Dropped Files | ZeroBOX

Name	6f16e4daa8a97e5d_tqvurqbndrhdgpddwmbbfrqh.exe Submit file
Filepath	C:\Users\test22\Documents\tqVUrqbNDrHDGpddWmBbfRQH.exe
Size	4.2KB
Processes	9068 (DIqMUyT98Untp5QhexOCjQdS.exe)
Type	HTML document, ASCII text
MD5	`dc7816cd57c9f720bd1ef11a8783f4be`
SHA1	`147f42e36cb0a75874709638d9cca4d049448d5a`
SHA256	`6f16e4daa8a97e5d1f8455444ca22d9460cb664806c33890bb5ef9ae34302fb7`
CRC32	`538526D8`
ssdeep	`96:1j9jwIjYjyDK/DZD8jH+k1UvJADh/pRs9H6sgszbGD:1j9jhjYjWK/lyH+kURADh/pmgsgsfGD`
Yara	None matched
VirusTotal	Search for analysis

Name	920c1de34bb3555b_cl6nvky3nidsmbpm6svsqs42.exe Submit file
Filepath	C:\Users\test22\Documents\Cl6NvkY3niDsMBPm6svsQs42.exe
Size	444.0KB
Processes	9068 (DIqMUyT98Untp5QhexOCjQdS.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`97c905ed98e96410725d84075f87c025`
SHA1	`77d11dade36abab83100de028ab3af3c2784ad0d`
SHA256	`920c1de34bb3555ba0f4bf3f27d5b5a6559546776927bd9b4d25bb3d0c6a19ce`
CRC32	`A85E516E`
ssdeep	`6144:uOKxGg7krdbQk6/ZbbCMf9BoATA3GehNvZfFl7T46lfZRBDmehwx:ExGuubFip+MVBoATA3TlNFB48ftJh`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Zero Trojan_Win32_Glupteba_1_Zero - Trojan Win32 Glupteba win_mutex - Create or check mutex win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check
VirusTotal	Search for analysis

Name	0a7b3f645c4c7e96_zizjjac0nwbgvftlaeqq811v.exe Submit file
Filepath	C:\Users\test22\Documents\ziZjJAc0NwbgvftLaeQq811V.exe
Size	249.0KB
Processes	9068 (DIqMUyT98Untp5QhexOCjQdS.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6c4383680d38f7348e9ed7cf158d5d6e`
SHA1	`949eb34374c70451a1434e710e90550377261480`
SHA256	`0a7b3f645c4c7e96c54ab07cc1de692e705fa001eebfffd1f394b5534ba2f192`
CRC32	`2D5F3A63`
ssdeep	`3072:nqvTBKodmi6Mw2or7snXRRpq0aNvGOkN+H2MDTHYVj0tiH+3yhECZNeDDKDqGf3D:WT0ZitorgzPG3zYjZbQDWaXa7`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Zero Trojan_Win32_Glupteba_1_Zero - Trojan Win32 Glupteba win_mutex - Create or check mutex win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check
VirusTotal	Search for analysis

Name	cfce285cacd32aaa_gdppmpna3gegwxndwdjop6jg.exe Submit file
Filepath	C:\Users\test22\Documents\gDpPmpnA3gEgWXNdwDjoP6jG.exe
Size	5.5MB
Processes	9068 (DIqMUyT98Untp5QhexOCjQdS.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f0bc65a05ad0a598375cfcd88cebf2f7`
SHA1	`a293f92d4f7377b31e06ee0377d4f8069d923938`
SHA256	`cfce285cacd32aaa2b142c7cb7c23643a8d57825daaa51ea69df4d61ff3a819f`
CRC32	`D5E811D9`
ssdeep	`98304:xhp+G9io0N+3FDOlDEDXYcn4/y3xUbkoP11vwoo/ZgG81Dkpum:xybot3BOlDEDXRthXoPLvw321D`
Yara	Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero screenshot - Take screenshot win_registry - Affect system registries win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis