popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 11c3e7a62b3e78c6_taskhostclp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000129001\taskhostclp.exe
Size 4.0MB
Processes 2728 (oneetx.exe)
Type MS-DOS executable, MZ for MS-DOS
MD5 3258deefff3ca70f3dfa3e67067ca611
SHA1 a28ec103c22b03f381dd72073cf620b11881b7b7
SHA256 11c3e7a62b3e78c6ec720aea618bf0a3854ad42535f888532c3e206f3724db4c
CRC32 C8370839
ssdeep 98304:kIk6g0kDf8CFjiD+THrrTfmqWAfheTYC521KuM96+/xnVA:3K0skC1k+THrrTf/c5ekwgVA
Yara
  • UPX_Zero - UPX packed file
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • MPRESS_Zero - MPRESS packed file
VirusTotal Search for analysis
Name 67cd8472366ecda8_taskmask.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000127001\taskmask.exe
Size 1.7MB
Processes 2728 (oneetx.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 f8f7c8c4cc25ba49c5b591aab8bfdc04
SHA1 6ed43db5ba58257c1283abfa8a08290ccf896033
SHA256 67cd8472366ecda8a195fc8a44e4747429f8d2e6d8c16d0c15a0e5a500506feb
CRC32 8B389C92
ssdeep 24576:XJKheI128AofpfewMUGeIFtOVkWvhr/qSJ:zIs8AofpfcfFavFz
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9b6b6c5cf8dbafd0_oneetx.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\eb0f58bce7\oneetx.exe
Size 6.5MB
Processes 2568 (taskmaskamd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 89e9bc7a5d97370a0f4a35041a54a696
SHA1 c0e8572f48b2e5f83c39374f4175e35a5e7c2029
SHA256 9b6b6c5cf8dbafd06176a1f8e5a7cf7fc78a5ffb86df627e6de4eb455506b847
CRC32 138AEDE0
ssdeep 196608:3PbBDSjGzSuyKff2j6pdVY3d2dZo2tOuAX+W6+B6VJN1lev:3JKGzXuTwdZdLM+JS
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 79ff7ea339f95a55_rdpcllp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1000128101\rdpcllp.exe
Size 8.4MB
Processes 2728 (oneetx.exe)
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 768200a76def472e675539094047bed9
SHA1 24bc17689541656a8a12902c7f19bd991193ca50
SHA256 79ff7ea339f95a557cec5e39d944118af6c105c29736e448d5aad60368eae5af
CRC32 B066D1F1
ssdeep 196608:feGA0JQYKTrkAXQx6S7Ou1vtYgeW8PQeKLS0MJ9z88O/b3:f3A0JQYKr6tNPYgvRLkHKj3
Yara
  • UPX_Zero - UPX packed file
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • themida_packer - themida packer
VirusTotal Search for analysis
Name 06a994406094dd2c_832866432405
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\832866432405
Size 23.7KB
Processes 2728 (oneetx.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 0d73d21e29ee420445120810ac21a732
SHA1 58a5cdea60a80f774f47125a8a4fbe6bec7a29b0
SHA256 06a994406094dd2c6a39b9b91b70098ef13fcb2e2f0875cdcf5385c89123031a
CRC32 00312197
ssdeep 192:WfJaLyOeTVezoJqNdIheZH18isdgVM/cBhjeEKm3RDNLhMIuYokWYtvwrz6iE3:0JaiPk7vZAq6UhjRpSKoRYUz6iE
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis