Dropped Files | ZeroBOX
Name f8aeea20203dab70_CSCF7CD.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCF7CD.tmp
Size 652.0B
Processes 2772 (csc.exe)
Type MSVC .res
MD5 378ee2f16609a9dc3235b0922925a890
SHA1 bd2c98091169589d702e258bc6b81ba45f7346f9
SHA256 f8aeea20203dab70e260a3b2b6829e48172cd6bd0a82e1ce3ee439ccb32a4b54
CRC32 CA770AAD
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryU9FRqak7Ynqqv9FRbPN5Dlq5J:+RI+ycuZhN+9FRqakSv9FRbPNnqX
Yara None matched
VirusTotal Search for analysis
Name 582276f496308c90_ry1dtt7x.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ry1dtt7x.0.cs
Size 2.5KB
Processes 2640 (powershell.exe)
Type C++ source, UTF-8 Unicode (with BOM) text
MD5 eb4d886e196300b48bca76738917f019
SHA1 e52b79d2b34487d90344a1058d5290b10cceea0b
SHA256 582276f496308c902c634b6e7fc63d2e2f0ae531f69eb8ec3c6e25f801a59cc9
CRC32 AF96A963
ssdeep 48:JjMoCUgWrNBOjNOi9yhi16HNNl2Ki26yPf6qLSEY:JjMYgWrNBOjNLMhiZKi2dO
Yara None matched
VirusTotal Search for analysis
Name 8a98d622cddf12fb_ry1dtt7x.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ry1dtt7x.dll
Size 5.5KB
Processes 2772 (csc.exe) 2640 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 a9a080b969ba543d2c233a874e0e216f
SHA1 56960ad5fed50c9a9e2bb86654be2ac9b828a06d
SHA256 8a98d622cddf12fbf1c34a4e976a06ebd6988101cdd00a895b720cd92d4e8668
CRC32 A77F0AB2
ssdeep 96:NCao3x9+Z/cfAnyzOcC25pdOxdGGrpVn9BmjqKFj:NG6EfQaOcxbGrpV9Aj3Fj
Yara
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name bdccb2f13aef123f_ry1dtt7x.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ry1dtt7x.cmdline
Size 311.0B
Processes 2640 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 9bd042e6f81d1de674828addb5e1b9d5
SHA1 e950610369a91ddcd62606a69e61b3f4efa4a44f
SHA256 bdccb2f13aef123fab49878b7d1fcfcd3263a0298e94115e09b353a2e4fd5b45
CRC32 F754BD09
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fhmGsSAE2NmQpcLJ23fk9:p37LvXOLM5nPAE2xOLMe
Yara None matched
VirusTotal Search for analysis
Name 890b7c5d34596a4c_ry1dtt7x.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ry1dtt7x.pdb
Size 7.5KB
Processes 2772 (csc.exe) 2640 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 459c688ae75bbfafc23f6c14dac3994d
SHA1 78fa47a3c69a62285c6bf53cecd1d86bc1c43b3a
SHA256 890b7c5d34596a4cbd4cf2bce35b7b28b29fd0a499445a2516d4dce5e41ba204
CRC32 768DDA00
ssdeep 6:zz/BamfXllNS/1rX11mllxrS/77715KZYXxGQu+e0KpYX4rloGggksl/cEDf:zz/H1W/1jfSXS/pw2qFZRD
Yara None matched
VirusTotal Search for analysis
Name bd4abf574d7a0575_ry1dtt7x.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ry1dtt7x.out
Size 607.0B
Processes 2640 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 7e22981d316e4e0f5662139632fbf75c
SHA1 cd4494377f709d2ee2789e5feeb9bbe6e3de022f
SHA256 bd4abf574d7a0575271042ff3b563eaf0eb1b3fae2a39a8167e3c07401ba3b25
CRC32 14EEBDB6
ssdeep 12:K4OLM9nzR37LvXOLM5nPAE2xOLM/Kai31bIKIMBj6I5BFR5y:K+9nzd3B5nIE2n/Kai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2640 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 0f4d4b5309d8cede_RESF7DE.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESF7DE.tmp
Size 1.2KB
Processes 2840 (cvtres.exe) 2772 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 c1415bedf3b388b64a14393d4e7160fb
SHA1 6bb46a45bf7e60fe81da0545bdb25bb03fb2cb5a
SHA256 0f4d4b5309d8cede31dff936700229c811e23d427a3104ac2f6ad74c5cadf0d8
CRC32 0E44A479
ssdeep 24:HXiJ9YernF+hmHT/UnhKLI+ycuZhN+9FRqakSv9FRbPNnqjtd:nernGmonhKL1ulsjqa3FjRqjH
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_ry1dtt7x.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\ry1dtt7x.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis