popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 8a4e2aaee06fc294_{e9bfeafc-78cf-11ec-98e1-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9BFEAFC-78CF-11EC-98E1-94DE278C3274}.dat
Size 4.0KB
Processes 2336 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 842d6500c7d5f1a8d481a9f7aa322b7d
SHA1 0eaa8a82b1758a3d94a45b599a444adc0e89e0a1
SHA256 8a4e2aaee06fc294b18ce5925c30aca1183c70e9661304d1b71b93eb6ea7455f
CRC32 4D4675DA
ssdeep 12:rl0YmGF1YrEgmfR7KF1WrEgmfh7qgONlTVbax5Um/Q1n6Nlj9baxChKtHaK+w2:rMGMWGnONlpYURQNlxDclh+
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name b419fc59e82328b7_mwvuijgsfryxorv.pgq
Submit file
Filepath c:\windows\syswow64\uswzujvhdnzp\mwvuijgsfryxorv.pgq
Size 398.0KB
Processes 2648 (powershell.exe) 2292 (rundll32.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 70c86b503b2377e4b54c762155e1a22b
SHA1 9eb31c90a176407a80763be066aa385324bb570f
SHA256 b419fc59e82328b7c1190ea3c733b363eb697b8ca97c7c8a2e1e58a7a3354765
CRC32 6BD7C1B5
ssdeep 12288:Wc0FOSH8VShLdRoe8CAaXb+bLboWSEP8:WcShxP8CnK3oW
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 893.0B
Processes 2648 (powershell.exe)
Type data
MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32 1C31685D
ssdeep 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
Yara None matched
VirusTotal Search for analysis
Name dd811235eebc317b_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2648 (powershell.exe)
Type data
MD5 53022532ed8f602580ffdaed44444fd4
SHA1 093d7dacd3e846d7a7f5ecf532f3afc63bac658c
SHA256 dd811235eebc317b385893288ddec88c0ff80fb222072397a7faa65ee1effbb8
CRC32 05FC75D1
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:UtvXoxtvbHnorxTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 85cdd35d6a609179_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 252.0B
Processes 2648 (powershell.exe)
Type data
MD5 39d2f36cb2bff1141fb0f424004d13f6
SHA1 5fca85f5e0ed04ac6d79a1105d501061e50d0613
SHA256 85cdd35d6a6091797efe85850e95275b42e753b5d1d1b045f56970d38a35c2e5
CRC32 06FF9027
ssdeep 3:kkFklKfllXlE/0PhxldllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB1yDHLlyTjA:kKbhj5liBAIdQZV7QMTan1
Yara None matched
VirusTotal Search for analysis
Name a3cbc3f6fd0fabda_recoverystore.{e9bfeafb-78cf-11ec-98e1-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E9BFEAFB-78CF-11EC-98E1-94DE278C3274}.dat
Size 4.5KB
Processes 2336 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 510d84c2ad5b467ad8cb5990e2d424a4
SHA1 5ef6dfe34077af243417d0a09afa1ce1160acc0a
SHA256 a3cbc3f6fd0fabdaa480b41a3ab9c20923f447040dc52a11253b27e2ea9333f7
CRC32 BEA12AA0
ssdeep 12:rlfF2mrEg5+IaCrI0F7+F22OrEg5+IaCrI0F7ugQNlTqbaxfyNlTqbaxf:rqm5/12O5/3QNlWKyNlWK
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis