popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name c5a853dece99710a_1sxnmgiv.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1sxnmgiv.pdb
Size 7.5KB
Processes 4004 (csc.exe) 2120 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 e8f18f55ae3923dfecb5ba3346ea5947
SHA1 fadbd43f58b4a20f72c3155e0a40517a5f3c2c92
SHA256 c5a853dece99710a4f8fb962c391076e666442329e6904f7241564a843e6cce5
CRC32 74464A58
ssdeep 6:zz/BamfXllNS/OARK11mllxrS/77715KZYXNARlMoGggksl/3YXBGQu+e0KWEi+:zz/H1W/OhfSXS/pwu2MmqRi
Yara None matched
VirusTotal Search for analysis
Name baf35840927e352c_1sxnmgiv.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1sxnmgiv.out
Size 609.0B
Processes 2120 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 915866fadceb2b2c942b84cb83abd337
SHA1 44745db42e1db57c1187d472e7774cd28c026bb4
SHA256 baf35840927e352c4277a7d20cc81a871e70eca469775c60b36a9e770fb89003
CRC32 4F12F6D5
ssdeep 12:K4OLM9NzR37LvXOLMNlnPAE2xOLMNTKai31bIKIMBj6I5BFR5y:K+9Nzd3BNlnIE2nNTKai31bIKIMl6I5G
Yara None matched
VirusTotal Search for analysis
Name 312abe4ee0ffb80c_1sxnmgiv.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1sxnmgiv.cmdline
Size 311.0B
Processes 2120 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 527cb429d8150bf239bafd620d2bba5f
SHA1 85d9f32953cdbe0d5fc0775c2ccb41899a0f6e3e
SHA256 312abe4ee0ffb80c96fda211f145666984e13ee8bc8d1ec7de6785a8f5e594dc
CRC32 42C44AEA
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f7JEfemGsSAE2NmQpcLJ23f7JE7:p37LvXOLMNlnPAE2xOLMNa
Yara None matched
VirusTotal Search for analysis
Name 9520067abc34ce8a_ready.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ready.ps1
Size 2.0KB
Processes 7528 (al.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 3447df88de7128bdc34942334b2fab98
SHA1 519be4e532fc53a7b8fe2ae21c9b7e35f923d3bb
SHA256 9520067abc34ce8a4b7931256e4ca15f889ef61750ca8042f60f826cb6cb2ac9
CRC32 DA3471C2
ssdeep 48:Nm9KncuG64du5pH6cagzU/CxzjTJfpKps7+k1P3V:vnkzGqYxzpf8pmPF
Yara None matched
VirusTotal Search for analysis
Name 85fda9140e235675_resolve-domain.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\resolve-domain.ps1
Size 2.5MB
Processes 7528 (al.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 920b50692e0e9c4e32c79f89fafce0c4
SHA1 4cb71db2bb05daa4e84c649b6c58cbfd20c8e484
SHA256 85fda9140e2356752f4139c674b78e36e4bb5da57b7cff27d8db357a4357deaf
CRC32 8D88BEC6
ssdeep 49152:mB1eVeasw6SAdreMVdRqqCDYZvIHJT3lJCN8yJ:A
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name 77c1b76eef42dae8_1sxnmgiv.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1sxnmgiv.dll
Size 3.5KB
Processes 4004 (csc.exe) 2120 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 30dacc42e4317917fea116e0ebf318df
SHA1 4238630cc05993c3e8b820c51cee6568950fc75b
SHA256 77c1b76eef42dae85464875f7c4eeb152296492467c7b88a14c972203580aeee
CRC32 B838E486
ssdeep 24:etGS1dBjEeK6D8lsckyTCM4PkbdPtkZfx1jO252RNrmI+ycuZhNbakSNPNnq:6J9lD8lsNyOT0uJ3z2Rg1ulba3Xq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Is_DotNET_DLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 7ec20eb173d9d5fd_CSCE18.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCE18.tmp
Size 652.0B
Processes 4004 (csc.exe)
Type MSVC .res
MD5 5bee29d4f166f4b87585caa6fd45ded8
SHA1 dad2d22e59f3a77d6f9e44d1ac4255162c524fd2
SHA256 7ec20eb173d9d5fd6ac6723530ad92c71961aebf4e46c8a6c30f2b1b69c47d0f
CRC32 09CABF9E
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryJXak7YnqqYAPN5Dlq5J:+RI+ycuZhNbakSNPNnqX
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_1sxnmgiv.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\1sxnmgiv.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 0f5273b8fce9bfd9_1sxnmgiv.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1sxnmgiv.0.cs
Size 424.0B
Processes 2120 (powershell.exe)
Type UTF-8 Unicode (with BOM) text
MD5 4864fc038c0b4d61f508d402317c6e9a
SHA1 72171db3eea76ecff3f7f173b0de0d277b0fede7
SHA256 0f5273b8fce9bfd95677be80b808119c048086f8e17b2e9f9964ae8971bd5a84
CRC32 FDA6B056
ssdeep 6:V/DsYLDS86pCMjFs2SRadPc8hAfWhMjFs2SRFo1cLDMeWhMjFs2SRcBuhmwORXWu:V/DTLDCY+Pjh+kLWhcB4mwoFcekG
Yara None matched
VirusTotal Search for analysis
Name a96001f92f190490_590aee7bdd69b59b.customDestinations-ms~RFffb9c2.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RFffb9c2.TMP
Size 7.8KB
Processes 2120 (powershell.exe) 8004 (powershell.exe)
Type data
MD5 77dfc370498534a5df1fc467d3ee73ce
SHA1 5fcef2d483ab8d5d1c89c9efe50734ca29f01ec4
SHA256 a96001f92f1904904e6cc962ef38ee4a4b4f486d254ea4e10fbb8192aec33ad8
CRC32 7851B322
ssdeep 96:wtuCiGCPDXBqvsqvJCwoNtuCiGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:wt7XoNt7bHnordTyY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name fcd30e278626017e_RESE77.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESE77.tmp
Size 1.2KB
Processes 3180 (cvtres.exe) 4004 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 000a453b9be1936f9386e76f71d920d0
SHA1 a4057fca53455f1c0818e260fff48c84a0839a67
SHA256 fcd30e278626017e3a2eb93302c8bae6dbcc86324c21838fd4545005150ca550
CRC32 AAE62192
ssdeep 24:H3J9YeAEPX4HOUnhKbI+ycuZhNbakSNPNnqjtd:geAgIpnhKb1ulba3XqjH
Yara None matched
VirusTotal Search for analysis