popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e3b0c44298fc1c14_ez2ncsdm.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\ez2ncsdm.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name f4d28cf0f12006f9_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 3064 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name eb58054de68bada8_RES2E34.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES2E34.tmp
Size 1.2KB
Processes 192 (cvtres.exe) 2932 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 c001de5c840ecaf0aa79ed97fef9b3f8
SHA1 d91ebc9f3996f6397d86ae17885bc22834af1db1
SHA256 eb58054de68bada8eff57a93ac2bce81739fc12534779f46347d64e8ea47caff
CRC32 460EA232
ssdeep 24:HxJ9YernSAmHVUnhKLI+ycuZhNmfakSZYPNnqjtd:mern7mSnhKL1ulmfa3ZgqjH
Yara None matched
VirusTotal Search for analysis
Name dd0326b269bfad7c_ez2ncsdm.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ez2ncsdm.out
Size 609.0B
Processes 3064 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 b5e1f9aa02a4bf209ae7529b0e747149
SHA1 247865742851fd957345f465774ec4b4a8669db4
SHA256 dd0326b269bfad7c2c312c47832f48982a73b0432325509a7ce0dabb3eea3fe9
CRC32 C5E61D54
ssdeep 12:K4OLM9NzR37LvXOLMALTnPAE2xOLMALSOKai31bIKIMBj6I5BFR5y:K+9Nzd3BEnIE2nQKai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name e1a4fbe36125e02e_ez2ncsdm.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ez2ncsdm.0.cs
Size 424.0B
Processes 3064 (powershell.exe)
Type UTF-8 Unicode (with BOM) text
MD5 9f8ab7eb0ab21443a2fe06dab341510e
SHA1 2b88b3116a79e48bab7114e18c9b9674e8a52165
SHA256 e1a4fbe36125e02e100e729ce92ab74869423da87cb46da6e3c50d7c4410b2d9
CRC32 5C42D29C
ssdeep 6:V/DsYLDS86paevuMjFs2SRadPc8hAfWhMjFs2SRFo1cLDMeWhMjFs2SRcBuhmwOV:V/DTLDCaF+Pjh+kLWhcB4mwoFcekG
Yara
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 37fafff84060e605_ez2ncsdm.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ez2ncsdm.pdb
Size 7.5KB
Processes 2932 (csc.exe) 3064 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 70471ba474edb8a15bbf7f7b5f3a7915
SHA1 26cacdb15c498ea22c800dc6eab5cf1a9b748acc
SHA256 37fafff84060e605b24a1487839ffe63184d954b7990dd13f97b91fd89e5946e
CRC32 7FB125E2
ssdeep 6:zz/BamfXllNS/ttq2b1mllxrS/77715KZYXEtq2mioGggksl/3YXBGQu+e0KWEi+:zz/H1W/jfSXS/pwDVmqRi
Yara None matched
VirusTotal Search for analysis
Name 309e54f996978908_ez2ncsdm.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ez2ncsdm.dll
Size 3.5KB
Processes 2932 (csc.exe) 3064 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 49c862887e090af3b8d3d8b74a2bf38c
SHA1 a6c821f43d1e6b54958ac6a4e0253c39d716aeb7
SHA256 309e54f996978908d0c4d69cf4856ae13ea5ad8a5ce0d0bb07dd26ca49ac48c7
CRC32 D6E7613A
ssdeep 24:etGSmdBjEeK6D8lsckyTCMz66kbdPtkZfcjOymRk2JsmI+ycuZhNmfakSZYPNnq:6W9lD8lsNyO/NuJcvl2Jf1ulmfa3Zgq
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
  • IsDLL - (no description)
VirusTotal Search for analysis
Name 4c5e69c81e8a69d8_CSC2DD5.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC2DD5.tmp
Size 652.0B
Processes 2932 (csc.exe)
Type MSVC .res
MD5 66862f1bc55576d4dcaa9bc2e9eb58f4
SHA1 451f55b0193673e841381d4708c1af5444b09bbe
SHA256 4c5e69c81e8a69d85b1c36df148a7bd01f85ea978148104a278d35fdd7804393
CRC32 EE1CA414
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryofak7YnqqZYPN5Dlq5J:+RI+ycuZhNmfakSZYPNnqX
Yara None matched
VirusTotal Search for analysis
Name af452873200eda59_get-dnsprovider.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\get-dnsprovider.PS1
Size 2.5MB
Processes 3024 (5t6yujh.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 a9176019ae2f0af22af200ca4f842b59
SHA1 22c13657a4210aca116ab63d2f806906dda954fd
SHA256 af452873200eda5950c1dedbfed833da08b697cea98402cd16478df89d770739
CRC32 172EB964
ssdeep 49152:ZjVEH3pDCIMezXZJ/vy+5JuRYscNYG8be8:P
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name 314586e3e93ef171_ez2ncsdm.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ez2ncsdm.cmdline
Size 311.0B
Processes 3064 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 c71b3c5f47ee07d50ac1a803a1c12fd1
SHA1 73a4177db10db22bd6ab32b2e39b59c7a4b6b8c2
SHA256 314586e3e93ef171531939968c658bd14e3fbe2777cbcb990075264d64d0d50c
CRC32 200ACC07
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fILWnQmGsSAE2NmQpcLJ23fILSH:p37LvXOLMALTnPAE2xOLMALSH
Yara None matched
VirusTotal Search for analysis
Name abb6ceb444b3dc29_ready.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ready.ps1
Size 2.0KB
Processes 3024 (5t6yujh.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 28d9755addec05c0b24cca50dfe3a92b
SHA1 7d3156f11c7a7fb60d29809caf93101de2681aa3
SHA256 abb6ceb444b3dc29fcdcb8bda4935a6a792b85bb7049cb2710d97415d9411af9
CRC32 A120AA93
ssdeep 48:PmilK+QyruG64du5pH90ooFLKw+1Itx41P3f:XM+QybzG30HFLKVmtx+Pv
Yara None matched
VirusTotal Search for analysis