popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 245a4d689bba610a_1P0TMDITUBYIZBBUCCRY.temp
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1P0TMDITUBYIZBBUCCRY.temp
Size 7.8KB
Processes 688 (powershell.exe)
Type data
MD5 ef8d9b1c4ad9e1d380a17a1dbc5b4a90
SHA1 68bbf66b368cbc3bcdc5c090a0b8afb8f1d52c84
SHA256 245a4d689bba610a86f0b739257518f4f92744fd4b5b3a1721c14f1b1a611259
CRC32 B12F5A3F
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCwornbtDHXyWlUVul:YtzXo9tzbHnorBTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 9d3d13c55b2614c0_590aee7bdd69b59b.customDestinations-ms~RFadfd04.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RFadfd04.TMP
Size 7.8KB
Processes 2864 (powershell.exe) 3048 (powershell.exe)
Type data
MD5 3eb6fb80f9dbbc1201de9e762252141b
SHA1 c6d1e6ea5f2fef6f4458695b8ed7586aed429f1c
SHA256 9d3d13c55b2614c0615acea119139123b2a29f2a0daded7edd5146e4614a78e6
CRC32 23B7285A
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCwor/tDHXyWlUVul:YtzXo9tzbHnorlTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 65b8793cf08a302c_svchost32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size 1.9MB
Processes 1328 (133722.exe) 2488 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 93c247b98dda997790c5e851e3c8161d
SHA1 620c40094fb40010005cf1d45b40069e2451332f
SHA256 65b8793cf08a302c336d5b8dcd6764df8da8a9537217eaa1316a2fd52e739963
CRC32 2EF7B236
ssdeep 49152:Z5HdiRDACIaG+5E/K9RraXNIYQ5916wsqDAxnnSIN7:j+Aqq/K9RrkI/9UQkxnH
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 47797d537f6242b7_sihost32.exe
Submit file
Filepath C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
Size 8.0KB
Processes 2144 (svchost32.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 e0925aa44ad891c2f03e15fea1aea0b4
SHA1 d643ff794602704d0caba9836040643b38f2a49f
SHA256 47797d537f6242b75b7dcf2d75fb22890277e345dbd91f78b98d34186004e3ea
CRC32 A43D7992
ssdeep 96:bMnMBWEelcjS0UWbjXO792+j6ZlmYXTDCnHd/Lj+NTIoDfU1PWwOH32LlYR:tutOj492+j6ZwYjDCHdD6JWtWT+Y
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis