popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7d8f216ba04419aa_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 2456 (danke.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dc587d08b8ca3cd62e5dc057d41a966b
SHA1 0ba6a88377c74a0c53b956d405ad17dd5f8c4164
SHA256 7d8f216ba04419aae32d5902449a0c5271ed577c722e582fb42e7d43b3b08426
CRC32 3DE69A89
ssdeep 1536:eo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUiOfaB89p:eoUCWbBNpplToUs1uNhj25LJUpaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9bfdd948e34eb875_foto175.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000010051\foto175.exe
Size 514.2KB
Processes 2456 (danke.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 c38f4415878d0b8402c1dd09c6abea01
SHA1 1f32fcc4190cac2e8fda52256e16b450a5b1b636
SHA256 9bfdd948e34eb87568b51dde66b7d378236d75bc4520be9ca7d93f2f5630b61a
CRC32 8E775FBB
ssdeep 12288:X2YuOz47gyW/G3/9p0knQh/U2wfr8hw20cwwmN6Yuj:0047gAwkn0rm/9ymAYuj
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 2e24fb0526abe3b6_y3346153.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP002.TMP\y3346153.exe
Size 261.5KB
Processes 2236 (fotod45.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1467bca0d6d83f3947ed773ab71d66bf
SHA1 adfe988b7e2400289dc9282b2ba8b3a6578fda57
SHA256 2e24fb0526abe3b65aa68d1c673d46de17e7c7381a89f322d0aa48826eafce1e
CRC32 5B7FEF91
ssdeep 6144:KWy+bnr+Ep0yN90QEh9blmgKX5V+WlzjSjp1im8mk3G:GMrwy907o/+WYjS2k3G
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 850cd190aaeebcf1_i6882480.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\i6882480.exe
Size 11.0KB
Processes 1976 (foto175.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 7e93bacbbc33e6652e147e7fe07572a0
SHA1 421a7167da01c8da4dc4d5234ca3dd84e319e762
SHA256 850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38
CRC32 C025CC12
ssdeep 96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
Yara
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 698ec58985aceba1_y3022941.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\y3022941.exe
Size 261.5KB
Processes 2640 (fotod45.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 66ac9874c793d82a0d91e6feeb75acca
SHA1 de427fcf2fff90becb368a3a4eb5219d9218f319
SHA256 698ec58985aceba171d791ed00ca6b8623f0ddfb6755aa4c60b03ef7621534d9
CRC32 DC5E6B5D
ssdeep 6144:K/y+bnr+Tp0yN90QEm22lk5rnixMFAVBzd:xMrby904226NnBAVBzd
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 8814c03faf2e21fe_fotod45.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000011051\fotod45.exe
Size 538.2KB
Processes 2456 (danke.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 a5a637aa95392602415a3ced8c9ca44c
SHA1 ba9cc2465a73084172feb7a05390b22df17ad0c4
SHA256 8814c03faf2e21fea5d7ff6639e96db4b3a9ddc9917f1ebfbfa7e0e1e5b57542
CRC32 11241381
ssdeep 12288:VU83Lz47Zd/hAgGX9ggCUcH2lNPlspBuoe:R/47igA9StH2lNdsa3
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name bd81dce5aac18649_f4388758.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\f4388758.exe
Size 266.2KB
Processes 1616 (x6385145.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 71d33186be08424afef926e3f2d4f9d8
SHA1 557eec28464ce6098ed54eaa11a2713451c66980
SHA256 bd81dce5aac18649f36705e1269ff9159acf4e44d9bfa656371d9ae92b9ad9a3
CRC32 FC439787
ssdeep 3072:e8+iOHMwew7+picM/CsVVct+Z7bYH9jqyo/QnfzKX+9MByRtq9Lxfx:e8vOswD7vVVctqoDo/QnfzKv2tq9L
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a3d537760a800714_x6385145.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\x6385145.exe
Size 319.5KB
Processes 1976 (foto175.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 00540fef0335a4de61ce52fd06233725
SHA1 a5a7674f95f085dcbdfe709c607cea840debc3e7
SHA256 a3d537760a800714c8016b95a27353facaa85197c823b7110d206ae39dacdef6
CRC32 E55B36FB
ssdeep 6144:Kvy+bnr+Kp0yN90QEvSWV3ZwpwtYU3meSOvG8LC4J2L/YzvU+Wlh7CI:VMriy901SWlZwpwzWRaHLdY/yU+fI
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 4e1377f9874f333d_n9579444.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\n9579444.exe
Size 224.0KB
Processes 2640 (fotod45.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8c6b79ec436d7cf6950a804c1ec7d3e9
SHA1 4a589d5605d8ef785fdc78b0bf64e769e3a21ad6
SHA256 4e1377f9874f333dcb0b1b758e3131949e667fc39aadf3091e4e3b7cdbaeef1d
CRC32 4B6E1BAE
ssdeep 3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 38c69e3f9f3927f8_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 272.0B
Processes 2456 (danke.exe)
Type HTML document, ASCII text
MD5 d867eabb1be5b45bc77bb06814e23640
SHA1 3139a51ce7e8462c31070363b9532c13cc52c82d
SHA256 38c69e3f9f3927f8178d55cde9774a2b170c057b349b73932b87b76499d03349
CRC32 EAC0AFAB
ssdeep 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knaoyjEcXaoD:J0+oxBeRmR9etdzRxGezH0qaQma+
Yara None matched
VirusTotal Search for analysis
Name 90ccd84f28e4dd03_du.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000012051\du.exe
Size 30.0KB
Processes 2456 (danke.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 35a15fad3767597b01a20d75c3c6889a
SHA1 eef19e2757667578f73c4b5720cf94c2ab6e60c8
SHA256 90ccd84f28e4dd03fb70b8739c4636acbcf8a030404b5a24264afd1acd09ecbc
CRC32 15C40371
ssdeep 384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW
Yara
  • win_smokeloader_auto - Detects win.smokeloader.
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis