Dropped Files | ZeroBOX
Name a4c86fc4836ac728__setup64.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-LPQVG.tmp\_isetup\_setup64.tmp
Size 6.0KB
Processes 2864 (SillyShelf.tmp)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 4ff75f505fddcc6a9ae62216446205d9
SHA1 efe32d504ce72f32e92dcf01aa2752b04d81a342
SHA256 a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81
CRC32 B1C5F7C5
ssdeep 96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 736af8f850ebf9fb_poisedcoyote.dll
Submit file
Filepath c:\users\test22\appdata\roaming\poisedcoyote.dll
Size 2.8MB
Processes 2864 (SillyShelf.tmp)
Type PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5 87aba2697a8deda3e1284a79780ff69d
SHA1 21dfe5aa0e8f32688faee3ac31652392696e0908
SHA256 736af8f850ebf9fbf744002845787425aa493a5d11202094381051ee66568582
CRC32 337C15D9
ssdeep 49152:ekFE961ytt8iF+L3N4Tefv2HHcRnFuhBRh1l29gDQPpW1ra8h3gA/QMtJhGExB2T:9J1ytt8iF+L3NIcJFuf9SgkpWtv3J2F9
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 90c4a61af494b63e_SillyShelf.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-MIRJJ.tmp\SillyShelf.tmp
Size 1.1MB
Processes 2820 (SillyShelf.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 14c6fa8e50b4147075eb922bd0c8b28d
SHA1 0faad18b0e26ce3b5c364621a4f0aee9db56a9a7
SHA256 90c4a61af494b63ecfe1226714175675a4e49e57d50718491b3bc8fe29dd8fc7
CRC32 84D8FE8D
ssdeep 24576:MYwCLCUplZhgjXj8YcgoniqO3CBiO0jaS+EtjC67V5MNx9XU:3GUhni7iSFCQGu
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 9884e9d1b4f8a873__shfoldr.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-LPQVG.tmp\_isetup\_shfoldr.dll
Size 22.8KB
Processes 2864 (SillyShelf.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
CRC32 AE2C3EC2
ssdeep 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
Yara
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
VirusTotal Search for analysis
Name a1aa0b65adcf8b0e_unins000.dat
Submit file
Filepath C:\Users\test22\AppData\Local\unins000.dat
Size 3.6KB
Processes 2864 (SillyShelf.tmp)
Type data
MD5 3f735653ff92c2f25cbae185af002998
SHA1 16cad3aacaa893d9bde637da618a11e22a50572e
SHA256 a1aa0b65adcf8b0ea5b1c69c28e8b10912d96c32356e9e082c13336b985d01e8
CRC32 63A75693
ssdeep 96:RT2xh44NWzpZn3PCdfc1AGlEDA4MZAe2L5Hhxn:RTohxYpZ3yf7fDSm5HXn
Yara None matched
VirusTotal Search for analysis
Name 438a002fb9cd0bd0_unins000.exe
Submit file
Filepath c:\users\test22\appdata\local\unins000.exe
Size 1.1MB
Processes 2864 (SillyShelf.tmp)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f1ed953d31a56e4899772a56604685b5
SHA1 c56da596fd92b48d2b062c16131a1cfdc984853f
SHA256 438a002fb9cd0bd061345c8f098c69c4249ce0b0d9ac3f1bc5cb3701ba6093ec
CRC32 7727914A
ssdeep 24576:kYwCLCUplZhgjXj8YcgoniqO3CBiO0jaS+EtjC67V5MNx9XN:fGUhni7iSFCQGz
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis