popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 088a5d04f2f6d682_eljgycclue.dat.3
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\eljgycclue.dat.3
Size 5.2MB
Processes 2544 (fotha0925877.exe)
Type data
MD5 a452946137958e0cee844310f9e9fa7c
SHA1 8cf21ae4d1d764154048a02fb49412ef94094485
SHA256 088a5d04f2f6d6820bf1a6a390d9c0e00f88896c932848f0c97912b861479bb9
CRC32 4F5D2171
ssdeep 49152:WFlKjoqMGbkf8XfH2cvoJ7JdCrM5faRYZs9rri9/F0U2cRP8JF9zdP+T1E6gpPyV:WFlJqM48QunJ7JkA5faRO/06EnRyI
Yara
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 4dc2333d6853b100_uaocjextja
Submit file
Filepath C:\ProgramData\wyMwestbtU\uaoCJextJa
Size 953.9KB
Processes 2664 (faehelyy.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 14fc3bd3d72aa309a5fb6f4e769d0caf
SHA1 6419348777e683d6c44764cb2e039826802efc55
SHA256 4dc2333d6853b10046802d22a501b6ed7fd55a74b3a89a58d8a7cec675da03ea
CRC32 CF5F826B
ssdeep 24576:51oHkqOov1EOe+D6wlmmpbyadKiVYOMw5riPKy8:5hqhTKi72PKH
Yara None matched
VirusTotal Search for analysis
Name e7a8298e3bbb92b3_gfpyuhvgk.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\gfpyuhvgk.dat
Size 1.3MB
Processes 2544 (fotha0925877.exe)
Type PE32+ executable (DLL) (native) x86-64, for MS Windows
MD5 60051b6744a21a75caa38d2fa827769f
SHA1 e93fa399353895d3a767a13acb1636f7a6653d94
SHA256 e7a8298e3bbb92b3fe0e8f9992f5cc49222aa3d643ad91235f21e3cfc69d76d7
CRC32 25FC4397
ssdeep 24576:S05kqQ9u9v1QnFzlh769DDmmZgoCnqLCPryedV5u50HCPg8bc:F5FQM9+njhu93mmO7qGryed/uHM
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 097269aaafa2ce86_hynnfplam
Submit file
Filepath C:\ProgramData\wyMwestbtU\hynNFPLAm
Size 11.9KB
Processes 2664 (faehelyy.exe)
Type data
MD5 588ba934c7c906829c152b26c166b98c
SHA1 95df9d964201f1658207e20bd034034c511691e3
SHA256 097269aaafa2ce868ed73c7ff61a12768ca8d524e43bfad95771427607023197
CRC32 E01AF137
ssdeep 192:iNALoVi33sqJh+Zf3Qo3BSlzt+nmhDqct7UvQtHH/bSoOARpxv+HeAkDH9YbBUDv:iaoViHbJI3Qo3E3+nm0cJUvMnTZRbvgc
Yara None matched
VirusTotal Search for analysis
Name 657d9ec982972a18_uknealjyatp.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uknealjyaTP.lnk
Size 499.0B
Processes 2664 (faehelyy.exe)
Type MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Normal, ctime=Fri Oct 6 03:02:39 2023, mtime=Fri Oct 6 03:02:39 2023, atime=Fri Oct 6 03:02:39 2023, length=0, window=hidenormalshowminimized
MD5 be3ee830c31e9269497abfff6bf5a473
SHA1 84be12afeb54cf2e4558025b86e64ba2f4e9730a
SHA256 657d9ec982972a1868bf00a877dedbe93fc639866789207b3bda83a7fe9b9d5f
CRC32 95E21E23
ssdeep 12:8QsV+5Z5ZHROB1YAG2e+s0mQxIZYJ4E/VjtEMbZEZztHxKSo:8B+XXaG2TIZYJ4E/VjtxKZZo
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 08f271887ce94707_eljgycclue.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\eljgycclue.dat
Size 1.0B
Processes 2544 (fotha0925877.exe)
Type very short file (no magic)
MD5 69691c7bdcc3ce6d5d8a1361f22d04ac
SHA1 c63ae6dd4fc9f9dda66970e827d13f7c73fe841c
SHA256 08f271887ce94707da822d5263bae19d5519cb3614e0daedc4c7ce5dab7473f1
CRC32 DA6FD2A0
ssdeep 3:o:o
Yara None matched
VirusTotal Search for analysis
Name c88026e200b77e68_bybwrwgaelm.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\bybwrwgaelm.bat
Size 136.0B
Processes 2544 (fotha0925877.exe)
Type ASCII text
MD5 24e177fc30f4073048f402d717a7f147
SHA1 64148c0fcb1e5b9fef789e11eb9d7590b99b59e7
SHA256 c88026e200b77e68615cbfbcae61bd52cba7b68bc8a3fc4284c5556fc9a27530
CRC32 9D27435A
ssdeep 3:2NKVmBCuQAOWA0uQAOHNuQAOf70uQAOhk7k4GeZB9UA:GBwSNfJfH0fYn
Yara None matched
VirusTotal Search for analysis
Name 4ebc21177ee9907f_eljgycclue.dat.2
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\eljgycclue.dat.2
Size 33.0B
Processes 2544 (fotha0925877.exe)
Type data
MD5 500ba63e2664798939744b8a8c9be982
SHA1 54743a77e4186cb327b803efb1ef5b3d4ac163ce
SHA256 4ebc21177ee9907f71a1641a0482603ced98e9d43389cac0ffb0b59f7343eeba
CRC32 154DF2B5
ssdeep 3:dqt/vll:dq
Yara None matched
VirusTotal Search for analysis
Name 39561f8af0341379_eljgycclue.dat.1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\eljgycclue.dat.1
Size 3.0B
Processes 2544 (fotha0925877.exe)
Type Non-ISO extended-ASCII text, with no line terminators
MD5 158b365b9eedcfaf539f5dedfd82ee97
SHA1 529f5d61ac99f60a8e473368eff1b32095a3e2bf
SHA256 39561f8af034137905f14ca7fd5a2c891bc12982f3f8ef2271e75e93433ffa90
CRC32 EF2BF86E
ssdeep 3:H:H
Yara None matched
VirusTotal Search for analysis
Name 9c5898b1b354b139_faehelyy.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\faehelyy.exe
Size 5.2MB
Processes 2604 (cmd.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 812d99a3d89b8de1b866ac960031e3df
SHA1 6817df1da376e8f6e68fd1ad06d78f02406b6e19
SHA256 9c5898b1b354b139794f10594e84e94e991971a54d179b2e9f746319ffac56aa
CRC32 9E63E112
ssdeep 49152:eFlKjoqMGbkf8XfH2cvoJ7JdCrM5faRYZs9rri9/F0U2cRP8JF9zdP+T1E6gpPyV:eFlJqM48QunJ7JkA5faRO/06EnRyI
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis