Dropped Files | ZeroBOX

Name	d252af32b38819ae_rppwmjzogbohxeb.iio Submit file
Filepath	c:\windows\syswow64\hppksos\rppwmjzogbohxeb.iio
Size	408.0KB
Processes	1428 (powershell.exe) 2860 (rundll32.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`d9bcfd266343d1b88761f573b033b75f`
SHA1	`c8d0ee8ae803d1cc9364ac0f8a75073242c25918`
SHA256	`d252af32b38819aea46fdead45691286079de5ca054723db63d56e3c8430307c`
CRC32	`8A30594A`
ssdeep	`6144:+14kZNuAXp3htAsH9dSKSKrVkPIMGCbkOQDb3hfm/U0DjeNqfnkEPJ:pmp3ht7H9dSK/rzz9xSUacqcEP`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	30fc7036c280fafc_sec[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\sec[1].htm
Size	10.7KB
Processes	2404 (mshta.exe)
Type	data
MD5	`3539ebc213fbebc068107d4330c91573`
SHA1	`b93eaf30ad721902555c8dbeba4d3597aac228a4`
SHA256	`30fc7036c280fafcb00242e515fafd725b696a20d1ba9e962171079364ce817b`
CRC32	`65D8D753`
ssdeep	`192:aYtCkQDaWmTYwAvHAzQl5a11owOfgdg3/ADXhPVGgzSFo/k2e68Jm3+oa:aYskYCYBvHh5arowOagoGgn/HP+D`
Yara	None matched
VirusTotal	Search for analysis

Name	043b6ec54651c475_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	1428 (powershell.exe)
Type	data
MD5	`a0fc8d4a2cf5a30130abeb6712fc7885`
SHA1	`b403b5b84863e5a3177175138c83ffb567b40e79`
SHA256	`043b6ec54651c475994d2865254b1b30862a2f3bd32593661c043fd2f48f9c7e`
CRC32	`449D5C65`
ssdeep	`96:ktuC+GCPDXBqvsqvJCwo5tuC+GCPDXBqvsEHyqvJCwor07HwxWlUVul:ktvXo5tvbHnorvxo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis