popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e4034f63d9771f2c_x5569196.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\x5569196.exe
Size 472.5KB
Processes 2748 (AppLaunch.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6c46f8f3a5d4a96d86578b3ff4f3546e
SHA1 19a34c7dc2fc4eb30be21431a832b0aeccf0a401
SHA256 e4034f63d9771f2c40dca331e35682d5a36172d40d3a3ca314bf0622f030c2ff
CRC32 0AB26C2C
ssdeep 6144:K4y+bnr+Tp0yN90QEfIuW7KO+5UaOkEXl5SmbG3k5OWSxVgd9Zdl+LSVzwb75nIV:QMrry90rtm0igNVgjl+LSVMv5KyKaNA
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • CAB_file_format - CAB archive file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 5dc6c9cac1242613_p4zrevvykgounz0.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\P4ZrEvvyKgoUNz0.exe
Size 174.0KB
Processes 2616 (j7547682.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 bb4a547bedfa91cedefebba89a42757a
SHA1 610de690db862a7153ceb9f292e981606595bd09
SHA256 5dc6c9cac124261348c748f6f869474efbec9b6ea55c6b9746c208ca64517865
CRC32 691B5C0A
ssdeep 3072:9C0CdpuI0Ti2228OuI6VGOnDrE08Bins/rpfrJP8e8h6:9CXuI0Ti222DODrE0Md/rpfr5
Yara
  • UPX_Zero - UPX packed file
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • RedLine_Stealer_b_Zero - RedLine stealer
  • ConfuserEx_Zero - Confuser .NET
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name ba2906e239a2a7b5_k0317679.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\k0317679.exe
Size 376.0KB
Processes 2748 (AppLaunch.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 9409e8cc3df429d487c71983ae530c79
SHA1 56f111fa1a21c80fef964439826672fbce797eee
SHA256 ba2906e239a2a7b5a22f710b44f7e334106796d369b89f4c161e9b31167da0dd
CRC32 1703320F
ssdeep 6144:yvViKL/yfYb5B+BO99c0s0ZVtAObghZ4eV2N+kRoyV1Xnk3E9:uV//yfYb5BIQZVtF0Z4eVqjVtkU9
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 67887b3578a673bb_4375vtb45tv8225nv4285n2.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\4375vtb45tv8225nv4285n2.txt
Size 7.2KB
Processes 2616 (j7547682.exe)
Type ASCII text
MD5 80b5db78c12b1d3fbbee6651dd6646a6
SHA1 b9ada0417e38726e3ac10afb1dc4b442176400bd
SHA256 67887b3578a673bbda602a83715d7941fd97eb81fe5f322a1ff083ee01af73bd
CRC32 CFFF8926
ssdeep 96:FnhAj3kDmkHvekc5kG9kqDkjnkk9kMnkTYnKk1wkohpZkTMKk3Ikn2kkqkxIpkmH:Fa6LMLuU
Yara
  • infoStealer_browser_b_Zero - browser info stealer
VirusTotal Search for analysis