popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7df75bce605232e3_CypherDeptography.~+~
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CypherDeptography.~+~
Size 466.0KB
Type UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5 def0f1499a3051afef8afc225732f80b
SHA1 1dd940acb1c8187432d18f90c1038ed937285c00
SHA256 7df75bce605232e33472b24e446cc7aa4cc54fdff2ad4cc31d5959ceef2a1fa9
CRC32 5D305C8B
ssdeep 3072:vuH98N3m23iI8+8jlHl0k5T2POkCmoHv0ZH82X3AQr1/F:vuHuN3m2398xHl0k5T2POkCmu2X3AQ/
Yara
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • hide_executable_file - Hide executable file
  • PowerShell_Script_Include_2_Zero - PowerShell Script Include [Zero]
  • PowerShell_Script_MZ_Zero - PowerShell Script MZ [Zero]
VirusTotal Search for analysis
Name e7831599adde6404_windowsdefenderupdate.js
Submit file
Filepath C:\ProgramData\MEMEMAN\WindowsDEFENDERUPDATE.js
Size 551.0B
Processes 3012 (powershell.exe)
Type ASCII text
MD5 e59870825a9539b6a3a311cab042a7c2
SHA1 e1cd7cb3ea1948c93f9be9322a91fc11bdc3d686
SHA256 e7831599adde64042091b5db47032e3a3c3b2f7b8720156900b38f35ca2d8936
CRC32 47DBC8F7
ssdeep 12:m56aruoKkvIUxu9wPwP2U0DxiSysYLSNiFV/Tm0FV/Tm0FV/Tm0FV/Tm0FVIQQl:46FrkvIU1w+U0DcSysYLQKVXVXVXVXVi
Yara None matched
VirusTotal Search for analysis
Name 9c7aefd09d3939a0_realengineupdate.js
Submit file
Filepath C:\ProgramData\MEMEMAN\REALENGINEUPDATE.js
Size 874.0B
Processes 3012 (powershell.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 01506d066952f0d2f312c7b2f4edd1ae
SHA1 86b7f41fc7764316d3c40302143957839607ba75
SHA256 9c7aefd09d3939a04aa2e36e553881b3ffd88efe8fdda7121a80f37653606b0d
CRC32 C86F9491
ssdeep 24:MB/cdYciIN+iAUx/GNc3rKNceJF+PCxrnTURJkS85+GA:dwIQiTUWeNpJF7HQ85+h
Yara None matched
VirusTotal Search for analysis
Name a9b1dc8eaa5fcd00_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 3012 (powershell.exe)
Type data
MD5 c1d8708bab1e838a2deda26d58bb8d42
SHA1 95d39e75a804752961c139bb6c0b67f84f685035
SHA256 a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2
CRC32 E71AF2A2
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis