popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 29ae7b30ed8394c5_AdvancedRun.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\AdvancedRun.exe
Size 88.9KB
Processes 2876 (join.pif)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 17fc12902f4769af3a9271eb4e2dacce
SHA1 9a4a1581cc3971579574f837e110f3bd6d529dab
SHA256 29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b
CRC32 CC276C7F
ssdeep 1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
Yara
  • ASPack_Zero - ASPack packed file
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name cf11d6b3c18d4c02_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2672 (powershell.exe)
Type data
MD5 f2f5505600e2895c007b3ff3cfe3d4aa
SHA1 f0235a3c8056872d55eeef803d1bc33bac37a753
SHA256 cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c
CRC32 9AF5ED3C
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 8b1df8a9db626d84_12-24-2021
Submit file
Filepath C:\Users\test22\AppData\Roaming\Logs\12-24-2021
Size 224.0B
Processes 2716 (None)
Type data
MD5 0a107831df80a3fb76192490063e4893
SHA1 f6c5c7de4a292aea3fe09fef065493f2d728b6e6
SHA256 8b1df8a9db626d8410eaf4b49e3e42a2892e26e50b64eecd0c3e7d1d7ab66c55
CRC32 1355C8EA
ssdeep 6:5hy99GWnQFf1dgQ3/c//9D9n0dQoPPTgIAzP7stkc8ALd:/vgQ9Pcnf0daIAzPK3bd
Yara None matched
VirusTotal Search for analysis
Name b2cc06da4ded75a0_join.pif
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\join.pif
Size 799.1KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 026c6ed9154e7cfa7329ef6d006f162a
SHA1 d4bf2328f373a4c303a93d616f819b7158e25364
SHA256 b2cc06da4ded75a02683e73536f3a0af671b55bc28c9a2627d7afdaac66b9e32
CRC32 1C025948
ssdeep 12288:fRoeUz2RKfmnC18kfWO6TBVG6zrFDIefOnT:Z4918kfaBZFDI4OnT
Yara
  • hide_executable_file - Hide executable file
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
  • UPX_Zero - UPX packed file
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis