popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name ef2df829792691f3_255132002555.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\255132002555.ps1
Size 57.0B
Processes 840 (service.exe)
Type ASCII text, with no line terminators
MD5 add80fbc49b6992c99cd2a0c3da7ad06
SHA1 b912d703b304729affd11cd80bbbb39bd9233a14
SHA256 ef2df829792691f330ae1ed8a2aca5bf055050cad0e70d427d4b524a1336601a
CRC32 6CD362E5
ssdeep 3:bVqWiJI7RIMiINRGOS:bcWMI7RE4RvS
Yara None matched
VirusTotal Search for analysis
Name f1945cd6c19e56b3_435534154234324.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\435534154234324.txt
Size 3.0B
Processes 2212 (powershell.exe)
Type UTF-8 Unicode text, with no line terminators
MD5 ecaa88f7fa0bf610a5a26cf545dcd3aa
SHA1 57218c316b6921e2cd61027a2387edc31a2d9471
SHA256 f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5
CRC32 011097E1
ssdeep 3:g:g
Yara None matched
VirusTotal Search for analysis
Name a70a4986ca002ab3_42412566645505.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\42412566645505.txt
Size 7.0B
Processes 2780 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 02e9d6eb32e237f62a8da1c79f00ba7d
SHA1 7a39e48254e113a33ffadd1e6ab884b5f1e5fc3d
SHA256 a70a4986ca002ab3b81c84995aa5aa68819884379fd7d4d77fe930bb1973394b
CRC32 58908E0A
ssdeep 3:vvn:3n
Yara None matched
VirusTotal Search for analysis
Name 3a255c0024916f19_590aee7bdd69b59b.customDestinations-ms~RF1831e7a.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF1831e7a.TMP
Size 7.8KB
Processes 2212 (powershell.exe) 2780 (powershell.exe)
Type data
MD5 6fd29def73b2779e0ae71c4eecd304f7
SHA1 4ba660e4db856e04eb93a01c59ee764259ec55e7
SHA256 3a255c0024916f19c5b3f5d4aa5cde453cc5d90b0784a15f0456e57e71a764b6
CRC32 1F966CD8
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:ctvXo5tvbHnorxTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name bd7c46e11f4f9fa3_15002164.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\15002164.ps1
Size 307.0B
Processes 840 (service.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 1fdc6deb2f8582d5c6d785e7450a5fc4
SHA1 d1c1d85104c7e35721f0d270cec1a22c039cc6e8
SHA256 bd7c46e11f4f9fa3a2ce80d05ce9b97bf44800e7dd8dea0cf3e63c60cb8e22e2
CRC32 41EAA469
ssdeep 6:NqDAGYeYqh3Qu8DO+NaZ5SuH1MUmtWTKQLjpxwrPmQpcLJ23ffl9yh:NQAVd+AbO+0HSuVM1tWvZq7OLMF9I
Yara None matched
VirusTotal Search for analysis
Name ef74a86e3ac6e54b_launcher.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\launcher.lnk
Size 981.0B
Processes 2780 (powershell.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Sep 26 19:57:22 2022, mtime=Mon Sep 26 19:57:22 2022, atime=Mon Sep 26 19:57:22 2022, length=1886720, window=hide
MD5 52457d49f40c3492b1b0816ec97b9792
SHA1 eb874939a1d186ab32eacb43c3a43835de38a6bc
SHA256 ef74a86e3ac6e54be06503c2c5c724ed3d0372c8641e5b79963464279e82b14f
CRC32 1B40A3D6
ssdeep 12:89gm1Kq4cZCrR8EvSWxER+/eiDgjF6gLbizCCOLMFB1Deg6Nwua4t2YLEPKzlX8c:89n1IsERddER5lTyzNRbc16PyV
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis