popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 2c1eb42cf7eb0153_lamod.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\a9e2a16078\lamod.exe
Size 205.2KB
Processes 3040 (d4904288.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f003f8171f0d0a860b986869ee666c18
SHA1 6226a15f06b6db8c19c28b4628af0f0bb50dd1c7
SHA256 2c1eb42cf7eb0153a5ce0d39355094fe0a33bd24e68bbf8c7f4b9ed735257e29
CRC32 9CCD1105
ssdeep 3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e9b3ffceba7717ef_y5450570.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP006.TMP\y5450570.exe
Size 193.5KB
Processes 2940 (y8949096.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e085133a6afe514e84a5d5af9d353535
SHA1 a2d88bdac3c39412d1e708dd7ca3fc1473c45d26
SHA256 e9b3ffceba7717ef17bb6cfadf68375b638d46f02ef643f4bcae2bffe02a50e0
CRC32 D45C28E1
ssdeep 3072:Kxy+bnr+O155GWp1icKAArDZz4N9GhbkrNEk1R1yvTyLrFBCUwM1D9Y2yrWoz:Kxy+bnr+2p0yN90QE6kryLrPV1Di2y1
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 54d9bd2e9931dc38_l0309674.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP006.TMP\l0309674.exe
Size 172.1KB
Processes 2940 (y8949096.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a4bc9ce17a741e0d7808a20791575675
SHA1 a452a9ed217070914b9ba459017d611f29260533
SHA256 54d9bd2e9931dc380bdeb47aaa27ff42e7668ce2b2535725a3f313f46b331503
CRC32 BD0EC4C4
ssdeep 1536:h5XZucNjBql36sv0W7T6Z9bHOrHbRxLvE9mBmjM1xNH1YQLzbusqxoqjOF0GkRqt:7XJWbuzo7L84mM1xN+iQOqjOFp8e8hK
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • ConfuserEx_Zero - Confuser .NET
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 162.0B
Processes 2156 (lamod.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name dc9ac97273f2e123_foto164.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000007051\foto164.exe
Size 574.5KB
Processes 2156 (lamod.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bcbb7362406742f49fbaa9ea68500214
SHA1 cd5a71b8aa78a1c8d6cdd2b5ce8667e1ed09886c
SHA256 dc9ac97273f2e123e5b7670458d422b3c25c9dea81dc3adec20ab9743fca9b88
CRC32 275473F1
ssdeep 12288:YMrzy90f9uFSzi+wa+UGPminq7iUtTRhbLSH3svkkgM:ryu+SzWa+UviW1rSH3JkgM
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b03eccb0ec625f70_y9697386.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP004.TMP\y9697386.exe
Size 521.5KB
Processes 2780 (fotod75.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 07c52c2bb9bc4d7ca77cf0f1b05cca99
SHA1 ee97bea8e2b39a43f7dfce629db442ac86778470
SHA256 b03eccb0ec625f7004ba3e6644fc843b474d882836a8661bc389943ccbe4b951
CRC32 82AE3C7F
ssdeep 12288:LMrey90vmdPe95Lt2/NLgtKMKl62G1b0gtk6RTEAsH:RyVdmbt2/Ssdy9FhsH
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name eb31df255a5d1f00_fotod75.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000008051\fotod75.exe
Size 718.0KB
Processes 2156 (lamod.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 30a8084f08315501b2784c96c8819759
SHA1 d7ebd005e9e69b25d84a7b647c1402c7d8550f9b
SHA256 eb31df255a5d1f006a900007c7bb587cf0947ecf190cf9726b1a1d3255c4e740
CRC32 E50E4541
ssdeep 12288:aMruy90cUoJiVWn3Smrbq2/RLgtAMKJ62GuR04tk6mTnAeF75W:IyDz0Qicq2/Oa8a92Ae1w
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name fd8373cfed64d2d5_y8949096.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP005.TMP\y8949096.exe
Size 349.5KB
Processes 2976 (y9697386.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7d9cd7a7379c8ae12fb725834238b0bb
SHA1 7c55fb8f6a5b33ccecb535242161fc6694387c47
SHA256 fd8373cfed64d2d52683bdc6ad5705fbd09037c74a4dfd176e9b5fc18c54f181
CRC32 4FAFFA3D
ssdeep 6144:K/y+bnr+np0yN90QEc8YcqNKFBdx07gtYHFqK1ks2G0dQPTiIpuqpR:5Mrny909YcT4gtQMKus2GbuIN3
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c60f2546c25e3a28_m8121508.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP005.TMP\m8121508.exe
Size 205.2KB
Processes 2976 (y9697386.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 89b32ace3f2f6d1832e3a7eb4a410ecb
SHA1 f28d18cdf99f8e0b5bd26d5225f976c3fcbedb95
SHA256 c60f2546c25e3a289994f5c0d7d7c6414679d70d322f38cbfdcb5c7cff5a6dcc
CRC32 561E5A85
ssdeep 3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a85d16efcede3f93_n4711704.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP004.TMP\n4711704.exe
Size 255.6KB
Processes 2780 (fotod75.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 273851d046d24381496deb3b6f06c3c3
SHA1 44d08c61c6aacb1d3900d0851e956f8d10e68255
SHA256 a85d16efcede3f93b0b73148265ddad40b9a615d4b423147afa6a50c1bcb8135
CRC32 930A0AF0
ssdeep 3072:aikqjqv3csWgviNh3lPGsit42+eL6M0MpZKegBcvu74fxvwXZB:VqxWtHVMpEeFWICZB
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name dbcdc009781edffc_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 2156 (lamod.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a5ed103ec4719a27ab3d3c01dac66f01
SHA1 c830d6980d7edea60568a518eccd36c0bc2a4924
SHA256 dbcdc009781edffc3c4e5234d3d23d26364d6bff47e2e384cffdef148d7b5b36
CRC32 F6CBC3B2
ssdeep 1536:Qo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUQHaB89p:QoUCWbBNpplToUs1uNhj25LJUSaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • IsPE32 - (no description)
VirusTotal Search for analysis