Dropped Files | ZeroBOX

Name	70c6d555938fdc95_svchost.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\svchost.exe
Size	47.5KB
Processes	2556 (None)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`670d1014ec5713d005f8ddfefc495a9e`
SHA1	`91362eaf33dc55e4d970fbefbda975be32628d6b`
SHA256	`70c6d555938fdc95c03f98a7a3a37b607d1dce623663479082c5b9514caa04fd`
CRC32	`FECF8AC1`
ssdeep	`768:EuwpFTAY3IQWUe9jqmo2qLPzXR8myUdPIvfc2C0b2lnNPVPUXHyk/UQsS25BDZ8x:EuwpFTA4/2KRx0vfb9bgnTUXHmpS2nd+`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer AsyncRat - AsyncRat Payload Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	9880e689e45cac72_tmpE058.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE058.tmp.bat
Size	153.0B
Processes	2556 (None) 2072 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`658cfd4e6b712a434575978f63f7e956`
SHA1	`2f37c4f9db9ffdcc021bf82574af931e25f26678`
SHA256	`9880e689e45cac720ab5652434c402536e9bbdf2e3fb94f8fcc183d264cc3308`
CRC32	`534D756C`
ssdeep	`3:mKDDCMNqTtvL5omWxpcL4EaKC5ZACSmqRDmWxpcL4E2J5xAInTRIKVIlwZPy:hWKqTtT6mQpcLJaZ5Omq1mQpcLJ23fTO`
Yara	None matched
VirusTotal	Search for analysis