Dropped Files | ZeroBOX

Name	447eae52ab197940_svchos.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\svchos.exe
Size	63.0KB
Processes	2684 (None)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c1ade258f05c512e98ebc4d9d1165f8a`
SHA1	`acf20f6a7dc7841ae06f801b887289fdc99e0488`
SHA256	`447eae52ab1979405497866c72df7ec0703085ad6946ab0127f612b1518f8759`
CRC32	`A7D7C05F`
ssdeep	`1536:SaKFoNbEkySYKumUYFOy5biAPY0JG4aRjnl7RUr+TG5x:SawoNbEkAKumUYFD5biF0JejxSsCx`
Yara	AsyncRat - AsyncRat Payload Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	613a08663e793187_tmpC03E.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpC03E.tmp.bat
Size	152.0B
Processes	2684 (None) 1404 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`54001922ff8c6c34b03127711e61cc47`
SHA1	`6ec5c72c599801d0afca5cab25e6e6b5b363b2c2`
SHA256	`613a08663e7931870ad46de88af842bcef873be801e84be1940fc475fed25042`
CRC32	`94442608`
ssdeep	`3:mKDDCMNqTtvL5omWxpcL4EaKC5lovmqRDmWxpcL4E2J5xAInTRIMVnmzVZPy:hWKqTtT6mQpcLJaZ5lovmq1mQpcLJ231`
Yara	None matched
VirusTotal	Search for analysis

Name	392ca70b63b6db8e_pop3.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pop3.exe
Size	442.3KB
Processes	2556 (go.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`8cd2675e19a8b1dccf0dbf082f42ab33`
SHA1	`3b6a8a51f53d8ec6e773f2a28f80fb003311597b`
SHA256	`392ca70b63b6db8e0dc3aab0b6506169d5d9d2cad36598d037794be5a82bec09`
CRC32	`FB511D5E`
ssdeep	`12288:2xdbI79je2EUyZzvUQTw/6Y378+rnoLcaQ:sFI79jDEU8vJTw/nr8SoL2`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis