popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 2c0305d9a5b2175b_drivers.js
Submit file
Filepath C:\ProgramData\MegamindCypher\Drivers.js
Size 1.3KB
Processes 3020 (powershell.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 03d07d87c3dcb650824486ee4838a582
SHA1 e5dabc7cb7a53b8a84282021b46eed159509bea0
SHA256 2c0305d9a5b2175b81455c6f15d608de74be729af374b94568b9d4698d8eee61
CRC32 F0D7DEC3
ssdeep 24:4D+old9VD6VSPIIkgnVhjGAHYn0G0EFrkER1DrVD0xi205VwFVJfwoxyXeu:4D+oldbD6tIkgnVhCAHY09E71D5o8BwC
Yara None matched
VirusTotal Search for analysis
Name 9d1df1a2d1b9dcd2_outlookupdate.js
Submit file
Filepath C:\ProgramData\MegamindCypher\OutlookUpdate.js
Size 1.7KB
Processes 3020 (powershell.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 6a170af7973e13d5a65e828d40648bb3
SHA1 b886be659b187e763837320f7f92a717df59c685
SHA256 9d1df1a2d1b9dcd2de2a8bbbd6cf067f75c7349aa2b2a79a08793b7379e2b85a
CRC32 83CABE7A
ssdeep 48:copr5zkyCxXEyZX0mlBoVJteuRUIt2j3O/JLHlB0ygq:5pr5z3inZXvYVJ0gf2jeBLHlBTr
Yara None matched
VirusTotal Search for analysis
Name aa6f6cfb3b3c0f0d_onedriveupdate.js
Submit file
Filepath C:\ProgramData\MegamindCypher\OneDriveUpdate.js
Size 1.3KB
Processes 3020 (powershell.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 dba979f7dedbf00c8dfb89b554ad2905
SHA1 7f5b1234c814a76fb53cd9ad51ae244fd9f8b93c
SHA256 aa6f6cfb3b3c0f0deb2f55c2dc70f0c4f99822e75de3d90162726ee243491f9d
CRC32 3F560746
ssdeep 24:nVz6zrkrw5ncaAQuJtoWXeSLtIU9XqyaGspuxGTE/mPt:VezqYcpVJtzLtIAXvaGNxe/t
Yara None matched
VirusTotal Search for analysis
Name a6cce737310010ae_CypherDeptography.~+~
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CypherDeptography.~+~
Size 1.1MB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 5a6d43759a5cc7f6c415acef68fd596f
SHA1 6cf0efe11ec9c789a6da90d69e5ee723173aaef0
SHA256 a6cce737310010aebc9efbe118448c7343b9ba30d5b57a72b644898e6997ba27
CRC32 273EAD2E
ssdeep 12288:ujx24c7RmYLQoSlhO5vLIyEDlzvOLHCKzR6VpPXncijT97:ueRm6QoSlhOXqrOLHCn4ijTd
Yara
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • hide_executable_file - Hide executable file
  • PowerShell_Script_Include_2_Zero - PowerShell Script Include [Zero]
VirusTotal Search for analysis
Name a9b1dc8eaa5fcd00_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 3020 (powershell.exe)
Type data
MD5 c1d8708bab1e838a2deda26d58bb8d42
SHA1 95d39e75a804752961c139bb6c0b67f84f685035
SHA256 a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2
CRC32 E71AF2A2
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis