popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7d8f216ba04419aa_clip64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size 89.0KB
Processes 3052 (danke.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dc587d08b8ca3cd62e5dc057d41a966b
SHA1 0ba6a88377c74a0c53b956d405ad17dd5f8c4164
SHA256 7d8f216ba04419aae32d5902449a0c5271ed577c722e582fb42e7d43b3b08426
CRC32 3DE69A89
ssdeep 1536:eo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUiOfaB89p:eoUCWbBNpplToUs1uNhj25LJUpaB89p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b21d69386a427376_danke.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe
Size 230.3KB
Processes 2944 (b6900950.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b42a05253c227b17b548eeb2c31a13bc
SHA1 ae2cf05c7440df5628cd907487d8828362ff1125
SHA256 b21d69386a42737601187d25fdaa345041ba9acb056779ee46873bd02d03f1e7
CRC32 B1A5786C
ssdeep 3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 7fe94c48a9c6e030_foto135.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000038051\foto135.exe
Size 390.0KB
Processes 3052 (danke.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3310ccf8b23d223563e5d23d52ce7ef4
SHA1 7a40b4944e1ea176716997a60c2cb220574582d6
SHA256 7fe94c48a9c6e030a2c3009706d2ec2490126898d6b5b27988b244008ddbd5dc
CRC32 8F102C59
ssdeep 6144:KLy+bnr+Up0yN90QE82OcE5cSME1gueoBXEyxdS0i1S6xo8NG:BMrgy90525SE1My+0i1Hq
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_raman.exe
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\1000041051\raman.exe
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name fce10fa402dd4e21_y8069687.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP003.TMP\y8069687.exe
Size 235.0KB
Processes 812 (fotod25.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a1758da74e92d71fbceddcfd95580215
SHA1 ec5e9fad420ed60b5141a15f58adf326fba2c6d2
SHA256 fce10fa402dd4e21df68daa2b04f5ed80b6ca25b1ab658b753cbf91a5d791133
CRC32 BAA4A95E
ssdeep 6144:Kiy+bnr+xp0yN90QEqhQmyJXNcrGFySYCcHnlRHw1:SMrdy90cC+rGYYcHnl92
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 737a4e3c0bc536fd_an.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000040051\an.exe
Size 614.0KB
Processes 3052 (danke.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ca3617108aedb1c053c7ddde6e23419d
SHA1 1a211c1700ebca4765c29624b30311a552f2c042
SHA256 737a4e3c0bc536fddc9f55099a01736da0b5ecb543d62b55ec3f29650a1305d8
CRC32 3C3CC29A
ssdeep 12288:uiFy90BNN/yMuQ0oqysKxi6dQMZR2uCVbVgeZs6K/w/GdfWpQ:uOyuNN/r4ApnZMgeNK/YE+pQ
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name b701233a90eb40ef_fotod25.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000039051\fotod25.exe
Size 390.5KB
Processes 3052 (danke.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 14973ef672959f345460a5024056601e
SHA1 cc2fe30b79f704ee9e5291f5c10120087a961d76
SHA256 b701233a90eb40efdc1674b44ea63adcedb16ba50474cbe26d12badaaed546c0
CRC32 84827740
ssdeep 6144:K4y+bnr+Mp0yN90QEq9JFaLJXikWsjZNcKB/l0Z02pRhvmfFCcHnlRHqPlclaJiO:UMrUy90Y9ba9RApRxmAcHnl9Sj
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 31a482abc7176d52_n3861378.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP003.TMP\n3861378.exe
Size 174.5KB
Processes 812 (fotod25.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 8d76746abb0d846b91c061a2ff188305
SHA1 8da649e38c4c8c9aac65db317e021ad86ec44e12
SHA256 31a482abc7176d52ee0ff35bbd8685899f18e75cb3166a39392e9a85f4af172f
CRC32 0BCD394B
ssdeep 1536:KV2UC336sv0W7T6sa3rHKijuAvDH8VQkxN2ZYQX3buhmweS4rN30GkR/8e8hV:+2l1xPiS6UQkxNlCpwT4rN388e8hV
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • RedLine_Stealer_b_Zero - RedLine stealer
  • PE_Header_Zero - PE File Signature
  • ConfuserEx_Zero - Confuser .NET
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 4b5607fa60b2861a_outsidevariety.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP005.TMP\outsidevariety.exe
Size 745.0KB
Processes 2376 (an.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 87433094ddb8788a577bfad17f915566
SHA1 d93f70812a8125ed71d8193226000818a68a34b1
SHA256 4b5607fa60b2861afdd18fc382977f3e803dc1a86aba1fabd2dc9055fc45b8ba
CRC32 3CACB809
ssdeep 12288:kp6GSHRKDc8CcUhXf10XcQsvkAWBlPlnLndWnJIugqRMeCBNUu:kpwKCccPMnRWnQ3eCBNUu
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 38c69e3f9f3927f8_cred64.dll
Submit file
Filepath C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size 272.0B
Processes 3052 (danke.exe)
Type HTML document, ASCII text
MD5 d867eabb1be5b45bc77bb06814e23640
SHA1 3139a51ce7e8462c31070363b9532c13cc52c82d
SHA256 38c69e3f9f3927f8178d55cde9774a2b170c057b349b73932b87b76499d03349
CRC32 EAC0AFAB
ssdeep 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knaoyjEcXaoD:J0+oxBeRmR9etdzRxGezH0qaQma+
Yara None matched
VirusTotal Search for analysis
Name a7f826d972f25aa4_outsiidevariety.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP005.TMP\outsiidevariety.exe
Size 743.5KB
Processes 2376 (an.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 6c508340a53730fb400c4136d47e1bda
SHA1 32933aec8a8bdf863482ecae95ea016f61824c6d
SHA256 a7f826d972f25aa4f3f047cd2380c0fe4b91904340a2ae64081c06be344010eb
CRC32 93BAC048
ssdeep 12288:HxCYoBjySRcVv89269Q6HKgqRMeCBNUrhCj:noBeSmol3eCBNUrhCj
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis