popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name b9dbd46587b2dfd9_svchost32.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\svchost32.exe
Size 22.0KB
Processes 2300 (new_etc.exe) 2996 (cmd.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 1e21035d148aaf4af9ec2f1f58ab950b
SHA1 13cf07cfe267b933b6a4066d17a7e9c8de8f475d
SHA256 b9dbd46587b2dfd97128328bc5495a0677b8de891703d9c11fd1d5f8dd8e0ff4
CRC32 F73B3203
ssdeep 384:Wy5FGQ8EltJycD3brAPphGv9sKbOwpCmxZwi9K6w2Xb3r3n0jBKfy6Y:Wn8ltJycrAPDc9xbOST9fb7nMKe
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name ebe63eb6b900a1d9_590aee7bdd69b59b.customDestinations-ms~RFcaa63c.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RFcaa63c.TMP
Size 7.8KB
Processes 2424 (powershell.exe) 2096 (powershell.exe)
Type data
MD5 246cd72ca8d7158c4d842edac499179a
SHA1 a1e6ab79b2e0df1f6324f2d09117c50cb9a9e766
SHA256 ebe63eb6b900a1d9428e09bcc7060a34740247f40386cffd4df4d657f850f2b9
CRC32 7AABE7F8
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworDOctDHXyf2lUVul:UtvXoxtvbHnorCwTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name dd811235eebc317b_590aee7bdd69b59b.customDestinations-ms~RFcaa1c7.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RFcaa1c7.TMP
Size 7.8KB
Processes 2488 (powershell.exe) 2424 (powershell.exe)
Type data
MD5 53022532ed8f602580ffdaed44444fd4
SHA1 093d7dacd3e846d7a7f5ecf532f3afc63bac658c
SHA256 dd811235eebc317b385893288ddec88c0ff80fb222072397a7faa65ee1effbb8
CRC32 05FC75D1
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:UtvXoxtvbHnorxTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 1ea84a58f3eebd2d_sihost32.exe
Submit file
Filepath C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
Size 8.0KB
Processes 2372 (svchost32.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 26811a543f739804599ff9d569eb5fa8
SHA1 22a33c7c6a250c7d438715b107f54d0725f087f7
SHA256 1ea84a58f3eebd2d440f583dc14b9346b072e608b499f388158e5c508e5eeb0a
CRC32 27C8D6F2
ssdeep 96:6MnMBwaooqX4gbjXO792+j6ZlmmXXTDXxeuU3NTIoDXttPWwOH3aLlYRU:zXvj492+j6ZwmXjDBeuU3JjlWTaYC
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis