popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name aef4998f2e1cbe3a_screen.jpeg
Submit file
Filepath C:\Users\test22\AppData\Roaming\ScreenShot\screen.jpeg
Size 35.8KB
Processes 2888 (XS1WFR6F.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 e0c3ca74b0b06b832fdfcf1bfd03c3c8
SHA1 e86823c3c3866d6acaae47bea473abfbb60b69e6
SHA256 aef4998f2e1cbe3a547285543c8d4c804dfa463c30bb7e7384e5f5dbbdc6c144
CRC32 7C0C90FB
ssdeep 768:RSph1/eeeeenIZ9555Qfs+E/IWop1kg2gPoRgnQjMevmHMLh+R6UZOtthj:RSp7eeeeen/BEXoq9aAcex8MLsQUZOJ
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 6535ba91fcca7174__isdecmp.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-274TJ.tmp\_isetup\_isdecmp.dll
Size 29.7KB
Processes 2804 (6WCKE74G.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 fd4743e2a51dd8e0d44f96eae1853226
SHA1 646cef384e949aaf61e6d0b243d8d84ab04e79b7
SHA256 6535ba91fcca7174c3974b19d9ab471f322c2bf49506ef03424517310080be1b
CRC32 62E04312
ssdeep 768:84NHPfHCs6GNOpiM+RFjFyzcN23AEoSXMYisio:8anvc+R9F4s8BoaMYi2
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 948ce4952f2ae39a_tmpg843.tmp
Submit file
Filepath c:\users\test22\appdata\local\temp\tmpg843.tmp
Size 183.0KB
Processes 2540 (eCVXk3pYsYhZNlI.exe) 2888 (XS1WFR6F.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 1a17a64471057ab792f756874114d241
SHA1 6b444a2854eaa58a69058e1b906d9145729d1cd0
SHA256 948ce4952f2ae39a5db002acaebba5deb54fa5742d69977dc0bb087d2ab2e2a9
CRC32 41EE5999
ssdeep 3072:nYn5jsoUdPukH+LGP34ouKerVUzeeDXbwa21D59ua/aHyvZRqd2iT:nYnJsoU42bwv
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • OS_Name_Check_Zero - OS Name Check Signature
  • OS_Memory_Check_Zero - OS Memory Check
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 3bb0ee5569fe5453_6wcke74g.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-PJ43B.tmp\6WCKE74G.tmp
Size 702.5KB
Processes 2756 (6WCKE74G.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1afbd25db5c9a90fe05309f7c4fbcf09
SHA1 baf330b5c249ca925b4ea19a52fe8b2c27e547fa
SHA256 3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c
CRC32 811A0355
ssdeep 12288:XqIRz+f+ui8TrPO37fzH4A63RRwDFtuXUZERmhrNh4dT9TaC+IGNbDtQPuFyxyR:aIZg+uiirPO37fzH4A6haDbcUZEbdT9+
Yara
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 7d0de3affd571f87_6wcke74g.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\TCDD8B2.tmp\6WCKE74G.exe
Size 4.5MB
Processes 2540 (eCVXk3pYsYhZNlI.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a569e3a707a4e8e94fad9403f17f37d4
SHA1 ccca7f477caaf7177b37b3d74520f3d547ef1608
SHA256 7d0de3affd571f870d2979a73ff6f6a02df4970c271453da2c4b523e5a86939e
CRC32 C65D43B4
ssdeep 98304:ZRZeqHJhV+6VD2r53srRjILoeChV+6VD2r53srRjILo9y1X:7ZfHpTM3qptTM3qpVyB
Yara
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • mzp_file_format - MZP(Delphi) file format
VirusTotal Search for analysis
Name 388a796580234efc__setup64.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-274TJ.tmp\_isetup\_setup64.tmp
Size 6.0KB
Processes 2804 (6WCKE74G.tmp)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
CRC32 2CDCC338
ssdeep 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis