popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 40854e0212263078_590aee7bdd69b59b.customDestinations-ms~RF898785.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF898785.TMP
Size 7.8KB
Processes 2776 (powershell.exe) 1556 (powershell.exe)
Type data
MD5 59f4a7c3991138a0a33438d95dacdef5
SHA1 4b82b181f96fdac7a2adcf351d4544e37caae51f
SHA256 40854e0212263078891170aa7ec1538c42059b3844c01f87b75b571213f896cf
CRC32 0E442A59
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworGQtDHXyGlUVul:Etu6XoJtu6bHnorGETyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 2f2ecf3e426953a4_svchost32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size 23.0KB
Processes 2216 (ETC.exe) 2532 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 6dcd941f59dc8221eeaf73e49f02dbac
SHA1 ede85eab7629c7840679b2fad655e52e238d5f2c
SHA256 2f2ecf3e426953a4a9450cc9e23178d6b2738218488bbd7bb5948759910ed3af
CRC32 72A6DC28
ssdeep 384:Mzs/ExSgoJrIfRPnPx99xFMyetfh39QgP7eTs5zck0Zwi9K6w2HwwCUeHjJ2RtC:s5NRPbjFMyeNl7eTaQ99fo12w
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • Malicious_Packer_Zero - Malicious Packer
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 598ff9b7e754fa05_sihost32.exe
Submit file
Filepath C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
Size 8.0KB
Processes 604 (svchost32.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 8984ea5b9eb57ab907c9e7a756b6c522
SHA1 977a2008c4d86213a40dd00b660f36d80817819b
SHA256 598ff9b7e754fa05d43e877e41c71ec2af867d7ac01a5013f6d8a0e54d185135
CRC32 98A3BF4E
ssdeep 96:MMnMBpqFlWUwleKMIo0bjXO792+j6ZlmYSXTDabXpr5EDNTIoD/0ZWwOH32LlYR:dFEUQZj492+j6ZwYSjDabp+J50ZWT+Y
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name f4d28cf0f12006f9_590aee7bdd69b59b.customDestinations-ms~RF894674.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF894674.TMP
Size 7.8KB
Processes 1456 (powershell.exe) 2776 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis