popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 5dd1405f22307d60_startup.vbs
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.vbs
Size 262.0B
Processes 2208 (.exe)
Type data
MD5 b6b55cb088762eee62506eb79169613d
SHA1 655d233a43d0469121579cdd4d23452ce108e043
SHA256 5dd1405f22307d601bea328d48346e9423a03eb5e98e38f0185dad39ccfa332c
CRC32 1B35B10D
ssdeep 6:DMM8lfm3OOQdUfcls/UEZ+lX1Al1ALlAnriIM8lfQVn:DsO+vNls/Q1A1M4mA2n
Yara None matched
VirusTotal Search for analysis
Name e92157f49001f8d6_autCD2E.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autCD2E.tmp
Size 264.5KB
Processes 2052 (Delivery%2006.exe)
Type data
MD5 1f76c89a195c7c2bbd90e4f14d4c0f7b
SHA1 b3c4cb67b1f901d54dc845fb178a00b5e6d66df4
SHA256 e92157f49001f8d61285ce1df04e03d7b790110d51df6eba0fea689cd57b419d
CRC32 DD61A97C
ssdeep 6144:hYa1J7ChBwnhKDlmJVihXas1RQAiXFsu2J29eOU7ALO9Q08p2:hYInClPR7iXudJ29evF922
Yara None matched
VirusTotal Search for analysis
Name 413852f536628cfa_F56GKLK7U4
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\F56GKLK7U4
Size 40.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 91a39ee5267872c5a86c0b791bfd0fe0
SHA1 3ee10302a6d40c7aa02afe01d36498f1b27f7895
SHA256 413852f536628cfad0f6be985e814443f8a2bbdcfd55994aff9a561fbad68fe1
CRC32 B431A379
ssdeep 24:TL2C0RlPbXaFpEO5bNmISHdL6UwcOxvo5:TYLOpEO5J/KdGU1Eo5
Yara None matched
VirusTotal Search for analysis
Name e6290c33915b981b_aaberg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Aaberg
Size 28.1KB
Processes 2052 (Delivery%2006.exe) 2208 (.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 cf0825783ac3f695a7a1d02aafb58f71
SHA1 6fe49035cc612810054e4f1e3574901015e5bc7e
SHA256 e6290c33915b981b78a7120f9e708f66aa1e6a8d19b21335646c0daedb47eb94
CRC32 6E1B915D
ssdeep 768:WiTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbCO+IFV1cd4vfF3if6g/:WiTZ+2QoioGRk6ZklputwjpjBkCiw2RE
Yara
  • Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal Search for analysis
Name 2bd6b062b7b7dd73_autCD4E.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autCD4E.tmp
Size 9.6KB
Processes 2052 (Delivery%2006.exe)
Type data
MD5 6ae8cf8cf03623445236c50d9e804fb7
SHA1 7f07f1abb9c1c1ad6c4ac76c75fb7935bdaaa1f1
SHA256 2bd6b062b7b7dd7319e0822dd629876e4c1da6d2bf2490305a33bef5eaf699b6
CRC32 8B9DEC55
ssdeep 192:na0ZsqLUGeKtxWQa8wgK/IltCvbYxil1paV8tspHxGh9W7xovq1Hj+queA1jUj//:azqLFLtx3a8wgKJbHpe8tgxGh9WVckHV
Yara None matched
VirusTotal Search for analysis
Name b79f9bfe9b5ed911_.exe
Submit file
Filepath C:\Users\test22\AppData\Local\directory\.exe
Size 1.1MB
Processes 2052 (Delivery%2006.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 132e9cb76def326daa4088f99587b759
SHA1 d2a5e919e451865551efd2da81d30468cbb80773
SHA256 b79f9bfe9b5ed9113deae47f91b1a2eeca20cf737aea051e70b224d6b88e0792
CRC32 B5F4DAB2
ssdeep 24576:IAHnh+eWsN3skA4RV1Hom2KXMmHaD2jZ9uUKhRDp2jPdsRm9Qf5:Ph+ZkldoPK8YaDCXoqjP9Q
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Process_Snapshot_Kill_Zero - Process Kill Zero
  • PE_Header_Zero - PE File Signature
  • FindFirstVolume_Zero - FindFirstVolume Zero
  • CryptGenKey_Zero - CryptGenKey Zero
  • Device_Check_Zero - Device Check Zero
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name a15fd84ee61b54c9_sqlite3.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sqlite3.dll
Size 1.0MB
Processes 2356 (netbtugc.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 f1e5f58f9eb43ecec773acbdb410b888
SHA1 f1b8076b0bbde696694bbc0ab259a77893839464
SHA256 a15fd84ee61b54c92bb099dfb78226548f43d550c67fb6adf4cce3d064ab1c14
CRC32 2FA811D1
ssdeep 24576:chlbC7QSGIt3dr8mVpn1MRRlnCSLvcdLpi:cnZoNrLn1M3lnV4E
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 824fae3331b95e2f_F56GKLK7U4
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\F56GKLK7U4
Size 40.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 41c19a9e8541fcb934c13c075bf47721
SHA1 648a7622d533d79b9a0bb31dc370134ec3a75ed7
SHA256 824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c
CRC32 560F7642
ssdeep 48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u
Yara None matched
VirusTotal Search for analysis
Name 35c648fa355503c4_sqlite3.def
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sqlite3.def
Size 7.2KB
Processes 2356 (netbtugc.exe)
Type ASCII text
MD5 a199f89960429326ae36f645ffc387af
SHA1 85e4281d0f95aa75611f2946fb4212a70f7e7b75
SHA256 35c648fa355503c4b6608c4d482bf8c0ae34af33d70f08172ecd43816aaab733
CRC32 ADB208F6
ssdeep 96:kCcuN/mXU+anR+7GgbXgXdMcAM3K4tGvAF+GEhwIEVtvaENwzY0aR:kA/B+7GgbQbKWrF+GEeJvaENwzcR
Yara None matched
VirusTotal Search for analysis
Name 121118a0f5e0e8c9_svchost.exe
Submit file
Filepath C:\Windows\SysWOW64\svchost.exe
Size 20.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 54a47f6b5e09a77e61649109c6a08866
SHA1 4af001b3c3816b860660cf2de2c0fd3c1dfb4878
SHA256 121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2
CRC32 4B0EAF31
ssdeep 384:eipYzV8555BUcKaJEEyKxC0exYQ1k3KFUOLg2JfvaW9C5bW9odW:3peIszaqEyKxCtxJk6FbXaw
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis