popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f64cfb075d0cfd2f_590aee7bdd69b59b.customDestinations-ms~RF1657297.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1657297.TMP
Size 7.8KB
Processes 2724 (powershell.exe) 1632 (powershell.exe)
Type data
MD5 5f8e150ac14d0ade870aeb692c527bc4
SHA1 73494301dc24a3f59eb9c3763e19e52f212e407d
SHA256 f64cfb075d0cfd2f0398ba0151f35bee647058461303d7726bfd2a9397e013b5
CRC32 D24A91BF
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworuwtDHXyGlUVul:Etu6XoJtu6bHnorxTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name f4d28cf0f12006f9_590aee7bdd69b59b.customDestinations-ms~RF16501cc.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF16501cc.TMP
Size 7.8KB
Processes 1332 (powershell.exe) 2824 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 24409df45885818a_sihost32.exe
Submit file
Filepath C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
Size 8.0KB
Processes 112 (svchost32.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 84d1e96c80f25a1a9256b468a9f8257f
SHA1 b310707940a721bf8aaa310c141edb0df53cdc76
SHA256 24409df45885818a92793183122b07298d66508d552d4d3be07108448e891ca1
CRC32 A5360412
ssdeep 96:xLMnMB5wOx1j/WMGE0eIbjXO792+j6ZlmMdVXTDD5KOGJ2bRTIoDSGPWwOH3aLl8:xr/Aj492+j6ZwijDkOZ54GWTaY
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 692300a92b774188_svchost32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size 1.9MB
Processes 2232 (dascHost.exe) 2356 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 bc74a0b1eeeced279cd2088b27f8ffe2
SHA1 308d89755701eb813436560393d37173c04dc646
SHA256 692300a92b7741887214d6578af1ddac7a123fb058e6af0e2cab5d6dfa096ba2
CRC32 0EB4F423
ssdeep 49152:MG7cpdV3uXSZ2EHKTxA+cI76M1PxI3jS:h7cpP3uXSk9dcITxIz
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis