popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f8f2f3990fbed58c_d93f411851d7c929.customDestinations-ms~RF214f0cc.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF214f0cc.TMP
Size 7.8KB
Processes 152 (powershell.exe) 2776 (powershell.exe)
Type data
MD5 28c7e2a251c1cbe81649328f074797b2
SHA1 950f2e500798ea8d1e3c233e20e35ec671a4bfc8
SHA256 f8f2f3990fbed58ce1a6eb7ba9d8f22bfa7bf678bc134421a8ecc32e1415b4d9
CRC32 316EB49E
ssdeep 96:otuCcBGCPDXBqvsqvJCwo9tuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:otCgXo9tCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name c4d23ba816ca01a2_inst.ps1
Submit file
Filepath C:\ProgramData\inst.ps1
Size 106.0B
Processes 2596 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 b65f3052b36f147901f1f92769d20bc8
SHA1 7cf996d272f0d64362500dbcb3cafb85afd22b19
SHA256 c4d23ba816ca01a2136b39b081f3d83df35a095e058d3f9a6e90e73b4db94cec
CRC32 CCF8636B
ssdeep 3:JGNR/3VKeRFYVFLK+IU9lK/4KRXGqmNkREgWAv:k/FKbVFG+IU/Krmidj
Yara None matched
VirusTotal Search for analysis
Name 00e79145c64f423f_wa.bat
Submit file
Filepath C:\ProgramData\wa.bat
Size 82.0B
Processes 2596 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 e881ef8cd16a79e2b8bf604dfe19f031
SHA1 c1aeea918c9e5626f468992fa9d419cc72008b82
SHA256 00e79145c64f423fda1031068d645d28e787ca948ebc00bde75aa127b364d4a9
CRC32 43AE76C1
ssdeep 3:3AXq5MzYAGQqPJH0cVERAIrF8aCkRE6Hg:n5IYAGQO0cbnGxA
Yara None matched
VirusTotal Search for analysis
Name cee848f125f18c62_run.vbs
Submit file
Filepath C:\ProgramData\run.vbs
Size 149.0B
Processes 2596 (powershell.exe)
Type ASCII text, with CRLF line terminators
MD5 303d0a87f4d17b5ed8bfe8f47331a7a2
SHA1 c04b2771de5701d1c5a33b857352642bf939a74c
SHA256 cee848f125f18c6208f90dd3a0900d5b58b551a1e24c901f71e8a72f7e8db63f
CRC32 9CEEB5C6
ssdeep 3:VfX9GToPqXhm88Cmv+EFV+2HpMpvbdcX4E4R1XZkREE5cNUqJan:VtGTasg8mv+EFV+CXSGBCNUqQ
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF214b8c5.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF214b8c5.TMP
Size 7.8KB
Processes 2596 (powershell.exe) 152 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 8bee65bfbcb5f72f_updata.ps1
Submit file
Filepath C:\ProgramData\updata.ps1
Size 965.7KB
Processes 2596 (powershell.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 dd42f656aa886654d80ff9381bf23018
SHA1 c604d0233072c8814094423229d4fa44b726325b
SHA256 8bee65bfbcb5f72fca701bf40e7db3259082b3f7c2c0a9e247125dcab05d1be0
CRC32 C8660DD6
ssdeep 24576:vwWsc+ccuQ7coCu+Z0nv9xEp6EsyK3u95PR3NWCFeYwotqFnB3X4J5WfmV:l
Yara None matched
VirusTotal Search for analysis