popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a32e0a83001d2c5d_2.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\$inst\2.tmp
Size 36.0B
Processes 184 (PDF.FaturaDetay_202407.exe)
Type Microsoft Cabinet archive data, 36 bytes
MD5 8708699d2c73bed30a0a08d80f96d6d7
SHA1 684cb9d317146553e8c5269c8afb1539565f4f78
SHA256 a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f
CRC32 EAB67334
ssdeep 3:wDl:wDl
Yara
  • CAB_file_format - CAB archive file
VirusTotal Search for analysis
Name 2d8e573a56755e38_uninstall.exe
Submit file
Filepath C:\TheDream\Uninstall.exe
Size 97.5KB
Processes 184 (PDF.FaturaDetay_202407.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 da79f594d4dd480d36d7d1e644568c57
SHA1 bc2bdb17395ad28007a619738eea59aafebe643d
SHA256 2d8e573a56755e3824c13fc32f763253b69be59597531a40c1bfd4502629d024
CRC32 20A5A731
ssdeep 1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o75K:kzgjO/Zd1RePDmZ8tf05iW4u1K
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • mzp_file_format - MZP(Delphi) file format
VirusTotal Search for analysis
Name a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1cb8a45.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1cb8a45.TMP
Size 7.8KB
Type data
MD5 b0c9ff441742f3847ea27da9dee7f2cd
SHA1 c42a1eb32ba953a0ce5d8635caabf71b5b281495
SHA256 a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4
CRC32 0BBCAB1A
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name d6431d5645fffd05_d93f411851d7c929.customDestinations-ms~RF1cb910c.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1cb910c.TMP
Size 7.8KB
Processes 2232 (powershell.exe) 2328 (powershell.exe)
Type data
MD5 260d23ce04a8f8555a73b7d2dc15e911
SHA1 ebad746fb7de847c50f7502a44f6e35534733efd
SHA256 d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588
CRC32 11D6B213
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name bbda59896347af0b_rootdesign.exe
Submit file
Filepath C:\TheDream\RootDesign.exe
Size 125.5KB
Processes 184 (PDF.FaturaDetay_202407.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 e739795e2208eb8e10ee98b92b52a5ca
SHA1 0ac1bd3681544350158ff9d7c44d1732b5673178
SHA256 bbda59896347af0b13c361b9fb97c42c1903e1cd1fad498c8192416c408139c5
CRC32 DB2F0D26
ssdeep 1536:w0DwGNVSLevGMF86LEgrKVJMQht2MdGnetU1ocHBPr9hHB0ofiLTV7LZ:lRNVlNWCrIVvtU6chPHHB0ofivhV
Yara
  • ConfuserEx_Zero - Confuser .NET
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name f532cb767e847224_uninstall.ini
Submit file
Filepath C:\TheDream\Uninstall.ini
Size 2.3KB
Processes 184 (PDF.FaturaDetay_202407.exe)
Type ISO-8859 text, with CRLF line terminators
MD5 4f8b1beb68c93a56f83dd477d9375fb7
SHA1 f09ce978520b5cda8c3d8e604adcb5abc8ba1b44
SHA256 f532cb767e847224e99d5f4852f151cedcac96d65a815bfd1dfe5f3e61f9b2ae
CRC32 03BF2B1A
ssdeep 48:U91B391BH91F91O91G91BC91591w91n91S91rm91291Q91L91Rez05QLJjqM1sYn:C1713131I1w1y1L1e191c1rQ1g1+1R1A
Yara None matched
VirusTotal Search for analysis
Name a51c525036fd56f1_temp_0.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\$inst\temp_0.tmp
Size 128.1KB
Processes 184 (PDF.FaturaDetay_202407.exe)
Type Microsoft Cabinet archive data, 131210 bytes, 2 files
MD5 27ad0717777d4a65c4997e06e8968490
SHA1 8f65e58778191643d09fe00ef738f808eafa533c
SHA256 a51c525036fd56f1907b9463b706b6711f52a342a4d81ff80e6dbb80341aa846
CRC32 C67C96A7
ssdeep 3072:59Baxf+ewISZRj2smvhST5PE47JNub3WfuDY0Y8rz3+izmCNw:5Gx1d0RjzV5Pnz63LLHBNw
Yara
  • CAB_file_format - CAB archive file
VirusTotal Search for analysis
Name 91bcb614144a9721_readme.txt
Submit file
Filepath C:\Users\test22\Desktop\readme.txt
Size 1.3KB
Processes 2744 (RootDesign.exe) 508 (RootDesign.exe) 2456 (RootDesign.exe) 2496 (RootDesign.exe) 2760 (RootDesign.exe)
Type UTF-8 Unicode text, with CRLF line terminators
MD5 f87a14daa7116e7ccd375aadf5a665b9
SHA1 eff1d54eb33a855353663c926059bd632fb2615d
SHA256 91bcb614144a9721f646e5ea6e7673a323db2f950ff3c9acfac919f9357d4fa4
CRC32 5224E98B
ssdeep 24:3nhJoJwQVD4ZbXLKPHJ0wCJ+nW+SbAOf1tLIMjaIIFkfMlXJP694wqQG:3KDgbXQk+SH9FIwaViMl54qQG
Yara None matched
VirusTotal Search for analysis
Name 312c7fabec877805_log.txt
Submit file
Filepath C:\TheDream\log.txt
Size 96.0B
Processes 2420 (RootDesign.exe) 2744 (RootDesign.exe) 508 (RootDesign.exe) 2456 (RootDesign.exe) 2496 (RootDesign.exe) 2760 (RootDesign.exe)
Type ASCII text, with CRLF line terminators
MD5 45c561fb2c15620a9640782fc40cd2b1
SHA1 1a1f745124bdb30331ea1c37ab53f8eca2412d07
SHA256 312c7fabec8778052a0cc9d10157026edfd64aa240a94be5ff18fcb5432b384c
CRC32 AC858928
ssdeep 3:3owi3abpUqX2pUqX2pUqX2pUqX2pUqX2y:+qlUsCUsCUsCUsCUsX
Yara None matched
VirusTotal Search for analysis