popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 49b341fe6b57e99f_tmpD35.tmp.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpD35.tmp.bat
Size 144.0B
Processes 1984 (1.exe) 2608 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 fcfb93fedf93abed06f6b133d54eabc4
SHA1 fb21848a51aa77d34ceeb9df34a9a033ac3b3f19
SHA256 49b341fe6b57e99f9e0081387a1ee049460eb33cc40c209c2df112b9516d54d5
CRC32 0B5F2DA6
ssdeep 3:mKDDCMNqTtvL5mZkRE3pwl5OXLvmqRDmWxpcL4E2J5xAInTRILCV5ZPy:hWKqTtTPJ6Lvmq1mQpcLJ23fTNk
Yara None matched
VirusTotal Search for analysis
Name 69caf1ef8dfd03c4_lujxwgzijo.exe
Submit file
Filepath C:\ProgramData\41456\LUJXWGZIJO.exe
Size 880.0KB
Processes 1984 (1.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 90932373f89d77524ca0f118695a73e0
SHA1 56daf54fd858ce34d1743fda90b9255bbbad14da
SHA256 69caf1ef8dfd03c4c814e67f3cb74b0aecd91cfcfcccf0b388ab3d30a052556e
CRC32 D50474B8
ssdeep 12288:YcVpG8GaPNNc6zG9kXVYP6Pk9bXJ/ImHHH4VUBi3CMuFTH:YUpN/c6zG9klYP6UtI4n4S
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
VirusTotal Search for analysis
Name f29a6db642d6939c_590aee7bdd69b59b.customDestinations-ms~RF1dec639.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1dec639.TMP
Size 7.8KB
Processes 2984 (powershell.exe) 3020 (powershell.exe)
Type data
MD5 10e0ec57f28eb6bae4d135e8dbcfd907
SHA1 d0bcd7270391a486e2478a2f66f7bf63a7acdd05
SHA256 f29a6db642d6939cf840a88e4521a7c8a5e3f270ab069b9ccc37aa5240876a4e
CRC32 CAA2C802
ssdeep 96:ctuCeGCPDXBqvsqvJCwoZtuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:ctvXoZtvbHnorxTyQ
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name edaa506c5be15fc3_screen.jpg
Submit file
Filepath C:\ProgramData\screen.jpg
Size 44.0KB
Processes 2756 (LUJXWGZIJO.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 367821823c5b9a789163705979047046
SHA1 854f94bbbc31d23ef47098fa11242c91ec7890b8
SHA256 edaa506c5be15fc30cc20249087b2af728f89e93b60c18857d7bfae8069373d6
CRC32 85A1152E
ssdeep 768:0EqNYylDfgcdEJRduAUmMEn1a2hgl34fKyMSryoHXVMuNuFZqDwd0s:0EIYyl0cdEJXh1MEn1a2hi34fSxBIE
Yara None matched
VirusTotal Search for analysis
Name 2cf1fe628a2e22fb_590aee7bdd69b59b.customDestinations-ms~RF1de584c.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1de584c.TMP
Size 7.8KB
Processes 2496 (powershell.exe) 2544 (powershell.exe)
Type data
MD5 748d5ed8d24bc4207e763bae56c82514
SHA1 4b85c4bf5338e0974a901729700729e276b1db2d
SHA256 2cf1fe628a2e22fb490317408e380a4d2ec2fd354b62385a4da69b1769149a85
CRC32 F88CFCD9
ssdeep 96:EtuCeGCPDXBqvsqvJCwoBtuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:EtvXoBtvbHnorxTyQ
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis