Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	7d8f216ba04419aa_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size	89.0KB
Processes	3052 (danke.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`dc587d08b8ca3cd62e5dc057d41a966b`
SHA1	`0ba6a88377c74a0c53b956d405ad17dd5f8c4164`
SHA256	`7d8f216ba04419aae32d5902449a0c5271ed577c722e582fb42e7d43b3b08426`
CRC32	`3DE69A89`
ssdeep	`1536:eo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUiOfaB89p:eoUCWbBNpplToUs1uNhj25LJUpaB89p`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b21d69386a427376_danke.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe
Size	230.3KB
Processes	2944 (b6900950.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b42a05253c227b17b548eeb2c31a13bc`
SHA1	`ae2cf05c7440df5628cd907487d8828362ff1125`
SHA256	`b21d69386a42737601187d25fdaa345041ba9acb056779ee46873bd02d03f1e7`
CRC32	`B1A5786C`
ssdeep	`3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7fe94c48a9c6e030_foto135.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000038051\foto135.exe
Size	390.0KB
Processes	3052 (danke.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3310ccf8b23d223563e5d23d52ce7ef4`
SHA1	`7a40b4944e1ea176716997a60c2cb220574582d6`
SHA256	`7fe94c48a9c6e030a2c3009706d2ec2490126898d6b5b27988b244008ddbd5dc`
CRC32	`8F102C59`
ssdeep	`6144:KLy+bnr+Up0yN90QE82OcE5cSME1gueoBXEyxdS0i1S6xo8NG:BMrgy90525SE1My+0i1Hq`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_raman.exe Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\1000041051\raman.exe
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	fce10fa402dd4e21_y8069687.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\y8069687.exe
Size	235.0KB
Processes	812 (fotod25.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a1758da74e92d71fbceddcfd95580215`
SHA1	`ec5e9fad420ed60b5141a15f58adf326fba2c6d2`
SHA256	`fce10fa402dd4e21df68daa2b04f5ed80b6ca25b1ab658b753cbf91a5d791133`
CRC32	`BAA4A95E`
ssdeep	`6144:Kiy+bnr+xp0yN90QEqhQmyJXNcrGFySYCcHnlRHw1:SMrdy90cC+rGYYcHnl92`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet IsPE32 - (no description)
VirusTotal	Search for analysis

Name	737a4e3c0bc536fd_an.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000040051\an.exe
Size	614.0KB
Processes	3052 (danke.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`ca3617108aedb1c053c7ddde6e23419d`
SHA1	`1a211c1700ebca4765c29624b30311a552f2c042`
SHA256	`737a4e3c0bc536fddc9f55099a01736da0b5ecb543d62b55ec3f29650a1305d8`
CRC32	`3C3CC29A`
ssdeep	`12288:uiFy90BNN/yMuQ0oqysKxi6dQMZR2uCVbVgeZs6K/w/GdfWpQ:uOyuNN/r4ApnZMgeNK/YE+pQ`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	b701233a90eb40ef_fotod25.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000039051\fotod25.exe
Size	390.5KB
Processes	3052 (danke.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`14973ef672959f345460a5024056601e`
SHA1	`cc2fe30b79f704ee9e5291f5c10120087a961d76`
SHA256	`b701233a90eb40efdc1674b44ea63adcedb16ba50474cbe26d12badaaed546c0`
CRC32	`84827740`
ssdeep	`6144:K4y+bnr+Mp0yN90QEq9JFaLJXikWsjZNcKB/l0Z02pRhvmfFCcHnlRHqPlclaJiO:UMrUy90Y9ba9RApRxmAcHnl9Sj`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet IsPE32 - (no description)
VirusTotal	Search for analysis

Name	31a482abc7176d52_n3861378.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\n3861378.exe
Size	174.5KB
Processes	812 (fotod25.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8d76746abb0d846b91c061a2ff188305`
SHA1	`8da649e38c4c8c9aac65db317e021ad86ec44e12`
SHA256	`31a482abc7176d52ee0ff35bbd8685899f18e75cb3166a39392e9a85f4af172f`
CRC32	`0BCD394B`
ssdeep	`1536:KV2UC336sv0W7T6sa3rHKijuAvDH8VQkxN2ZYQX3buhmweS4rN30GkR/8e8hV:+2l1xPiS6UQkxNlCpwT4rN388e8hV`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check MALWARE_Win_VT_RedLine - Detects RedLine infostealer Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) RedLine_Stealer_b_Zero - RedLine stealer PE_Header_Zero - PE File Signature ConfuserEx_Zero - Confuser .NET IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4b5607fa60b2861a_outsidevariety.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP005.TMP\outsidevariety.exe
Size	745.0KB
Processes	2376 (an.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`87433094ddb8788a577bfad17f915566`
SHA1	`d93f70812a8125ed71d8193226000818a68a34b1`
SHA256	`4b5607fa60b2861afdd18fc382977f3e803dc1a86aba1fabd2dc9055fc45b8ba`
CRC32	`3CACB809`
ssdeep	`12288:kp6GSHRKDc8CcUhXf10XcQsvkAWBlPlnLndWnJIugqRMeCBNUu:kpwKCccPMnRWnQ3eCBNUu`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	38c69e3f9f3927f8_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size	272.0B
Processes	3052 (danke.exe)
Type	HTML document, ASCII text
MD5	`d867eabb1be5b45bc77bb06814e23640`
SHA1	`3139a51ce7e8462c31070363b9532c13cc52c82d`
SHA256	`38c69e3f9f3927f8178d55cde9774a2b170c057b349b73932b87b76499d03349`
CRC32	`EAC0AFAB`
ssdeep	`6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knaoyjEcXaoD:J0+oxBeRmR9etdzRxGezH0qaQma+`
Yara	None matched
VirusTotal	Search for analysis

Name	a7f826d972f25aa4_outsiidevariety.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IXP005.TMP\outsiidevariety.exe
Size	743.5KB
Processes	2376 (an.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`6c508340a53730fb400c4136d47e1bda`
SHA1	`32933aec8a8bdf863482ecae95ea016f61824c6d`
SHA256	`a7f826d972f25aa4f3f047cd2380c0fe4b91904340a2ae64081c06be344010eb`
CRC32	`93BAC048`
ssdeep	`12288:HxCYoBjySRcVv89269Q6HKgqRMeCBNUrhCj:noBeSmol3eCBNUrhCj`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis