popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 331485c01b91a54a_263CWoYD.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\263CWoYD.exe
Size 24.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e1a6bad0a3a2e1040d730a2d6694fc1c
SHA1 378c03357b2453cb540fc480a5d887446ce09f2a
SHA256 331485c01b91a54a2ee03351cb80f04fb271f74344765c9706e5204f87d5d7b1
CRC32 85F35D0A
ssdeep 786432:1ci1BEnvQu7vja8IDKrZMu4GwjSB6QJekq/n5BtRu5:1cCu7v2jKrWuPwjq6ga5g
Yara
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • ASPack_Zero - ASPack packed file
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 0d8037bec657b3a5_conf.ini
Submit file
Filepath C:\Users\test22\Documents\conf.ini
Size 120.0B
Processes 3052 (263CWoYD.exe) 2216 (Tomcat.exe)
Type ASCII text, with CRLF line terminators
MD5 ee7f5f67596c2114517136f9a93e30b6
SHA1 2ddeecd0e3d0b3ec997fe31dcfc56c0509736982
SHA256 0d8037bec657b3a52b960b9ce80d99a6ac167fbcf091c5031167ae89d16e6a64
CRC32 77EE3417
ssdeep 3:5+WXL2ZGDhT9WVXglVT5Jbcpy0BT07Gd4Q0wUUTCCXxv:5+3c9RPN30l07c4JwUKCCZ
Yara None matched
VirusTotal Search for analysis
Name d7325cd68e81480d_tomcat.exe
Submit file
Filepath C:\Users\test22\Documents\Tomcat.exe
Size 1.5MB
Processes 3052 (263CWoYD.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8d91d692064e16f228a76a9c3b7bba18
SHA1 ce673b9f37d1a744aaac65a0168a4879d8b1722d
SHA256 d7325cd68e81480d0d302fb51b0aaeba773ad0621f8ef7fcfda0a39aa22fb952
CRC32 4FC8F097
ssdeep 24576:PJBOdhwhh3Jq0xd9uyo65XdaRRN5OTJ7hIVymFNlMtRVblP9PIjo3rShp0sUPYuJ:PVnd9JjNaR+/I07Shp0sUPYu7U3j
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name cdd05ce547e79e11_wps.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WPS.lnk
Size 1.6KB
Processes 2216 (Tomcat.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Jul 20 15:58:31 2024, mtime=Sat Jul 20 15:58:31 2024, atime=Sat Jul 20 15:58:31 2024, length=1615360, window=hide
MD5 c0fec4f871293104d8f4c04301f6e2cc
SHA1 0caf2563ec832145b2afff9b08c7fd97ad01cfb5
SHA256 cdd05ce547e79e11f936ce1e29d13fdde74d46a93b9e306a0a2f5374fa7efbf6
CRC32 4A13DF36
ssdeep 12:8Esee+94Zrac7EelizCC0XjmwE+krkmUvOH2mNrN124t2YLEPKzlX8y9eM:8jeeZ2zN4LUA9OWwIPyF
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis