popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 573e441c5202cf62_{67e35ae0-5cd1-11ee-948e-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67E35AE0-5CD1-11EE-948E-94DE278C3274}.dat
Size 7.0KB
Processes 2612 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 a6a9590844871938a4113c0108e33a24
SHA1 919b9bff590d296543db25d1ef26ecfdfa9cf6ec
SHA256 573e441c5202cf620578d064fc032a472931b94735e71c276dfb5dd8137d756a
CRC32 8453BBD1
ssdeep 48:rdGzm/UXc5lRWBVovLcz+ZFvync5lRWVoYz+yz+sz+TSEzhQkLcz+5vyk:5c4GVovEsFu4WVoM7NduvECh
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name 44e8aa0601fffe82_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2924 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 66dc5782f932fa74_recoverystore.{67e35adf-5cd1-11ee-948e-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{67E35ADF-5CD1-11EE-948E-94DE278C3274}.dat
Size 4.5KB
Processes 2612 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 aca516e3eed92b3ee1981af4b003ba77
SHA1 c41bf55c45c9e61012dba0b945d7b87198228e29
SHA256 66dc5782f932fa74699804f4b6499493e8ca5e5f70ca936b97a699c75c90621c
CRC32 8EAB1103
ssdeep 12:rlfF2LQrEg5+IaCrI0F7+F2trEg5+IaCrI0F7ugQNlTqbaxNWY48NlTqbaxNWYrf:rqc5/1t5/3QNlWrY48NlWrYYE
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name 690e898fd01b69ac_eee.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\eee.exe
Size 3.3MB
Processes 2924 (powershell.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0f188231c29fba40e8b3e76792464cff
SHA1 e231f8e1060915dcb83fcf383ce0c80dbb94b2ea
SHA256 690e898fd01b69ac3eea36ac0bde48295eeb37b85a76ab96368b02dd7ee51615
CRC32 B2583D41
ssdeep 98304:sqNAQ6FGtvX6KN5hBAud6kDjGpUefle0GzDKKD:sqN5u06KN5hZnse0GzJ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • DllRegisterServer_Zero - execute regsvr32.exe
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis