popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a9b1dc8eaa5fcd00_d93f411851d7c929.customDestinations-ms~RF1caf9fc.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1caf9fc.TMP
Size 7.8KB
Processes 3012 (powershell.exe) 2376 (powershell.exe)
Type data
MD5 c1d8708bab1e838a2deda26d58bb8d42
SHA1 95d39e75a804752961c139bb6c0b67f84f685035
SHA256 a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2
CRC32 E71AF2A2
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name b9a2f42db1ee5b94_1vjj9yqf.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1vjj9yqf.out
Size 607.0B
Processes 3012 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 2a67cb785433c59629dc39f7293ed8b7
SHA1 f5a58704550a161ad4fa95f6d75479ff6715dc57
SHA256 b9a2f42db1ee5b94172262b86cb15a07f0c7bccb4e1afaa6494029e9bab28dcd
CRC32 9DA2B97B
ssdeep 12:K4OLM9nzR37LvXOLMoP6enPAE2xOLMoPlKai31bIKIMBj6I5BFR5y:K+9nzd3BoXnIE2notKai31bIKIMl6I5G
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_1vjj9yqf.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\1vjj9yqf.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 0cf77f1d5dbbc288_CSC2F58.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC2F58.tmp
Size 652.0B
Processes 2188 (csc.exe)
Type MSVC .res
MD5 4c91d92eee4040139dfafd9979369f31
SHA1 3921f38d9b9288b6a05a42632112ae19454dc7c1
SHA256 0cf77f1d5dbbc2884649b59ee7107a92846d8a48cd4b59ef52754195769cefb7
CRC32 3F0F54FC
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry5kak7YnqqapPN5Dlq5J:+RI+ycuZhNDkakSapPNnqX
Yara None matched
VirusTotal Search for analysis
Name e6e5307573739557_1vjj9yqf.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1vjj9yqf.pdb
Size 7.5KB
Processes 2188 (csc.exe) 3012 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 4f24e4ac07123b44cec2911465980cae
SHA1 849e8f374303c2be73327f054d9d7c0b38ebc0fc
SHA256 e6e5307573739557588cc6ab376d2d7415825c1a2ac8e0dbeb71f237c3697f7f
CRC32 79794156
ssdeep 6:zz/BamfXllNS/4/F1J31mllxrS/77715KZYXxGQu+e0KpYXh/F1pfoGggksl/cEb:zz/H1W/49TlSXS/pw2qo9LRD
Yara None matched
VirusTotal Search for analysis
Name 8540b7491597888c_1vjj9yqf.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1vjj9yqf.cmdline
Size 311.0B
Processes 3012 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 3f33f1031cb1615349c7b16e351fa558
SHA1 45754ce358ed57d4732207ab1dd75bf226797105
SHA256 8540b7491597888cf642e5831784661c4fb1958ec39d8724e552a8fb6960cea5
CRC32 8F8FBA6F
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fwPccAemGsSAE2NmQpcLJ23fwPcc6n:p37LvXOLMoP6enPAE2xOLMoPw
Yara None matched
VirusTotal Search for analysis
Name 5a67bcd5871f71a7_1vjj9yqf.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1vjj9yqf.0.cs
Size 468.0B
Processes 3012 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators
MD5 52cc39367c8ed123b15e831e52cbd25f
SHA1 497593af41731aedd939d2234d8d117c57a6d726
SHA256 5a67bcd5871f71a78abf1da47c3529617f34b47a5ab7bde0f1133a33fa751012
CRC32 3D3641A5
ssdeep 12:V/DTLDfuUrE+mQMTOpEtc9JFqmmsmPzgKy:JjmYE+mZTCE29LqtsmPz9y
Yara None matched
VirusTotal Search for analysis
Name 49559ad9d7c24a0c_1vjj9yqf.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\1vjj9yqf.dll
Size 3.5KB
Processes 2188 (csc.exe) 3012 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 5074fd14f51869507bd5dccc5009973b
SHA1 16aed3c613fa7fd3b4a83e0b6b76d6e3e040479a
SHA256 49559ad9d7c24a0cfa94341842f9abf9cb4640b1498eab68c6d938c0f6a32525
CRC32 4C4CC52A
ssdeep 24:etGSnc+8De6H3qvQCQ/CEItOi/7bdPtkZfQMXIJKNWD2FoeGYsmI+ycuZhNDkakH:6mKvw/CLxluJQANtFDf1ulYa3Eqa
Yara
  • Is_DotNET_DLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 67794c3fd196eb5c_RES2F68.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES2F68.tmp
Size 1.2KB
Processes 2252 (cvtres.exe) 2188 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 c749f00969ca8c6c7fd48ccfc21a778c
SHA1 564df8d29775c6dc4712f39df41457270fe1a1ee
SHA256 67794c3fd196eb5cdf38f15dfb03487d3fd13555d96f4b85bb67805e9d37359a
CRC32 D50BF57B
ssdeep 24:HVJ9YernpgRImHIiUnhKLI+ycuZhNDkakSapPNnqjtd:6ernpxm6nhKL1ulYa3EqjH
Yara None matched
VirusTotal Search for analysis