popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f7337b542a1a4e55_office.vbs
Submit file
Filepath C:\ProgramData\WindowsHost\office.vbs
Size 417.0B
Processes 2996 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 e29109fea7a9a3134a5e5e45f7e49e60
SHA1 e70356c4fce4ca0dec13d447228ef6b27fc7755c
SHA256 f7337b542a1a4e552f0be9e0c9c6f8995ba6f8fc6f9152f7cbe2a6280647471f
CRC32 ACB34BC2
ssdeep 12:g8LBiHwyQdZsHJsHs7mJ7sc8b+scOy8sHFt0og7:g8LBiHnQd0iHxocUTcO0H5g7
Yara None matched
VirusTotal Search for analysis
Name ae60268e3dae5ed2_office.ps1
Submit file
Filepath C:\Users\Public\office.ps1
Size 172.6KB
Processes 2996 (powershell.exe)
Type C source, ASCII text, with very long lines, with CRLF line terminators
MD5 40113b90033a17620cfab836e01c208e
SHA1 8b752278316f5af828ddf23f62d4b6d6c0591e6e
SHA256 ae60268e3dae5ed2ecb06c47642bb33cd4f79d0b980476f1a7c931e2a4ba32ca
CRC32 306EB838
ssdeep 1536:DYrP7b2WPgkSqZkjEHcFJXiKTClpXcclUXdCXxEbr7IlWMQvVhB8LCZsHXGwrAfO:D30
Yara None matched
VirusTotal Search for analysis
Name 1586316260b3a1fa_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2380 (powershell.exe)
Type data
MD5 4b944644119018fcdd5eb9f511ff9fd0
SHA1 7cdc6b9e8758df06a8fabd2ebcfcf18e1737d92a
SHA256 1586316260b3a1fac1b13feb4d8030f3ec1c550a11ab02962a50a50d3c7467d2
CRC32 A1974728
ssdeep 96:ktuC6GCPDXBqvsqvJCwoBtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:ktbXoBtbbHnor/xo
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name f8405793221def9d_office.bat
Submit file
Filepath C:\Users\Public\office.bat
Size 89.0B
Processes 2996 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 ab29aca931444eed0a72e526503bd05e
SHA1 869866d90f8739e23e0e7666edadd5beaf0401af
SHA256 f8405793221def9d7396f779415b202dfaba8c4dfdfb3485fc1b00a2e562bf1e
CRC32 BD13AEDA
ssdeep 3:3AXq5MzYAGQqPJH0cVERAIrFjFCIAuaHF5KPAv:n5IYAGQO0cbY4IAuaHnv
Yara None matched
VirusTotal Search for analysis
Name a9b1dc8eaa5fcd00_d93f411851d7c929.customDestinations-ms~RF819a0a.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF819a0a.TMP
Size 7.8KB
Processes 2996 (powershell.exe) 2380 (powershell.exe)
Type data
MD5 c1d8708bab1e838a2deda26d58bb8d42
SHA1 95d39e75a804752961c139bb6c0b67f84f685035
SHA256 a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2
CRC32 E71AF2A2
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis