popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 893.0B
Processes 2300 (U8I6SRP5.exe)
Type data
MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32 1C31685D
ssdeep 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
Yara None matched
VirusTotal Search for analysis
Name 90c12a07cdeefb92_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 252.0B
Processes 2300 (U8I6SRP5.exe)
Type data
MD5 d141f5b704f050643cf5ec9a18b2241e
SHA1 01b6c945ba2432c1cc5e57d5721cc25dc29e6ebd
SHA256 90c12a07cdeefb92c0dce280a10b4270f1bbdbad1f9978f8d441412f5128309c
CRC32 CF230986
ssdeep 3:kkFklXfllXlE/zwEkhlHllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8VbAl7zt:kKnwrlXliBAIdQZV7IpAhx
Yara None matched
VirusTotal Search for analysis
Name 6237f78756d23757_screen.jpeg
Submit file
Filepath C:\Users\test22\AppData\Roaming\ScreenShot\screen.jpeg
Size 50.7KB
Processes 2300 (U8I6SRP5.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 67c0c9bc80e583432b87d096fdc18016
SHA1 d99e36f4879eb25169f5e0917662620684ef40bb
SHA256 6237f78756d2375795b2cb2dc3c2508e895f3bc4e622fbaa8cc5ecf119e3e65e
CRC32 2865F6D7
ssdeep 1536:Ro4f3uq8FozDlXTHGChLfwh+Hp7Uw+jAsHKh:y0eqOClXjGCt5pgrjAsqh
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 4b145824b7d8925d_tmpg156.tmp
Submit file
Filepath c:\users\test22\appdata\local\temp\tmpg156.tmp
Size 183.0KB
Processes 1268 (XZJ7pcVdxODBwEr.exe) 2300 (U8I6SRP5.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 2c8e90b3989b19958a8df9c2d818a620
SHA1 1dee9070d8c417662fce9e7269b529603e6c508b
SHA256 4b145824b7d8925df8648316b35a8270a236517b0bbe23c879205901fb1af8ca
CRC32 E909FF2C
ssdeep 3072:yoFjqqzUzOskH+LGP34oCKerVUzeeDXbwa21DB9ua/aHyvZRKd2if:yoFjfzU3Sbwv
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • OS_Name_Check_Zero - OS Name Check Signature
  • OS_Memory_Check_Zero - OS Memory Check
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 61f773a2a1fb03a5_ckm6blna.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\{C89BF6CD-5599-48E1-B3A7-201639899E70}\CKM6BLNA.exe
Size 2.2MB
Processes 1268 (XZJ7pcVdxODBwEr.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6b6abd6e1b566069fdc82028dac5f651
SHA1 1f6f6d90f1a1f33388078a3c8e764f62914de9ef
SHA256 61f773a2a1fb03a550eb850f04832f55cc0ac5b7054bf3e30a15fea5890c38a9
CRC32 D423B94A
ssdeep 49152:EEDeT89WPRvK4ca+M0YGsXK5iD11p1Qyp8/wN5TRtc1mCo2xyg4rThZeYBp:GT89WPg4c20b5iDN1Qyp8/wbcY72xygw
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • Network_Downloader - File Downloader
  • IsPE32 - (no description)
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis