popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9d3d13c55b2614c0_590aee7bdd69b59b.customDestinations-ms~RF77d176.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF77d176.TMP
Size 7.8KB
Processes 2324 (powershell.exe) 2084 (powershell.exe)
Type data
MD5 3eb6fb80f9dbbc1201de9e762252141b
SHA1 c6d1e6ea5f2fef6f4458695b8ed7586aed429f1c
SHA256 9d3d13c55b2614c0615acea119139123b2a29f2a0daded7edd5146e4614a78e6
CRC32 23B7285A
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCwor/tDHXyWlUVul:YtzXo9tzbHnorlTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name ec4dd2845175872b_wl8prs8j.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\wl8prs8j.pdb
Size 7.5KB
Processes 2736 (csc.exe) 2324 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 d135de02080c6f235f8f65a22d882aa5
SHA1 d47b25bfc82a5c71ee0e5f09468a4824c3c8aaf5
SHA256 ec4dd2845175872b8a9302c4f28f69e39afc2ac1dd8e9084829c78e2f824fc68
CRC32 62D29F6E
ssdeep 6:zz/BamfXllNS/eem2R91mllxrS/77715KZYXfem2LldoGggksl/3YXBGQu+e0KWI:zz/H1W/ev83SXS/pw+v8mqRi
Yara None matched
VirusTotal Search for analysis
Name d08ff83c09727f4f_RES9B1C.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES9B1C.tmp
Size 1.2KB
Processes 2552 (cvtres.exe) 2736 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 85848e9a4952f81950c21f8d18ad06d9
SHA1 1bd78c81f9abcba904921abe51a72807ddcda198
SHA256 d08ff83c09727f4f5dca4c4c9fe83b7d11166f3a138e5d559e7a898e974befc9
CRC32 2FD46ACA
ssdeep 24:H9J9YernCNmHmUnhKLI+ycuZhNicOakSVcPPNnqjtd:yernWmRnhKL1ul9Oa36NqjH
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_wl8prs8j.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\wl8prs8j.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 4524249d9426f717_wl8prs8j.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\wl8prs8j.dll
Size 3.5KB
Processes 2736 (csc.exe) 2324 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 7a971710c636eb45d73e3e4b295427d1
SHA1 5c3c1ef91c61fd82ee16ea378e88d81ad6769736
SHA256 4524249d9426f7170899a04569771ba5149b2ebb7f82fe917440834b52f94ba3
CRC32 C8CC98E3
ssdeep 24:etGSDdBjEeK6D8lsckyTCMS6kbdPtkZfkjOg/2nducmI+ycuZhNicOakSVcPPNnq:6n9lD8lsNyOrNuJkz2nwv1ul9Oa36Nq
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_DLL - (no description)
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e1a4fbe36125e02e_wl8prs8j.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\wl8prs8j.0.cs
Size 424.0B
Processes 2324 (powershell.exe)
Type UTF-8 Unicode (with BOM) text
MD5 9f8ab7eb0ab21443a2fe06dab341510e
SHA1 2b88b3116a79e48bab7114e18c9b9674e8a52165
SHA256 e1a4fbe36125e02e100e729ce92ab74869423da87cb46da6e3c50d7c4410b2d9
CRC32 5C42D29C
ssdeep 6:V/DsYLDS86paevuMjFs2SRadPc8hAfWhMjFs2SRFo1cLDMeWhMjFs2SRcBuhmwOV:V/DTLDCaF+Pjh+kLWhcB4mwoFcekG
Yara
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 5bbd7b019e196765_CSC9ACD.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC9ACD.tmp
Size 652.0B
Processes 2736 (csc.exe)
Type MSVC .res
MD5 a9f372a1791f7e72edfbb17f43017b30
SHA1 44a1eb87f7eb5a0b8fb7da2326e040987d7fc53c
SHA256 5bbd7b019e196765f9afa0a91333808496be3d1ca0cb54ce753a062725b48248
CRC32 F4F1B730
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grykcOak7YnqqVcPPN5Dlq5J:+RI+ycuZhNicOakSVcPPNnqX
Yara None matched
VirusTotal Search for analysis
Name abb6ceb444b3dc29_ready.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ready.ps1
Size 2.0KB
Processes 2024 (hy76tg.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 28d9755addec05c0b24cca50dfe3a92b
SHA1 7d3156f11c7a7fb60d29809caf93101de2681aa3
SHA256 abb6ceb444b3dc29fcdcb8bda4935a6a792b85bb7049cb2710d97415d9411af9
CRC32 A120AA93
ssdeep 48:PmilK+QyruG64du5pH90ooFLKw+1Itx41P3f:XM+QybzG30HFLKVmtx+Pv
Yara None matched
VirusTotal Search for analysis
Name e82f2110d53092af_wl8prs8j.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\wl8prs8j.out
Size 609.0B
Processes 2324 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 c8f8378572c4c9223cd5c0e7af96cb7d
SHA1 b329c91e6becbfd981b9016d078d535a2c076891
SHA256 e82f2110d53092af89845028e3fb960d97dfe004531b0f7174856ac675021af1
CRC32 AD11F3E7
ssdeep 12:K4OLM9NzR37LvXOLM0nPAE2xOLMgKai31bIKIMBj6I5BFR5y:K+9Nzd3B0nIE2ngKai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name bbcbf842d3ede387_wl8prs8j.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\wl8prs8j.cmdline
Size 311.0B
Processes 2324 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 3fae613310fc0bc91aa95720fe16ed8c
SHA1 1b84bd23720693ccd179b320e5e6f31d4d5419f8
SHA256 bbcbf842d3ede387636ef3cef37b27e9dfbf94a9e97bd244e84e78030d8ae059
CRC32 D3FA9BF5
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f8mGsSAE2NmQpcLJ23f7GA:p37LvXOLM0nPAE2xOLMF
Yara None matched
VirusTotal Search for analysis
Name d3fb75a7ea8a822d_get-dnsprovider.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\get-dnsprovider.PS1
Size 2.5MB
Processes 2024 (hy76tg.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 09943fef6e44c022be35da249d514723
SHA1 bbb0cb31ab3cc5cdf80cea91dc15a6fdf127a0f9
SHA256 d3fb75a7ea8a822d7ce99ae06caaf1182860ddc321142494e45d7a071193e953
CRC32 79DDA28F
ssdeep 49152:I42Ak3RHnC0q2BoVO0+6QuaNe0D9PlpA4dXV4x:Z
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis