popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 0ef20df20f60cd9f_d93f411851d7c929.customDestinations-ms~RFb849ea.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFb849ea.TMP
Size 7.8KB
Processes 2788 (powershell.exe) 2964 (powershell.exe)
Type data
MD5 cd0d1d59d018b6fcb03f7c855c49cb9b
SHA1 b3827c5511ceaca15ffdcf2586c3236fdb289d58
SHA256 0ef20df20f60cd9f5086a934d56394116e066315be34d571f067d624ecab0e2a
CRC32 16FA9AF6
ssdeep 96:QtuCcBGCPDXBqvsqvJCwoVtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:QtCgXoVtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 4df86f74f192202e_¹îçýáö2.jpg
Submit file
Size 1008.7KB
Type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1350x1350, frames 3
MD5 d25c88e876a543fbb1fae1da1aca553f
SHA1 8ca19bc2ead515cbd38c3f340430822c183ae29a
SHA256 4df86f74f192202ee6ac82095804d681086c5a2009807f6f4e1def15915671c2
CRC32 0796BD15
ssdeep 24576:hJLN+0TICLfCaqQIb/ZJ9Foq9ddUTtcRM08FsOSopc7ytZJeUZnQ:zhLfNqQITZnZATtKBCs7oGytn3ZQ
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 5440699e3ad3443e_jB2OWAx.lEKR
Submit file
Filepath C:\ProgramData\jB2OWAx.lEKR
Size 3.1MB
Processes 2904 (certutil.exe) 2176 (svchost.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 320404d984d7066780652ef2f0d7ef46
SHA1 19dee98d943a738767a8e5fb05a947381bbeed81
SHA256 5440699e3ad3443e1cec835f09715c63033e5c75b7a1cfd7e351602bdfecb434
CRC32 18CBD445
ssdeep 49152:3gPzIzyMB5iHmClghA+99XcXjQ90huaksoSnykgwtFwjoibaj:wPqyYgHmClgt99AQ90Xpsba
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • VMProtect_Zero - VMProtect packed file
VirusTotal Search for analysis
Name d89bcb643b4ef899_bgn9jpn.g6ky
Submit file
Filepath C:\ProgramData\bgn9jPn.g6Ky
Size 4.1MB
Processes 2572 (wscript.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 510eff6f6546a6efd6710e5d6661801d
SHA1 a9c602f415a6410e31c33d13d0a76001bf8de338
SHA256 d89bcb643b4ef8992ac08dce4c4ac8005bd04296f4cc999920ad53008a8166e3
CRC32 1B3486B7
ssdeep 49152:7fOgJ9ZJ1GWSI7D0C8AysLK1yTprVB60zM71tcUVMEAA8K6UHwHB3ex3pCfC6coY:A
Yara
  • hide_executable_file - Hide executable file
VirusTotal Search for analysis
Name 5a672e68fe3dcf92_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2964 (powershell.exe)
Type data
MD5 31ed600926bba3013dfcd6dd68799bb0
SHA1 b00e6e5f449d8d2d285d56a43bd8f6f35a885285
SHA256 5a672e68fe3dcf92b28cc1741d9826d97aef76e094b3d6a3440f0c4ebb0329a5
CRC32 66AB9515
ssdeep 96:0tuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworz47HwxKlUVul:0tCgXoRtCgbHnor/xs
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name e3b0c44298fc1c14_cer50C.tmp
Empty file or file not found
Filepath C:\Windows\cer50C.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis