popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 2a518e8a6d0aea01_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 252.0B
Processes 2872 (powershell.exe)
Type data
MD5 f8e2ddfe2585ab51081d45f8a3b9dc63
SHA1 ed0b8f3ef89d6ca59ee40d1b8b6e90f278da8a1f
SHA256 2a518e8a6d0aea0160a2d1239f923238311312eaed11485305187c9bd5ab34e3
CRC32 5026BA7C
ssdeep 3:kkFkl5kN/XfllXlE/0PhxldllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB1yDHLD:kK9Nzhj5liBAIdQZV7QMTan1
Yara None matched
VirusTotal Search for analysis
Name 8ab2fb8973eefb6b_fqxbg4nx.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\fqxbg4nx.0.cs
Size 1.5KB
Processes 2872 (powershell.exe)
Type UTF-8 Unicode (with BOM) text
MD5 30b6e10e73cb2cdde4a456c7cbfd83b9
SHA1 245aa5961827d241828fbcca45c2bbcdf1026eaa
SHA256 8ab2fb8973eefb6b0484c7090f055235b8df97792ff5f6d3ba6d0acbfd5d9583
CRC32 1630BCD0
ssdeep 24:JVpsIkIVh0arF9yNhF69KvnVPzMkVNFYVpE7o4oy6T3xpeNBSBEVv6T3npeNBSB4:JVpscVma289KvnVrMkVIVspoy6Vp7BMR
Yara None matched
VirusTotal Search for analysis
Name a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 893.0B
Processes 2872 (powershell.exe)
Type data
MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32 1C31685D
ssdeep 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
Yara None matched
VirusTotal Search for analysis
Name 9fcf2e602497293c_fqxbg4nx.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\fqxbg4nx.cmdline
Size 311.0B
Processes 2872 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 6d13b1a804c888e1b41bc7a29c617b0e
SHA1 48761274773d98f070ce40282743be1d1345bca1
SHA256 9fcf2e602497293c22f90d37e5877c1475770e567bbaabc1f1ac5362ba8f2e7d
CRC32 6442E764
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f1qmGsSAE2NmQpcLJ23f1h9:p37LvXOLMdqnPAE2xOLMdP
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_fqxbg4nx.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\fqxbg4nx.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name cf11d6b3c18d4c02_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2872 (powershell.exe)
Type data
MD5 f2f5505600e2895c007b3ff3cfe3d4aa
SHA1 f0235a3c8056872d55eeef803d1bc33bac37a753
SHA256 cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c
CRC32 9AF5ED3C
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name b564b25031bdcd8d_CSCEBB7.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCEBB7.tmp
Size 652.0B
Processes 3012 (csc.exe)
Type MSVC .res
MD5 c581f59e611a3a3110952153c3b0fb2b
SHA1 993248010839b86d71c3b2e0c369c453dac4350c
SHA256 b564b25031bdcd8df03df0a9d9b71bb4c34ea62d865ddcc91a8b41803579cd44
CRC32 45D7CCC9
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryoFoWak7YnqqzFoHPN5Dlq5J:+RI+ycuZhNCF9akSzFSPNnqX
Yara None matched
VirusTotal Search for analysis
Name bfe954c7d5b3ebfb_RESEBE7.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESEBE7.tmp
Size 1.2KB
Processes 2068 (cvtres.exe) 3012 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 35ba701706a93b009c67d4d11e7e6aaa
SHA1 15fca23128cf3e7169795161ac1bf095a86912ca
SHA256 bfe954c7d5b3ebfb4964ccc872fdbe597a146cf4cf748b897b838399c5fae3ff
CRC32 8E2A5C13
ssdeep 24:H+gJ9YernlqgumH6UnhKLI+ycuZhNCF9akSzFSPNnqjtd:exernymlnhKL1ule9a3p+qjH
Yara None matched
VirusTotal Search for analysis
Name dfb66f0355c031bb_fqxbg4nx.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\fqxbg4nx.out
Size 607.0B
Processes 2872 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 f47b24024cbaedd4e5c206dc4bd1acef
SHA1 e3b3feea05c128232b4b54c0f7a43938e2f6b589
SHA256 dfb66f0355c031bb8c9132354cf43698f09bb7f602056d763d60a69911644fa5
CRC32 04476ABD
ssdeep 12:K4OLM9nzR37LvXOLMdqnPAE2xOLMd2Kai31bIKIMBj6I5BFR5y:K+9nzd3BdqnIE2nd2Kai31bIKIMl6I5G
Yara None matched
VirusTotal Search for analysis
Name 7d1873bca08169be_fqxbg4nx.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\fqxbg4nx.pdb
Size 11.5KB
Processes 3012 (csc.exe) 2872 (powershell.exe)
Type MSVC program database ver 7.00, 512*23 bytes
MD5 4aa1624eca05d9994ea0404cdc2e1119
SHA1 aea78b312da7ef7b17a5e0bd36af58025e5809c2
SHA256 7d1873bca08169bee8ac5b3c705b185c1ae5a11d7a51862eaab9f7a203d44d42
CRC32 29C24B9B
ssdeep 48:zN/b/tANoi6YkfIoVNmMjIItuqU9QpVdqMjQeX3enQBrju:zNjVABEIINlt+9Q7dzQCuQ
Yara None matched
VirusTotal Search for analysis
Name a7deb10d899671fc_fqxbg4nx.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\fqxbg4nx.dll
Size 5.0KB
Processes 3012 (csc.exe) 2872 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d8d0fdebfc6b40552479f1bf46914f6c
SHA1 669206a1f030899a910f64d6467789434802b714
SHA256 a7deb10d899671fc1699e9c8f942674d8d9dc91f2072fb39df23400013476aef
CRC32 B6AD7867
ssdeep 48:6y9gHi64WTDKZ84Ql4/F2lfU/dB1VSMluJDJdwOaZYFeZYcsJNPZ1ule9a3p+q:eHi7y4Ql4/rVBfA0YF4YcsJAuK
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
  • IsDLL - (no description)
VirusTotal Search for analysis