popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e77b579731993b8d_onesave.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-76EOH.tmp\onesave.ps1
Size 10.6KB
Type ASCII text, with CRLF line terminators
MD5 1c260fb7188a58cd690465b5df4df1d8
SHA1 7560ab4d83a5f64dd5de659b26150cc7b11b7822
SHA256 e77b579731993b8d89c4eee79d532fafd51b975db37dae7905fccf18e9daf791
CRC32 F979B78F
ssdeep 192:crM+5AO34ibaZVVI6O7CRZu+UnqYO4ScOyQkOO7ZI6O:c55AO3e2ARI+Unq8SCQG7u6O
Yara None matched
VirusTotal Search for analysis
Name b2e2e54fac18bb57_do.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-76EOH.tmp\do.bat
Size 15.6KB
Processes 2620 (utility-inst.tmp)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 b63f769bed7fc3849a33bff330e9d4f8
SHA1 2d56864079b63eabf84ed8f4328f0027686b29cd
SHA256 b2e2e54fac18bb57753d28b4a46c18e0e9c364fc9de707fb143298a068f1e344
CRC32 CDF2B83F
ssdeep 192:MKEh1AEA7O34S1bMV1SThOhTE7+8WEAWmts8MaOVLsB8pOLNp2z8HOT69M8WMzwB:MP1XCO33usVAoL
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name b0d7bc97394fffea_utility-inst.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-PE1DL.tmp\utility-inst.tmp
Size 3.1MB
Processes 2568 (utility-inst.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5a617f74245e27297419874956a3ff3e
SHA1 2cbf5440d087f181bd3aa1f2cc0cd5991eb23e24
SHA256 b0d7bc97394fffea516cd704377d97419b784cbf7acb694c6a7736b89f916b58
CRC32 1892C121
ssdeep 49152:2WGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbQ333TY:6tLutqgwh4NYxtJpkxhGj333T
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 54e7e0ad32a22b77_idp.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-76EOH.tmp\idp.dll
Size 232.0KB
Processes 2620 (utility-inst.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 55c310c0319260d798757557ab3bf636
SHA1 0892eb7ed31d8bb20a56c6835990749011a2d8de
SHA256 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed
CRC32 E86B363C
ssdeep 3072:dnSx3lws+iWbUmJmE8dxMw7r+mjT5PbzEFwyGIyTcHY10tSB9j:IP0bUmQEUr+mRcbTx4N
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2840 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 388a796580234efc__setup64.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-76EOH.tmp\_isetup\_setup64.tmp
Size 6.0KB
Processes 2620 (utility-inst.tmp)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
CRC32 2CDCC338
ssdeep 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis