popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 21bb0d0bf554b1f4_2ytid-uw.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\2ytid-uw.out
Size 609.0B
Processes 508 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 17874783e245565fc44de142efe45448
SHA1 f077c9c4e149b2c3ac6206c58e1db56d45365c07
SHA256 21bb0d0bf554b1f4ffc76088d61aefdf8ec696b36527d7d14384de1cb8352784
CRC32 B9C71F5B
ssdeep 12:K4OLM9NzR37LvXOLMCQnPAE2xOLMguKai31bIKIMBj6I5BFR5y:K+9Nzd3B/nIE2nguKai31bIKIMl6I5Da
Yara None matched
VirusTotal Search for analysis
Name 1df39dea3cc3076a_2ytid-uw.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\2ytid-uw.cmdline
Size 311.0B
Processes 508 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 b5906691055fa830097ef40e5a9b7c8f
SHA1 eba21668b0156d370db708aa36552e3ad6be209f
SHA256 1df39dea3cc3076a14291d28350d7fc63793c90298a8d0b5d20eed8f0006e8c1
CRC32 1C563C31
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fKQmGsSAE2NmQpcLJ23f4n:p37LvXOLMCQnPAE2xOLMgn
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_2ytid-uw.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\2ytid-uw.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 8075e676d039b579_get-dnsprovider.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\get-dnsprovider.PS1
Size 2.5MB
Processes 2480 (clr.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 9d21abc1a799ae0ea31258d563532295
SHA1 a9cde90ba328e30a3eb7a5c410b304a4ae09cdba
SHA256 8075e676d039b5791405f3ab00787a16199920dfe025ff04359b953565bf6f2f
CRC32 B6EF9378
ssdeep 24576:Wpjn3VViCCmudaX9C4Q0j1//npzQZGROEq0OExgVoPuCR+HIGCufoUaNrzBB1jll:Unnjn/LDUoNVBZhgLRmYCNZ+be
Yara
  • anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal Search for analysis
Name 1f945e3e42e38124_2ytid-uw.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\2ytid-uw.dll
Size 3.5KB
Processes 1664 (csc.exe) 508 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a223dea5ded88b79a810b603249971e6
SHA1 804b4c7456da2b21b01d904410fe753088603f30
SHA256 1f945e3e42e381244194ef17bffee8428ec4e391222b6557fb68e8090de1ed62
CRC32 B555F634
ssdeep 48:6/+9lD8lsNyOkNuJPvo2nwM1uluua3Jtq:b8qgp2n8wuKJ
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_DLL - (no description)
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 72b9ea804a97dc65_CSC9B98.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC9B98.tmp
Size 652.0B
Processes 1664 (csc.exe)
Type MSVC .res
MD5 bba8a6a8634dc3e368dc20251cb6df3d
SHA1 9b09eebd8e64c1228616bb0979c624095ac8a918
SHA256 72b9ea804a97dc6544e933b47fe03a9ea0889c56037fa93f951661fe9aae32fa
CRC32 A2B077FA
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryAvGak7YnqqJvXPN5Dlq5J:+RI+ycuZhNuvGakSJvXPNnqX
Yara None matched
VirusTotal Search for analysis
Name 9d3d13c55b2614c0_590aee7bdd69b59b.customDestinations-ms~RF1538cfc.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1538cfc.TMP
Size 7.8KB
Processes 508 (powershell.exe) 624 (powershell.exe)
Type data
MD5 3eb6fb80f9dbbc1201de9e762252141b
SHA1 c6d1e6ea5f2fef6f4458695b8ed7586aed429f1c
SHA256 9d3d13c55b2614c0615acea119139123b2a29f2a0daded7edd5146e4614a78e6
CRC32 23B7285A
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCwor/tDHXyWlUVul:YtzXo9tzbHnorlTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 0d8ea6991510bacb_RES9BE7.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES9BE7.tmp
Size 1.2KB
Processes 2296 (cvtres.exe) 1664 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 49edfac99e506b6a2c7115f4b38bc19d
SHA1 f1ad422b813026fca19c96317c47a8700107be72
SHA256 0d8ea6991510bacbee47caf3988c94a88ba38d5c69b9bd920cd5e3904ca0f0aa
CRC32 14CC2548
ssdeep 24:HbgJ9YernXhmH+UnhKLI+ycuZhNuvGakSJvXPNnqjtd:7xernxm5nhKL1uluua3JtqjH
Yara None matched
VirusTotal Search for analysis
Name e1a4fbe36125e02e_2ytid-uw.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\2ytid-uw.0.cs
Size 424.0B
Processes 508 (powershell.exe)
Type UTF-8 Unicode (with BOM) text
MD5 9f8ab7eb0ab21443a2fe06dab341510e
SHA1 2b88b3116a79e48bab7114e18c9b9674e8a52165
SHA256 e1a4fbe36125e02e100e729ce92ab74869423da87cb46da6e3c50d7c4410b2d9
CRC32 5C42D29C
ssdeep 6:V/DsYLDS86paevuMjFs2SRadPc8hAfWhMjFs2SRFo1cLDMeWhMjFs2SRcBuhmwOV:V/DTLDCaF+Pjh+kLWhcB4mwoFcekG
Yara
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name abb6ceb444b3dc29_ready.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ready.ps1
Size 2.0KB
Processes 2480 (clr.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 28d9755addec05c0b24cca50dfe3a92b
SHA1 7d3156f11c7a7fb60d29809caf93101de2681aa3
SHA256 abb6ceb444b3dc29fcdcb8bda4935a6a792b85bb7049cb2710d97415d9411af9
CRC32 A120AA93
ssdeep 48:PmilK+QyruG64du5pH90ooFLKw+1Itx41P3f:XM+QybzG30HFLKVmtx+Pv
Yara None matched
VirusTotal Search for analysis
Name 6a374c36aa08e680_2ytid-uw.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\2ytid-uw.pdb
Size 7.5KB
Processes 1664 (csc.exe) 508 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 848aadd96b22c68365b914610f295c37
SHA1 87aece3fe535a9d4c7c9c1e71e5a474b3aec7227
SHA256 6a374c36aa08e6801fbe293945fb397ad7b52d1ea5556c6e3c8980b50162e9a9
CRC32 81C867CF
ssdeep 6:zz/BamfXllNS/hOm2R91mllxrS/77715KZYXcOm2LldoGggksl/3YXBGQu+e0KWI:zz/H1W/p83SXS/pwJ8mqRi
Yara None matched
VirusTotal Search for analysis