popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 3f6dca67fca9ea9a_sihost32.exe
Submit file
Filepath C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
Size 8.0KB
Processes 2736 (svchost32.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 683cd4c3d0949d6095b54a19ef081314
SHA1 0bcaec9aa2617c8f81efe755c3bb808e8d3c941a
SHA256 3f6dca67fca9ea9ac8327191c3b3c89b0121d8c8f2d2b335ff15c309448133e2
CRC32 61ACC233
ssdeep 192:ZIwpOIy5epFj492+j6ZwbjDtd2dleEM6WTaY:ZpOIy5U092+mZwbjD/2dleV6WTaY
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 741782ef9c8f092a_svchost32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size 1.9MB
Processes 2084 (bsdedit.exe) 2272 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 3d97c858e1f5fae2e00520c40fc1ce4c
SHA1 2e8605f20278d4e32244dfe2b98422df24fa798e
SHA256 741782ef9c8f092ad20c2f80695a7788126953d37adbeb59e8a232ad41f54586
CRC32 922B1A75
ssdeep 49152:R5xBEIFZ05qflL98ydNqpYF40BzoK3d8LQ7TY5e:/a5glH6pJmT3qiTY5
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 9d3d13c55b2614c0_590aee7bdd69b59b.customDestinations-ms~RFe4fa39.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RFe4fa39.TMP
Size 7.8KB
Processes 2492 (powershell.exe) 1192 (powershell.exe)
Type data
MD5 3eb6fb80f9dbbc1201de9e762252141b
SHA1 c6d1e6ea5f2fef6f4458695b8ed7586aed429f1c
SHA256 9d3d13c55b2614c0615acea119139123b2a29f2a0daded7edd5146e4614a78e6
CRC32 23B7285A
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCwor/tDHXyWlUVul:YtzXo9tzbHnorlTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 6cf7f6cb963024ba_590aee7bdd69b59b.customDestinations-ms~RFe570a2.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RFe570a2.TMP
Size 7.8KB
Processes 2744 (powershell.exe) 1464 (powershell.exe)
Type data
MD5 0a62afc54029a9c488a0a0cfad7876d2
SHA1 f92ada3f29aee299ac802825b533c006a9341276
SHA256 6cf7f6cb963024baf290c6240f193122c09236d91d7d10098e43e45c19333e87
CRC32 1FF19E75
ssdeep 96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworrtDHXyWlUVul:YtzXo9tzbHnorxTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis