popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 297b6b9e2ea036c3_tmpg691.tmp
Submit file
Filepath c:\users\test22\appdata\local\temp\tmpg691.tmp
Size 183.0KB
Processes 3016 (hl.exe) 1368 (UG1ETGQP.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 7891146df97f3b0147a688206937c662
SHA1 a5c42301f4ba15f666d21acfdf3fe73c37ee2138
SHA256 297b6b9e2ea036c31d6847a448581f7caf185aa92ddbf4ea5fd1a9b5864d55e6
CRC32 D643B1CD
ssdeep 3072:kNAaRp0UPUwUDIkH+wWtai4GlIQZboLRM9ua/aHyvZRqd2it2:kNpbPPULb75GlVbA
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • OS_Name_Check_Zero - OS Name Check Signature
  • OS_Memory_Check_Zero - OS Memory Check
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name bd16fccf20400fb4_screen.jpeg
Submit file
Filepath C:\Users\test22\AppData\Roaming\ScreenShot\screen.jpeg
Size 51.8KB
Processes 1368 (UG1ETGQP.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 d6dd3d6ffe43094e15ab849c5d2621d4
SHA1 dc398dced59c31057bf3c242fdc985ad367d47ec
SHA256 bd16fccf20400fb43e0a28822538963a676b43d95e478f47a2dbe5267323ea34
CRC32 985AB23A
ssdeep 1536:R6ZMx63u1TDlWRSohj9YCtFI+G+lPSp3fGEc2I4i5HG:sZMMe1TBm0C/Id+lPSpwbNHG
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 907ee949c5b33c32_ocrask3y.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\TCDDC40.tmp\OCRASK3Y.exe
Size 920.0KB
Processes 3016 (hl.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 77cce9925d2a039ae38b679b1225e944
SHA1 0c35624875984b439e9c55293db59bd3c40b7b1e
SHA256 907ee949c5b33c327938e4b3d3d6a702e3a2cd7b8d2f9653fb374a54bd586af5
CRC32 AB36C6B1
ssdeep 24576:yC7pJNmgKd6FiifF/BX3ygjdGQ64JDRKM1DpqqjlQVT7+qlrv+Tljdg:jTE4dt/Bnr2g0M1DpqqjlkGqlL+rg
Yara
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis