popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f4d28cf0f12006f9_590aee7bdd69b59b.customDestinations-ms~RF400141.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF400141.TMP
Size 7.8KB
Processes 2084 (powershell.exe) 2128 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 2ef50d49373a06b2_590aee7bdd69b59b.customDestinations-ms~RF404acd.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF404acd.TMP
Size 7.8KB
Processes 2128 (powershell.exe) 1160 (powershell.exe)
Type data
MD5 8881af13b29a119b2bcf049b61f3f97d
SHA1 d34efd43830b2ea5619a484c6553d0a9c9e2a368
SHA256 2ef50d49373a06b2a8b4607365edb107ebff30e12f5ea234b52823e62d2aee25
CRC32 59A2FF41
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworHtDHXyGlUVul:Etu6XoJtu6bHnorNTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 008cc1eb079d2185_sihost32.exe
Submit file
Filepath C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
Size 7.5KB
Processes 1040 (svchost32.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 a0993ca15ac1c48b318e3e25d94aeda4
SHA1 2c478877b83f85e06320dd2cf9839a45b7295550
SHA256 008cc1eb079d2185a1865ddc6aa58eccd71d81eba8da9a55a66fd5e925f111cc
CRC32 01FD42B7
ssdeep 192:woGGq6F6Rej492+j6ZwLjDiszQE/QWTaY:woH3We092+mZwLjDiVqQWTaY
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name fe734a8210315822_svchost32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size 1.9MB
Processes 1896 (sss.exe) 2100 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 25ca67a1ea3cbf9f272101e1d82f82ef
SHA1 bd37ad492e31469a1797e4b88c89caba4c828a26
SHA256 fe734a821031582223260be9697cc7bc2e109fec4ec4b3db29623f6fc11d915d
CRC32 90AE3A8A
ssdeep 49152:1fGuU57u9PlJHWW6DJCHYUBDeR5sMS2NDvBSTWvjy7eDtiYj:1A5cPX+D8YcDebpZSTWvjEeL
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis