popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 23d10fa632d1c132_skotes.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\abc3bc1985\skotes.exe
Size 3.0MB
Processes 2240 (1x90B2.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 37f0900997cd2b89fd37abde93121dae
SHA1 7329fd84cebbe1ddd1db9fa86148b9e1e20f3659
SHA256 23d10fa632d1c132919905aada6cdea94bdc674d237ada362e6deb6bb4decf9a
CRC32 807E735A
ssdeep 49152:Vta33nfQHTcZP6n0eG+/TdG8G6XQnYVmgLZPFQoL:Da33nYzc40x+/TdG6XQI
Yara
  • themida_packer - themida packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 8ea8e9c311584001_3c01a.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\3C01a.exe
Size 1.7MB
Processes 2116 (J2Q03.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 56498263dcb52c53604693d0d1b2a81c
SHA1 c3e415877fec0f6911079de9696c65686ee87575
SHA256 8ea8e9c3115840016f5992a8a5facace35cc851e47e9b6ecb2ab965c8a7e05c3
CRC32 D6E2892E
ssdeep 49152:HPJym/XZzyqVd599ZUMOW1cf12seKDAb:HPJX/XZ+udZDQd2seKDAb
Yara
  • themida_packer - themida packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 579471099e4f05fa_4m130z.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\4m130Z.exe
Size 2.6MB
Processes 2060 (none.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7847c2df2a8cfd3a444f7fd1fbf4b6c2
SHA1 8028c8391e1f1c16d04076d6c25f1a2055f52cda
SHA256 579471099e4f05fade4c9b067a7bdf25ed53a626dd15697fb1aa1dbb02727ed1
CRC32 0FEBDF84
ssdeep 49152:QNYnzGeMh4LTDguDohpYDTbY3AwKYD5qVUhH2l:ue+4nMm43Rw
Yara
  • themida_packer - themida packer
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 055b07a4b387824c_skotes.job
Submit file
Filepath C:\Windows\Tasks\skotes.job
Size 270.0B
Processes 2240 (1x90B2.exe)
Type VAX-order 68k Blit mpx/mux executable
MD5 fca935bb6ad19ef63797cc2a435bd5b5
SHA1 1de5bcbc90025bea4821917aafcba0149bed8316
SHA256 055b07a4b387824c44f6c62689113fc28b786f1a28a8a38ebcf116e381a16c92
CRC32 237E71D3
ssdeep 6:Q3CZ5tXE/E/UEZ+lX1CGdKUe6tI4y0lQkldt0:V5kE/Q1CGAFv4VQkzt0
Yara None matched
VirusTotal Search for analysis
Name 7474c2b8885b9747_j2q03.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\J2Q03.exe
Size 5.2MB
Processes 2060 (none.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 75faebd32c78ba78205375ce903b2769
SHA1 68224dad41e2b75f5dc9ceb25e2924b872c6e9d3
SHA256 7474c2b8885b9747bd768d90587314f8e4ef69976e7847c01ed7ef7b7633b7d8
CRC32 6401AA27
ssdeep 98304:mB+QmWfmuEE9asGMBrftuf9Z209HUEY1HdXuWteBL5KMHNYYIHujZcXX+XeYlhS:6mWfmuEEYTOLtuR9HzYFdX1teBL9tRI8
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 1c196cd57886b0a5_d9h54.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP001.TMP\D9H54.exe
Size 3.4MB
Processes 2116 (J2Q03.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 95a0971d0a11be4b1853afd2de329d09
SHA1 594d442b1f7cc780186ee08853eff41e69920fd9
SHA256 1c196cd57886b0a5cfd09eb879eae6b0b5165cb37c7c1067f4767384c9ac46ee
CRC32 2A6D1B28
ssdeep 98304:Psm1smk6+gz/Gx427tuf65D69g8JpXKzBaRSd0E:Um1smk6+cuuatbI9g8HXKdaRSd
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • CAB_file_format - CAB archive file
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis