popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e875b62163b07829_590aee7bdd69b59b.customDestinations-ms~RF89c5b6.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF89c5b6.TMP
Size 7.8KB
Processes 2524 (powershell.exe) 2432 (powershell.exe)
Type data
MD5 daa1a6c605c6412faeff0f0a49642506
SHA1 35e1616b9eff90474ab76703837ab7bf43a0d73e
SHA256 e875b62163b07829d72562b57f09523eabd45c33828533f0e0d082e639564741
CRC32 0C1F7450
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworrHtDHXyGlUVul:Etu6XoJtu6bHnorrNTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 11bd2c9f9e2397c9_wr64.sys
Submit file
Filepath C:\Windows\System32\Microsoft\Libs\WR64.sys
Size 14.2KB
Processes 492 (svchost64.exe)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 0c0195c48b6b8582fa6f6373032118da
SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA256 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
CRC32 6B0323EB
ssdeep 192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 15b50cb767d9646b_sihost64.exe
Submit file
Filepath C:\Windows\System32\Microsoft\Libs\sihost64.exe
Size 7.5KB
Processes 492 (svchost64.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 53212afaa883ce4882ba2c6681dcfb8c
SHA1 1a6fba4c87741798c603cec8f0bf54039f3ada02
SHA256 15b50cb767d9646b1cb908730b69f6dc43cb11e03cb76863ba4f83630f875a0d
CRC32 4BBDFF6A
ssdeep 96:8zPLdRAF6lElMmu3SHkbjDN792+j6Zlmh8NyVcM8b0TIoDe7UWwOH32LlYR:Io4lIuCanF92+j6Zwh8nms7UWT+Y
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 053e751b8827c7f5_svchost64.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost64.exe
Size 37.5KB
Processes 2220 (XMR.exe) 3028 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 f910619851d97424c28f255f0151fc1e
SHA1 ad6655f0033028336afd04fd3c49e51316184a25
SHA256 053e751b8827c7f520c8f46a7c5f14f21dc1947e577c484a11d5be03c3f21744
CRC32 44096CA0
ssdeep 768:3bqCRsY3dDklxAeZHt3/iPAbAXDe29ZA1jc91Y3+7Z:Lqa5tTeZHt36obIe29aS91Y3Y
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • Malicious_Packer_Zero - Malicious Packer
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name f4d28cf0f12006f9_590aee7bdd69b59b.customDestinations-ms~RF8942ea.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF8942ea.TMP
Size 7.8KB
Processes 1332 (powershell.exe) 2948 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis