popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d61ef1bfa73bd5b0_z3SJkC5.exe
Submit file
Filepath C:\Windows\Temp\{B1041C16-8CED-4E0B-8387-15A7C1F728EC}\.cr\z3SJkC5.exe
Size 7.7MB
Processes 1364 (z3SJkC5.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 eff9e9d84badf4b9d4c73155d743b756
SHA1 fd0ad0c927617a3f7b7e1df2f5726259034586af
SHA256 d61ef1bfa73bd5b013066d86f1c41e33bb396fc547cf5ab7191f56cc7b463aad
CRC32 C3FBE966
ssdeep 196608:fla7YGGDOzn2WavTxO0bDRDLX1cwz48uKPWFsi0l99A:takPDka1LFDLX15jPfP99A
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • CAB_file_format - CAB archive file
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • ASPack_Zero - ASPack packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 7a89f84a9b84c132_BootstrapperApplicationData.xml
Submit file
Filepath C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\BootstrapperApplicationData.xml
Size 2.0KB
Processes 2096 (z3SJkC5.exe)
Type XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5 69ed10685b87da02c86d98fd8c64ae91
SHA1 21a773dab0c037319bbc5e3a132b13399209ebc9
SHA256 7a89f84a9b84c132aecc1e5414107247740231d9527343af2d5a2f2cf2ea92e0
CRC32 CBA1D7E4
ssdeep 48:y+03N6hOEhupukwcne1gNucb+JH0wWKycP7eZxQDOQr4i1gwar91pl:ywcn6gzg0wWKycPkx8UWgwarL
Yara None matched
VirusTotal Search for analysis
Name 1ce645aa8d3e5ef2_sqlite3.dll
Submit file
Filepath C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\sqlite3.dll
Size 891.4KB
Processes 2096 (z3SJkC5.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 1e24135c3930e1c81f3a0cd287fb0f26
SHA1 9d13bfe63ddb15743f7770387b21e15652f96267
SHA256 1ce645aa8d3e5ef2a57a0297121e54b31cc29b44b59a49b1330e3d0880ce5012
CRC32 72AD3A4A
ssdeep 24576:rE22o1/ammmwbii+tOrIghOkBYxSw+vTJsvY7n9r:Yk/a+g1mCOf+d+K9r
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 7501366637ca181f_phyllopod.html
Submit file
Filepath C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\phyllopod.html
Size 39.3KB
Processes 2096 (z3SJkC5.exe)
Type data
MD5 7acd5f1bb75aef6681027e02232f3b7d
SHA1 caef0696cf3a2c86078fe068cf37a2a58ea495c5
SHA256 7501366637ca181f4f0c310d4020ace9d58cbf872f47abf82dd42ed98d2d6bef
CRC32 00176829
ssdeep 768:TN8KlxKjmnPS9brniQdYWqHrh+v7LSZJke7ZXuojokxpJbQ2xg0lEs:JllxoRbKWO47Lepuo0k9bHlB
Yara None matched
VirusTotal Search for analysis
Name b23d218a3796d9af_betrothed_20250307152431.cleanroom.log
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Betrothed_20250307152431.cleanroom.log
Size 766.0B
Processes 1364 (z3SJkC5.exe)
Type ASCII text, with CRLF line terminators
MD5 01ddb321f85654cc763eb4eb9d4aa7a5
SHA1 a3d082b5e4f535ee0122c5abbcd2086297bb1a98
SHA256 b23d218a3796d9af93e2067e38bf9698f731b91723c0412f8a84d4d1b001eb56
CRC32 51EE6944
ssdeep 12:rQctK3uXNSX2W/xOLMHtvtYSRcP2EmRKYOLMMtYSRcP2EWKYOLMDtYSRcP2rRKYd:rQmsYNSmAnNldcP2h2dcP29xdcP2V/vH
Yara None matched
VirusTotal Search for analysis
Name 2d13424b09ba0041_WiseTurbo.exe
Submit file
Filepath C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\WiseTurbo.exe
Size 8.7MB
Processes 2096 (z3SJkC5.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1f166f5c76eb155d44dd1bf160f37a6a
SHA1 cd6f7aa931d3193023f2e23a1f2716516ca3708c
SHA256 2d13424b09ba004135a26ccd60b64cdd6917d80ce43070cbc114569eae608588
CRC32 E39F1877
ssdeep 98304:jlO2duwJ/p3HHkUB9ew76CXmFrV60gOncO5x7TiHqYg94P:BOyb9r7evCgr+OnTlYhP
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PhysicalDrive_20181001 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • infoStealer_browser_b_Zero - browser info stealer
  • Malicious_Packer_Zero - Malicious Packer
  • ftp_command - ftp command
  • Antivirus - Contains references to security software
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • mzp_file_format - MZP(Delphi) file format
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name ce4a3be030a39cd3_betrothed_20250307152432.log
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Betrothed_20250307152432.log
Size 3.5KB
Processes 2096 (z3SJkC5.exe)
Type ASCII text, with CRLF line terminators
MD5 5d790b10b45d30fbea1340bbfe999919
SHA1 1b60cbcad7fd9f2837f719e9768b922eec91e1e8
SHA256 ce4a3be030a39cd3690f0c75ce00d8106e273959407e6bfbf60279934663fd47
CRC32 6D82D355
ssdeep 48:o+NMe0pLfYXfkYfO/MfNfJ2f5JTyBiFgJTyMJTjLuUlioMIsxY2WZyWjuRy/tobX:VS1U5i6CmC66
Yara None matched
VirusTotal Search for analysis
Name 9b696ad0ec3b37ba_BundleExtensionData.xml
Submit file
Filepath C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\BundleExtensionData.xml
Size 252.0B
Processes 2096 (z3SJkC5.exe)
Type XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5 a35990570afaa7d023fd2ebbe229afb8
SHA1 86688b13d3364adb90bba552f544d4d546afd63d
SHA256 9b696ad0ec3b37bac11da76bcd51ad907d31ee9638dad7bb8fdd5aef919ef621
CRC32 A09044DF
ssdeep 6:QFulcLk0YR5Ie8GcUlLulFwENeWlYmH1fMWGVUlLulFwEnk:QF/LXYRWe8OLqF3Ye1kWGaLqFhk
Yara None matched
VirusTotal Search for analysis
Name 7ae39cb5cd14a875_Quadrisyllable.dll
Submit file
Filepath C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\Quadrisyllable.dll
Size 168.7KB
Processes 2096 (z3SJkC5.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 a1e561bc201a14277dfc3bf20d1a6cd7
SHA1 1895fd97fb75ad6b59fc6d2222cf36b7dc608b29
SHA256 7ae39cb5cd14a875af3e43df4a309d6a7a44c0339c413bf21b0300c84e35b66c
CRC32 320A0EE5
ssdeep 3072:a5Y0enWCmf0KH207OPC1SuZHbpYkExO4R7/c1GKvf1O+vOQKFhLf/uQcW:aaTtKS27pQQSR/SW
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 51964920f5d4ddc6_blast.tar.gz
Submit file
Filepath C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\blast.tar.gz
Size 4.4MB
Processes 2096 (z3SJkC5.exe)
Type data
MD5 219fe0e290712a35fd4c648f681e2d25
SHA1 83658f481a6aeeea45da571cf5e406078f8993cb
SHA256 51964920f5d4ddc699d5e6259df554798a305b87dd1a38afd4ed56a5f7713571
CRC32 FFE2CED6
ssdeep 98304:EVsSUdJMNtVrvlunA/2oHu+piXbNXofvSm7IReNpm:E2SUdm9vlunA/9HwF3m7Vpm
Yara None matched
VirusTotal Search for analysis