popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 2aaf34da8e3c559e_d93f411851d7c929.customDestinations-ms~RF223580e.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF223580e.TMP
Size 7.8KB
Processes 8704 (powershell.exe) 3360 (powershell.exe)
Type data
MD5 f3c862b1fec8d7ab928ac77988bc60a8
SHA1 76808f56e3ada1cc7e5a470c721c496796f37932
SHA256 2aaf34da8e3c559e8c0fa4797e0b7777f55e970dc2566cc5bca2fc694df4fc23
CRC32 F30B9CBF
ssdeep 96:wtuCiGCPDXBqvsqvJCwoNtuCiGCPDXBqvsEHyqvJCworE7HwxulUVul:wt7XoNt7bHnorfxg
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name a273db2820be4d0e_0pkiaxq6.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\0PKIAXQ6.txt
Size 116.0B
Processes 7144 (Bypass.exe)
Type ASCII text
MD5 e440a34b402922131d6b4cda60b4a768
SHA1 7df931437a23a833dd7359e350a059f534e1b6d7
SHA256 a273db2820be4d0e72f3ac943f9897cf04c211d386b1d9bb05340419cec86ca2
CRC32 B74122C2
ssdeep 3:GmM//SXATARUETWa6RNJqMWweSNI+TBOGT8HQa6QVn:XM//SXA0yEal4XweP+ToB6Un
Yara None matched
VirusTotal Search for analysis
Name 85f1898ca67d99c1_finalres.bat
Submit file
Filepath C:\temp\finalres.bat
Size 4.0KB
Processes 6692 (Machos1.exe)
Type DOS batch file, ASCII text, with very long lines, with CRLF line terminators
MD5 ef10ccafd9271bef8d1162857d6c2182
SHA1 fa0216a96d015cb29c8014dd889cbb4f98146f71
SHA256 85f1898ca67d99c190bb5c1637727f7d82b41fe0ce8fb8351981efd2a582e91a
CRC32 C1F93B4E
ssdeep 48:qJn44BPbVKXBPbwaPJdXqU2LacFGIxrJYTvCJWkqBPbyjpdjfM2IOM2YEM2y2p2b:Y44BTVGBTrxdXqU2GHkqBTMpdU3
Yara None matched
VirusTotal Search for analysis
Name 6851d9ae6d9c3405_machos1.exe
Submit file
Filepath C:\Windows\Machos1.exe
Size 10.0KB
Processes 7144 (Bypass.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 460c76892a939c1b7d563171c3b2d349
SHA1 267857f6c93b33f87c7d3fd109d22fe3e7e33913
SHA256 6851d9ae6d9c3405a7fb92d93ec0bd87e3c52a6903e29ab55f2d7b779559d4b7
CRC32 EBB5FAA3
ssdeep 192:WDHxYnpqIuU3Ws9dXeZ/t3pKq/rtZJUh:WDHxYnkA3Ws9dXZqpZ+
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal Search for analysis
Name 4ead5762a374a921_disable.vbs
Submit file
Filepath C:\Windows\Disable.vbs
Size 1.6KB
Processes 7144 (Bypass.exe)
Type ASCII text, with CRLF line terminators
MD5 14ea261d44218a9791555b72a7767c29
SHA1 4bce49b19c36e59da55d95bed268450ae99f01a3
SHA256 4ead5762a374a921de330d5f2fd3ad4aaf015bc7d004d34c97740f5804085cb4
CRC32 FAB78010
ssdeep 48:5Ao/mwhEwgcvzWvgWvovTbv/vLUvmvUiYvCIv5IvLHukcAzF:5Ao/mwhEwgyaUMAp
Yara None matched
VirusTotal Search for analysis