5af6c94b59f92ab6de2d5b0f53987406addfa96e16944bb4ee07c174cd1
CRC32 AD4CC33E
ssdeep 12288:1Mr2y90UaBAKJX0XJEhgh82wBo24KRpKEaZyBUWMmOUBoMnukjw3:7ywBAKB0XJEhg62wSbDyBWi+Muf
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 162.0B
Processes 3000 (lamod.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name 05ee7e470f3d82db_lamod.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\a9e2a16078\lamod.exe
Size 206.4KB
Processes 2888 (h5145017.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4d9efb7d945628277080c332638a177a
SHA1 2ecae95753377853f94fe235bc2612d35c00aacd
SHA256 05ee7e470f3d82dbf2d1f94cb865cd133e210c6020d188fcced1875249d4ea44
CRC32 8CFC499E
ssdeep 3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name dbcdc009781edffc_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 3000 (lamod.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a5ed103ec4719a27ab3d3c01dac66f01
SHA1 c830d6980d7edea60568a518eccd36c0bc2a4924
SHA256 dbcdc009781edffc3c4e5234d3d23d26364d6bff47e2e384cffdef148d7b5b36
CRC32 F6CBC3B2
ssdeep 1536:Qo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUQHaB89p:QoUCWbBNpplToUs1uNhj25LJUSaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • IsPE32 - (no description)
VirusTotal Search for analysis