popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 00f972eb3d4d2fac_rugen.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe
Size 205.0KB
Processes 2620 (g2775020.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 835f1373b125353f2b0615a2f105d3dd
SHA1 1aae6edfedcfe6d6828b98b114c581d9f15db807
SHA256 00f972eb3d4d2fac05c10c0e6e212cf096b4142b5b5075b29c6c100d51432cd4
CRC32 B342F64B
ssdeep 3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAIOb2y3xfbT:8kSDAzG1iciuInRexuZAIKj
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name 340c8464c2007ce3_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 162.0B
Processes 2740 (rugen.exe)
Type HTML document, ASCII text, with CRLF line terminators
MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
CRC32 CC58D737
ssdeep 3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
Yara None matched
VirusTotal Search for analysis
Name 7b643ec3d33872a7_fotod85.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000013051\fotod85.exe
Size 583.5KB
Processes 2740 (rugen.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1b434201661bf03643dee979e896d283
SHA1 941cf9cb86abadddf2d665a1ce6f5671ef0cec94
SHA256 7b643ec3d33872a72a542d9e2af7fcee3b7e7501b4f6bc9fe58ae67beaf5b68a
CRC32 96E3EA65
ssdeep 12288:QMrEy90EQm0q5sj0eKN+/AoL+xuay7EijVPzuIAWIZO8Kpw2zJI:EyL54g+RyA48VPIOtpw2zJI
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 08dabdd0b0fb13d5_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 2740 (rugen.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 83fc14fb36516facb19e0e96286f7f48
SHA1 40082ca06de4c377585cd164fb521bacadb673da
SHA256 08dabdd0b0fb13d5d748daf1173f392aa27eb9943eef78bd29e6a8fa61007a6e
CRC32 7E54004B
ssdeep 1536:Uo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUGNaB89p:UoUCWbBNpplToUs1uNhj25LJU6aB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name c0c6c93a0c9c04fe_foto166.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000012051\foto166.exe
Size 573.0KB
Processes 2740 (rugen.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5588669e4aad613744e9d61d340fd20d
SHA1 77bbb6921cfff9f4ff5d19a586c8db26b04ff03a
SHA256 c0c6c93a0c9c04fe71cf26e55f2aa62499eaaa9aaba087e1b8ba90e27fc15ebd
CRC32 0BDEFC8D
ssdeep 12288:5Mrby90Ae4RA4E6OybBpS4UhY/HBfx072pJVF5H:2y8obPS4iCdeap/
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis