popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 82079c3896cb417e_d93f411851d7c929.customDestinations-ms~RF1522e95.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1522e95.TMP
Size 7.8KB
Processes 2176 (powershell.exe) 2736 (powershell.exe)
Type data
MD5 14c2e51ab903d46e0db39eecd5403910
SHA1 318b8af09478fb55e5570334742478ddc47feefc
SHA256 82079c3896cb417ed9cb0c74ebf3cd407e5fd5c028878a951c865ef8d7c0c192
CRC32 3C45D44A
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworw7HwxalUVul:YtzXo9tzbHnorbx8
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name cfc6e2dc21188af5_590aee7bdd69b59b.customDestinations-ms~RF1535756.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1535756.TMP
Size 7.8KB
Processes 2408 (powershell.exe) 1948 (powershell.exe)
Type data
MD5 4cda1860d3184d4bd10fc908fc201590
SHA1 2c0715e3758ed2bd42ba0ef897708dcac1548c31
SHA256 cfc6e2dc21188af50e7b1018daccd205f87a730a40bcd777b36ad19ea505930d
CRC32 8AFEB793
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCwor3tDHXyalUVul:YtzXo9tzbHnordTy8
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 3efa5ffb038a7803_svchost32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size 1.9MB
Processes 2168 (FcIso.exe) 2912 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 e0669280724a32635415631c7b0d9be1
SHA1 9c7f6e2920436d90e02530766ca67ba01dc03f03
SHA256 3efa5ffb038a7803c43a8d5e97065b5d206b45e284ce975f6afe49081f7f7fa0
CRC32 173DDEF7
ssdeep 49152:XUj1TPXGiCi5KAQhxtsSI/y15t9OkThR4PR7TdXvZc:XUj1TPXAHAQFI/yd/CP5dx
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name b63b5c05d88c6c22_590aee7bdd69b59b.customDestinations-ms~RF152c9eb.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF152c9eb.TMP
Size 7.8KB
Processes 1972 (powershell.exe) 656 (powershell.exe)
Type data
MD5 05099a782d36abb5820edd21f1b6b20e
SHA1 389d55507c05a2f55fa39c327aa2a46db250eebf
SHA256 b63b5c05d88c6c224014c9fdb7f5bde7050f92925e4074136144e1350d7ca340
CRC32 32050A81
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworztDHXyalUVul:YtzXo9tzbHnorZTy8
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 5fc774eb09cfff0c_fciso.exe
Submit file
Filepath C:\Windows\FcIso.exe
Size 1.9MB
Processes 2232 (2.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 5a6afd0dfa8b9403f6dd0d6a6d681b1c
SHA1 fee4a9eb6a2ecdd250228a100804d1811684906d
SHA256 5fc774eb09cfff0cb627005e0c1a07d610a64d187269967f53ee5d8ccad64420
CRC32 6FB03EB9
ssdeep 49152:WY2L/DdFm+nua43yNhfGaryduSYXej3J/xnsF:ULbdFm+nuagwTryA0DJ6
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis