popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 0273fec8dd07c348_etc.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\etc.exe
Size 4.4MB
Processes 2560 (VBA65-KB974945-x86-EN.exe)
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 95116828ed6fd6f326e4874e77d55b8c
SHA1 1b30638062e492f914ce896b4217e0549e37f696
SHA256 0273fec8dd07c3485929f50463510ed988a04fc61b198943a7d226dda43b0f73
CRC32 AAE0848B
ssdeep 98304:ylo2EqGgMO5xmqnH6Gt/UgfTteN7Ebe468oLXJ:co2hGBCHHttpfAlEbiJ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name a2157fd6a74f60bd_vba65-kb974945-x86-enu.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\VBA65-KB974945-x86-ENU.exe
Size 1.3MB
Processes 2560 (VBA65-KB974945-x86-EN.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MS CAB-Installer self-extracting archive
MD5 2b2aefe32d1910f3190e857d82cf37c4
SHA1 bee9348071b831b09a70c7adfb8272d4aeb132a4
SHA256 a2157fd6a74f60bd3eecaaafb801ad99acfc35008f51cad1a0d3474aede701a2
CRC32 88F4B234
ssdeep 24576:dRQ+Ak8qFdBbTqOuX7S+J7NVYstyhCCS4+PCBvfOhWHN3r0xYA:du+AHwBbTqOu2+JssfjUfOwtb0xYA
Yara
  • Malicious_Library_Zero - Malicious_Library
  • CAB_file_format - CAB archive file
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 8b0c233a299ab5fa_xclient.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\XClient.exe
Size 71.5KB
Processes 2560 (VBA65-KB974945-x86-EN.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 88cbce26327fe5c2d1a7101c5f871576
SHA1 9e04dbc0caa6272ac05fc2e03dcadb8278e7ba3b
SHA256 8b0c233a299ab5fa670fde9391e7082d27464cabfe6acb9d61fcc170fa4a39d7
CRC32 36ABAC87
ssdeep 1536:3yrIjrQXbP2HCvhP4QCfTERWqbv43Nzhi609IOlzy+Q:egr69n41qbv4dYIO5I
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2628 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis