popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 3d93379d1d7db9a7_sihost32.exe
Submit file
Filepath C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
Size 8.0KB
Processes 2064 (svchost32.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 b54e73a7913e842ffd00b00e99886c77
SHA1 5f2bb721c771cfb30ac420b0d3972ef57fd5050c
SHA256 3d93379d1d7db9a7046d7be9f6fd7ff98924603462a0dc397f6cf724d53dc7ad
CRC32 7584D31A
ssdeep 96:HMnMBGu8x1j/vk/tzvXbjXO792+j6Zlm9XTDMOAEie7c8NTIoD17JFWwOH3aLlYR:o/mrj492+j6Zw9jDkVr8JrLWTaY
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 96e6c1f12d825244_590aee7bdd69b59b.customDestinations-ms~RF1c101ad.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1c101ad.TMP
Size 7.8KB
Processes 2908 (powershell.exe) 2724 (powershell.exe)
Type data
MD5 1ffdda872bb7d0371dca4cdc55b857f8
SHA1 f8cf8b97e48f045bbb0ee718d51590f3a95ee0fc
SHA256 96e6c1f12d825244c87851b04b0efa0aef6ffe8ccffed5c390f03ba8265f2ea8
CRC32 42DBCE9E
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworLtDHXyGlUVul:Etu6XoJtu6bHnorRTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name c748f8a8dc09fc0c_svchost32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size 1.9MB
Processes 2648 (gscript.exe) 2140 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 70f3d27b4e4d55d5073e36ded8223d17
SHA1 044a39ebcae2c41839eebf743c14a0e0fd890fe6
SHA256 c748f8a8dc09fc0cae92c1e0ca8a3b437e863ce6cf447123c6c925f84ccf9587
CRC32 F8C006F2
ssdeep 49152:4L9nW+ji3xVec9jBimXNmY/80kpx1/jhEMPbd:Y9fj8neEBiqsY00e7
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name f4d28cf0f12006f9_590aee7bdd69b59b.customDestinations-ms~RF1c08f9a.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1c08f9a.TMP
Size 7.8KB
Processes 1536 (powershell.exe) 2976 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis