popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e3b0c44298fc1c14__twcsxgn.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\_twcsxgn.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 4c787d43dedc9f7e__twcsxgn.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_twcsxgn.pdb
Size 7.5KB
Processes 1184 (csc.exe) 2520 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 1b0403f50929e24b90511f4093ac2065
SHA1 b201a770d168a4865524e25f30a8b9292e8d464e
SHA256 4c787d43dedc9f7e65c6889a205d8768df77f71fc75b405a1b3450e58273523b
CRC32 A58D6F03
ssdeep 6:zz/BamfXllNS/gt5Z991mllxrS/77715KZYXht5Z3qMoGggksl/3YXBGQu+e0KWI:zz/H1W/gbD3SXS/pwAboMmqRi
Yara None matched
VirusTotal Search for analysis
Name 8f05b8c58e63a222__twcsxgn.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_twcsxgn.0.cs
Size 482.0B
Processes 2520 (powershell.exe)
Type C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5 4f542c4d138b4ea1850dc486822044ec
SHA1 93491e756422037a856ba6a1083f65f7cec02927
SHA256 8f05b8c58e63a222e50198c475b1e020298262e759b07b00cc895ae01fafc685
CRC32 DE74BEAB
ssdeep 6:V/DsYLDS81zujArFdMGlBpJjQXReKJ8SRHy4HacCflkYKCplN3f1Ky:V/DTLDfuObOXfHdef1Ky
Yara
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name 0ed5b0823e71e0e3_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2520 (powershell.exe)
Type data
MD5 f4a8a3e56bca0190031a365f104571cf
SHA1 7a4eac7016b8feca961f757cfe05bfeb4b76c10f
SHA256 0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41
CRC32 E95A2C69
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 211cd906bcde6cce_CSC46C3.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC46C3.tmp
Size 652.0B
Processes 1184 (csc.exe)
Type MSVC .res
MD5 e58709669b0a7b51f8aacb64505f04e2
SHA1 e323abaf487938cc72f014e5d869783c4c3e5915
SHA256 211cd906bcde6ccea1caf5920a80381a87f0d1be4e90e5d070e9f92952484b7a
CRC32 1150C85A
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry0Sak7YnqqVzPN5Dlq5J:+RI+ycuZhNSSakSVzPNnqX
Yara None matched
VirusTotal Search for analysis
Name cd258433d31efb5c_RES4751.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES4751.tmp
Size 1.2KB
Processes 2240 (cvtres.exe) 1184 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 4344876d618edea6f6217cd466993f68
SHA1 281c3c3d902af82b0b5abc475feddb0d86a992e3
SHA256 cd258433d31efb5cf53a379d9450b3f8dabdd3d98ef753ab73409b62036f2229
CRC32 5A19617C
ssdeep 24:HWJ9YernBLmHpEUnhKLI+ycuZhNSSakSVzPNnqjtd:bernNmhnhKL1ulXa3rqjH
Yara None matched
VirusTotal Search for analysis
Name c1aaa81de5b1ae3d__twcsxgn.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_twcsxgn.dll
Size 3.5KB
Processes 1184 (csc.exe) 2520 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 b8fa0c73e94c4757584bcde2e3d5807c
SHA1 b5398243c7a1edaedc60ec9fbbb8c9590b210a22
SHA256 c1aaa81de5b1ae3d9c265dc37c38b002cbfba44fc33c3f694c72abe730822ba5
CRC32 17A16287
ssdeep 24:etGSR9NOHGuEw+7Lq/okkU5gVUbdPtkZf5R0E71FwlBmI+ycuZhNSSakSVzPNnq:64CWWVMuJ5RDrwq1ulXa3rq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Network_Downloader - File Downloader
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 60776b500131fea2__twcsxgn.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_twcsxgn.cmdline
Size 311.0B
Processes 2520 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 ede6d9f3a7c63b178d1e5fd03c66c129
SHA1 f3967f9da61e0bbbf1a7a045b7b8f2af99f581c7
SHA256 60776b500131fea20cd4694ff0a49620d7bbca084d954e24dbdd15dd37578a29
CRC32 8A4326D9
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fMaDmGsSAE2NmQpcLJ23fMaE:p37LvXOLMlDnPAE2xOLMlE
Yara None matched
VirusTotal Search for analysis
Name f40888bd342eb70c__twcsxgn.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\_twcsxgn.out
Size 598.0B
Processes 2520 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 50313ad73c5e000351d5554a7143717c
SHA1 fa003a68504954a50bcb76bc5d86f073a0e21e83
SHA256 f40888bd342eb70c6c54697a8e2b870f1f15ae023a8d8e57c069fe8fa648d19c
CRC32 6384071F
ssdeep 12:K4X/NzR37LvXOLMlDnPAE2xOLMlRKai31bIKIMBj6I5BFR5y:KyNzd3BlDnIE2nlRKai31bIKIMl6I5Da
Yara None matched
VirusTotal Search for analysis