popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f4d28cf0f12006f9_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2432 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 42bbba4d16107c95_v-t28vwt.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\v-t28vwt.out
Size 609.0B
Processes 2432 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 11e7ace4de2bb713a5bf006111017792
SHA1 b74428a313d42cfcfebe63df98985a4bd8fadc23
SHA256 42bbba4d16107c95534148598dec0a5bb3596d8021a6a4251d80039351e11297
CRC32 B93B2740
ssdeep 12:K4OLM9NzR37LvXOLMrwnPAE2xOLMAKai31bIKIMBj6I5BFR5y:K+9Nzd3BrwnIE2nAKai31bIKIMl6I5Da
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_v-t28vwt.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\v-t28vwt.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 9520067abc34ce8a_ready.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ready.ps1
Size 2.0KB
Processes 1896 (newApps.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 3447df88de7128bdc34942334b2fab98
SHA1 519be4e532fc53a7b8fe2ae21c9b7e35f923d3bb
SHA256 9520067abc34ce8a4b7931256e4ca15f889ef61750ca8042f60f826cb6cb2ac9
CRC32 DA3471C2
ssdeep 48:Nm9KncuG64du5pH6cagzU/CxzjTJfpKps7+k1P3V:vnkzGqYxzpf8pmPF
Yara None matched
VirusTotal Search for analysis
Name 1cfa7af021f32d9d_v-t28vwt.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\v-t28vwt.dll
Size 3.5KB
Processes 1836 (csc.exe) 2432 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d8e25c16ab34fb77aa5d1178f08269fa
SHA1 a66d75168432c1303b671d2276c9b3ded8bf5829
SHA256 1cfa7af021f32d9de8dffdba9e6d95ed9e3308cae0ba4da376576ff9a0f0bc22
CRC32 A09222C6
ssdeep 48:6M9lD8lsNyOqj0uJEJ2WB6P1ul+Fa35Gq:Z8q+jq2E2K
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • IsDLL - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 33366e5e54c982ae_resolve-domain.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\resolve-domain.ps1
Size 2.5MB
Processes 1896 (newApps.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 841d97eb23b6a8b38b963ed374afe52a
SHA1 01af3cf64b9692ebb163a9a3755a169e723209b3
SHA256 33366e5e54c982ae10fc0cf17f2db13b2ae39118cb9f4f28148372eb54c8855d
CRC32 59F77795
ssdeep 49152:hvVnuM/0mLzwQfZ1uVu5C7KcHv81QJ7eoglIYj:B
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name 0fbb2f9d0cdd8f7c_v-t28vwt.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\v-t28vwt.cmdline
Size 311.0B
Processes 2432 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 4cab822826e18e392b11b0b75810297e
SHA1 9fd91e11e55a2e8a7da30761917c8ca81ddb4c49
SHA256 0fbb2f9d0cdd8f7c45f7b2c03e224466a5c122c9f92017c4d1255d7275572d25
CRC32 34462DDD
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fjwmGsSAE2NmQpcLJ23fN:p37LvXOLMrwnPAE2xOLMl
Yara None matched
VirusTotal Search for analysis
Name 6ec272f746575680_CSC101C.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC101C.tmp
Size 652.0B
Processes 1836 (csc.exe)
Type MSVC .res
MD5 6a4753b74a7e2f228bda3684a3bf15b3
SHA1 1583f2c7729df8704b43cbb23ff4f9aaa267dcb4
SHA256 6ec272f746575680ab239c9ded71ce8b978ea53af7f588583bca3e3960467766
CRC32 9C9E08D7
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryQ2l8ak7Ynqq52lRPN5Dlq5J:+RI+ycuZhN+2l8akS52lRPNnqX
Yara None matched
VirusTotal Search for analysis
Name 0f5273b8fce9bfd9_v-t28vwt.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\v-t28vwt.0.cs
Size 424.0B
Processes 2432 (powershell.exe)
Type UTF-8 Unicode (with BOM) text
MD5 4864fc038c0b4d61f508d402317c6e9a
SHA1 72171db3eea76ecff3f7f173b0de0d277b0fede7
SHA256 0f5273b8fce9bfd95677be80b808119c048086f8e17b2e9f9964ae8971bd5a84
CRC32 FDA6B056
ssdeep 6:V/DsYLDS86pCMjFs2SRadPc8hAfWhMjFs2SRFo1cLDMeWhMjFs2SRcBuhmwORXWu:V/DTLDCY+Pjh+kLWhcB4mwoFcekG
Yara
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name cf8ae017f62cd098_v-t28vwt.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\v-t28vwt.pdb
Size 7.5KB
Processes 1836 (csc.exe) 2432 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 4e2e5d66af994b2b0438bd834d45b8ff
SHA1 2cccb12a4a1eab18269f26c8e6072b1a0d352be1
SHA256 cf8ae017f62cd0987ce1073e6e9660c29ead40b1cb34c3d6df0b8ea50ab3eebc
CRC32 C0CE04D8
ssdeep 6:zz/BamfXllNS/ARK31mllxrS/77715KZYX3RY/foGggksl/3YXBGQu+e0KWEi+:zz/H1W/ARKlSXS/pwgRimqRi
Yara None matched
VirusTotal Search for analysis
Name 71f975f89cc0bf78_RES106B.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES106B.tmp
Size 1.2KB
Processes 2288 (cvtres.exe) 1836 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 080887798f17dbdf4de424fc3ee3c9d3
SHA1 72e24da279377723eb6c5a66f8546c7da41807cb
SHA256 71f975f89cc0bf78ae9bf8c1b0c3bd7531f903f325f404be86c6c9d45b1d4bd7
CRC32 6C980936
ssdeep 24:HyJ9YernyUmHEUnhKLI+ycuZhN+2l8akS52lRPNnqjtd:HernjmPnhKL1ul+Fa35GqjH
Yara None matched
VirusTotal Search for analysis