popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e3b0c44298fc1c14_itkkqgnw.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\itkkqgnw.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name d8cb856955780b10_itkkqgnw.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\itkkqgnw.out
Size 607.0B
Processes 2648 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 a144e9ec7f7b48bba8e227843de5cf00
SHA1 7694f74723f7a6697d0f112547b3b56b6a0c1945
SHA256 d8cb856955780b10286756c9551ce5812698e0c094290a607840a1aa548cdb87
CRC32 A10D98EC
ssdeep 12:K4OLM9nzR37LvXOLMmVnPAE2xOLMmJAuKai31bIKIMBj6I5BFR5y:K+9nzd3BmVnIE2nmJAuKai31bIKIMl6v
Yara None matched
VirusTotal Search for analysis
Name f8fbfcc7cf4a99bb_itkkqgnw.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\itkkqgnw.cmdline
Size 311.0B
Processes 2648 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 d6f23ab2cd1cb4962ca38127e394b2bc
SHA1 86d4233ff4461d8f9adbe2ad7c52ff245325bd76
SHA256 f8fbfcc7cf4a99bb4549c48f1cf747115d104354e857a59aa1f6fcba34a0fd22
CRC32 F71254CC
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f+QmmGsSAE2NmQpcLJ23f+QQAn:p37LvXOLMmVnPAE2xOLMmJAn
Yara None matched
VirusTotal Search for analysis
Name acf9522e65e38130_user.inf
Submit file
Filepath C:\Users\Public\user.inf
Size 788.0B
Processes 2548 (mshta.exe)
Type Windows setup INFormation, ASCII text, with CRLF line terminators
MD5 d0a68db6f05582ce2092d67fae613c1d
SHA1 88baf13f8ebd5b62c654f715d1d745e2c76fd9e8
SHA256 acf9522e65e38130ec356c7793743d5df4714a82a407dd78cb05ca6ccf29d804
CRC32 88027C22
ssdeep 24:Zz585anuYXZVu5IL7LxAmAq0gb4h4VA/uJIlRVn:ZXnb3lLHxAmAq0g8h4CwS7
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name c9cbca0600451df2_rolg.ps1
Submit file
Filepath C:\Users\Public\RoLg.ps1
Size 978.0B
Processes 2548 (mshta.exe)
Type ASCII text, with CRLF line terminators
MD5 5639f032072f705d335cfed170c4d955
SHA1 db4196b259225c10cf56419427c883bd3d08212b
SHA256 c9cbca0600451df271808894795215a418067ed7d656ea5d39f93437b51e30a4
CRC32 FADFD8B2
ssdeep 24:R6IWpWFzJ0WUp22nhM5OHD2EEr4YaI5C0uM:w7WAW6bnhHHD2EEr4Ya4l
Yara None matched
VirusTotal Search for analysis
Name f52036306d49ca5b_itkkqgnw.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\itkkqgnw.0.cs
Size 319.0B
Processes 2648 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators
MD5 f3c09788c53ec7b12e03c328440a57fc
SHA1 898711631c676136cc0576370c705d5bb38df060
SHA256 f52036306d49ca5bc0c58242a311526e4d045dcd070b0981db503da5e3a55212
CRC32 99FC46F2
ssdeep 6:V/DsYLDS81zu9deaso68SRkoSoODFJwiQQAZ8SRYK4uOmtKy:V/DTLDfu/eaRE9OFJw8Ad4YKy
Yara None matched
VirusTotal Search for analysis
Name d8f2adbabc95a61c_RESFB0A.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESFB0A.tmp
Size 1.2KB
Processes 2924 (cvtres.exe) 2876 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 876f3ed18847f6645937768f57cda5ee
SHA1 00d5e8b1cd32987da52b07d5edb8616a87cc15f1
SHA256 d8f2adbabc95a61c13b36b2dd0295e72bc56808a24db91c297b58806be791891
CRC32 423771D2
ssdeep 24:HriJ9YernpoEmHuUnhKLI+ycuZhNL7GakSy7XPNnqjtd:jern5mJnhKL1ulLya3yZqjH
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2648 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 9feec01980fc187e_itkkqgnw.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\itkkqgnw.dll
Size 3.5KB
Processes 2876 (csc.exe) 2648 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 3d259d1969d966f02100931c2e7e01c8
SHA1 cce6f217e82491d3caad5b1f9eca23a5952c543f
SHA256 9feec01980fc187e666dd2833acf159ed8162647db6432e100c58eb415eddc9c
CRC32 E9181B6A
ssdeep 24:etGSwNiGTpeS57UdtbbdPtkZfmn0nq7umKYmI+ycuZhNL7GakSy7XPNnq:6DactduJmnqGumKj1ulLya3yZq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 9679a6ddcae2c572_itkkqgnw.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\itkkqgnw.pdb
Size 7.5KB
Processes 2876 (csc.exe) 2648 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 bd2c28a9b8e4f0c91dfcc1a2b7724fb3
SHA1 c9abef81e2d6d315749fcddbf96bd87e28ac6f66
SHA256 9679a6ddcae2c57291498d741ffe0ff16af41dd8c109a5d58d5904830ecf31b3
CRC32 632B703B
ssdeep 6:zz/BamfXllNS/Hvi1mllxrS/77715KZYXxGQu+e0KpYXqvwfoGggksl/cEDf:zz/H1W/PmSXS/pw2q/aRD
Yara None matched
VirusTotal Search for analysis
Name 48a130b75cd2f1f4_CSCFAFA.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCFAFA.tmp
Size 652.0B
Processes 2876 (csc.exe)
Type MSVC .res
MD5 5dd2d72c72ab7199defe15f2581450ea
SHA1 9f9622da337e00e46fea2f5089ac4974436117e9
SHA256 48a130b75cd2f1f42d783565290ffff146bd435302e1e49fdf8b6e78478678d1
CRC32 2D7B7431
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryB7Gak7Ynqqy7XPN5Dlq5J:+RI+ycuZhNL7GakSy7XPNnqX
Yara None matched
VirusTotal Search for analysis