Dropped Files | ZeroBOX

Name	224bf0bd119ef5c8_mssqlh.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\MSSQLH.exe
Size	436.0KB
Processes	3048 (TQ.jpg.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`214f53c5c0181d9e0531c48d46ed0881`
SHA1	`4d5629a5fbb29439b66caf98c5cec56730118ecd`
SHA256	`224bf0bd119ef5c8aed25875cb66f62f9e2054dea8de5a3083cc43468a5da0da`
CRC32	`59D35AE1`
ssdeep	`12288:UXx0QTpUFuegQsEAB+yGk//4Yre94vSZGk//4Yre9746T:Cx0QTpU38h3trEV3trx`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Network_Downloader - File Downloader Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software IsPE32 - (no description) UPX_Zero - UPX packed file Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	1cfff12d507b602e_rundllexe.dll Submit file
Filepath	C:\Windows\Logs\RunDllExe.dll
Size	176.9KB
Processes	932 (MSSQLH.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`9b84349355b84c96765d25ce82d43f3f`
SHA1	`49b33785988cc0f6014f5aff3d7d9a6e5d8b3c7e`
SHA256	`1cfff12d507b602ee7ff38ba869d88cc976190bd1cefc3c1f1abd18814f568a2`
CRC32	`AAFCBAA1`
ssdeep	`3072:x5VK0lTSG9xoC+CQpiU5MvUOGk//qmwYre9BN0N4w:E0T9xB+CU4Gk//vwYre9BmN`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Network_Downloader - File Downloader Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis