popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 6a968d40bcc67423_foto164.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000001051\foto164.exe
Size 590.5KB
Processes 2076 (rugen.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d933846bf9daf3de97aad8bb4f9c882a
SHA1 1697263bad72b5833eb444040f1413e230afec82
SHA256 6a968d40bcc67423cd7f10be0433877466d4686ac83221262a5830c0c3d43788
CRC32 A120B044
ssdeep 12288:AMrcy90pnT6oCdGhVE4JxG41DrEX1Ngsq1CqVI0g5YAeVDfMeoBcmi28V4:syOWoCdQ/xGLX1NNq1Cq2eVZ438K
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 162.0B
Processes 2076 (rugen.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name bda0035b7e69f5a3_fotod75.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000002051\fotod75.exe
Size 749.5KB
Processes 2076 (rugen.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6d61adb574da8badaa27b02f221e61a8
SHA1 2c7980f3650496166978540015534e057e47b741
SHA256 bda0035b7e69f5a396ebe93163c3f81ec201b6a81dfe04852bfed3c3682882cf
CRC32 B42B5893
ssdeep 12288:UMrRy90qzlaDz/8sQrziCq5i7WISRJdK1fA4Uy7qQNJyDs7FpEJ0o5qmrHlJGfZL:lyplEz/DwGi7dGJA1fA4Uyv2SKqmrHah
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 08dabdd0b0fb13d5_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 2076 (rugen.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 83fc14fb36516facb19e0e96286f7f48
SHA1 40082ca06de4c377585cd164fb521bacadb673da
SHA256 08dabdd0b0fb13d5d748daf1173f392aa27eb9943eef78bd29e6a8fa61007a6e
CRC32 7E54004B
ssdeep 1536:Uo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUGNaB89p:UoUCWbBNpplToUs1uNhj25LJU6aB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 0088b6acf6b32637_rugen.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe
Size 205.1KB
Processes 2972 (m9610277.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 87a4b09e0c0c2e982e14857802c71fda
SHA1 69ffac865215dffe1badc04cdb67efa9e2c55768
SHA256 0088b6acf6b326370a5bf3991d4e5e6b3531ae5c69e78e122ab303cf1d2a51ee
CRC32 B76B18D6
ssdeep 3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAIOb2y3xfbT:8kSDAzG1iciuInRexuZAIKj
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis