popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name a96001f92f190490_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 8724 (powershell.exe)
Type data
MD5 77dfc370498534a5df1fc467d3ee73ce
SHA1 5fcef2d483ab8d5d1c89c9efe50734ca29f01ec4
SHA256 a96001f92f1904904e6cc962ef38ee4a4b4f486d254ea4e10fbb8192aec33ad8
CRC32 7851B322
ssdeep 96:wtuCiGCPDXBqvsqvJCwoNtuCiGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:wt7XoNt7bHnordTyY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name a34c2923388f87e8_ready.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ready.ps1
Size 6.4KB
Processes 652 (ss.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 37330f50cf392bca59567a22de3b836a
SHA1 f7b37328533a133567aa28f03015da69e2e36547
SHA256 a34c2923388f87e84a4f67f123626af4eff5e7d7e5abe327b6a1b1aa55a12de1
CRC32 16012237
ssdeep 192:Ir7gsj6BvLYVQj8dhpLYcj8sLLLY4eBj8kbvXTauSpQFD:iM
Yara None matched
VirusTotal Search for analysis
Name 4411d8a69230284c_ss.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ss.exe
Size 6.0MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 92068f4e5a7e704caf1fad1665121757
SHA1 63af0fcb20bc4abb452c53455a9955dc210334bb
SHA256 4411d8a69230284cb6238a2e8cf29878afbbef90935bb94d1a6f8d59af30c6cc
CRC32 6ABF1319
ssdeep 49152:zFH0XcONJ1ipWN59v8qwofIlrfPou6nJTppIq7MYurLSnpqDstXL5xDgPMNXQiEU:eXcONJ1qT4
Yara
  • PE_Header_Zero - PE File Signature Zero
  • create_service - Create a windows service
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • IsPE64 - (no description)
  • IsWindowsGUI - (no description)
VirusTotal Search for analysis
Name 2cbeb177bcacc3ff_get-content.ps1
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\get-content.ps1
Size 2.5MB
Processes 652 (ss.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 53b60cfb2d1c4b93c070d855cb48841d
SHA1 72cca160efed00362bd0d1a2c5b23a9bd4d49bea
SHA256 2cbeb177bcacc3ff785a99217b8bb2b24373aac8096aa8c4f1a06343f7d0e400
CRC32 770CDE9B
ssdeep 49152:0EdeZPTL9/A0TAIu85pMGX6sN8e98jEc2i:X
Yara None matched
VirusTotal Search for analysis
Name 5f4be7249467313f_logo.jpg
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\logo.jpg
Size 128.0MB
Processes 652 (ss.exe)
Type data
MD5 3702d62fe72e555e97ca68340e2accb7
SHA1 345030a5d126ba1d066163c4c87068275b08d989
SHA256 737baaf388dc96eb8915873d3a5d76c506fefa6b43898df43034435e188027c2
CRC32 790111C7
ssdeep 3145728:y+J9tHJ2LcZYHVJ4lZlhHZd1QccCyMSUBEbGrcBmTGgaLW+:yUNJ2LcWVilDhHj1QvyFqKcBMyLH
Yara None matched
VirusTotal Search for analysis