popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 44e8aa0601fffe82_590aee7bdd69b59b.customDestinations-ms~RF2025bc8.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF2025bc8.TMP
Size 7.8KB
Processes 2696 (powershell.exe) 2928 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 4b9d898379e5dd1d_windowshealthsystem.exe
Submit file
Filepath C:\Users\test22\AppData\Local\WindowsHealthSystem.exe
Size 70.5KB
Processes 2536 (XClient.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 109adf5a32829b151d536e30a81ee96b
SHA1 dc23006a97e7d5bc34eedec563432e63ed6a226a
SHA256 4b9d898379e5dd1d260c1706aa04aa8270994835a523bb83695062d92c830311
CRC32 455E9673
ssdeep 1536:QeYZA06UMG73jWw9o5zeS6LQR9bAayaIMbckM6mfOWcNFOfab:QfZxfMGTFXS6LQR9bAaZbfsfOPMab
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 247ea5956d50d866_windowshealthsystem.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsHealthSystem.lnk
Size 954.0B
Processes 2536 (XClient.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Apr 2 13:14:23 2024, mtime=Tue Apr 2 13:14:23 2024, atime=Tue Apr 2 13:14:23 2024, length=72192, window=hide
MD5 192e4c54d56bf8a96ddbd5469ea5a4ae
SHA1 db4a6c69d9a0fef8da808e2d48877f9125bb1f47
SHA256 247ea5956d50d866682ac3c8d6016e05e3f40951efad3263eb9415cd7a149e84
CRC32 ABCFAA70
ssdeep 24:8TnRWl/isERdsrRzJYj5zNRAUEje16PyZ:8jRWlKsdRzJG5pR7iecyZ
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis