popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e1a800de8bcedb31_CypherDeptography.~+~
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CypherDeptography.~+~
Size 467.0KB
Type UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5 2affef00eedde0e7d5689c5c5f44d40a
SHA1 575d5852e18fd78500e9ed1e30dfd77aa0052288
SHA256 e1a800de8bcedb31632a78db1755a6719b6f3625da45880a6d8a2bacc056e7f5
CRC32 287292E1
ssdeep 3072:zLgY43N8IAEl0AdLW07yCw+rv0ZHqHYZJxQr1/F:H4983El0AdLW07yCwyHeJxQ/
Yara
  • hide_executable_file - Hide executable file
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • PowerShell_Script_Include_2_Zero - PowerShell Script Include [Zero]
  • PowerShell_Script_MZ_Zero - PowerShell Script MZ [Zero]
VirusTotal Search for analysis
Name e7831599adde6404_windowsdefenderupdate.js
Submit file
Filepath C:\ProgramData\MEMEMAN\WindowsDEFENDERUPDATE.js
Size 551.0B
Processes 3048 (powershell.exe)
Type ASCII text
MD5 e59870825a9539b6a3a311cab042a7c2
SHA1 e1cd7cb3ea1948c93f9be9322a91fc11bdc3d686
SHA256 e7831599adde64042091b5db47032e3a3c3b2f7b8720156900b38f35ca2d8936
CRC32 47DBC8F7
ssdeep 12:m56aruoKkvIUxu9wPwP2U0DxiSysYLSNiFV/Tm0FV/Tm0FV/Tm0FV/Tm0FVIQQl:46FrkvIU1w+U0DcSysYLQKVXVXVXVXVi
Yara None matched
VirusTotal Search for analysis
Name 2544ced532ceea30_updateescan.js
Submit file
Filepath C:\ProgramData\MEMEMAN\UpdateEscan.js
Size 873.0B
Processes 3048 (powershell.exe)
Type ASCII text, with very long lines
MD5 15f6130a8686d0ce804418c57b2a8e48
SHA1 1ab68c24f5daff8d4bbbef530ed1e47d6412037c
SHA256 2544ced532ceea30a0fea44018ee3f3c0c36c09d548bdc4e44e0cde5a57d3c09
CRC32 7203E7E9
ssdeep 24:MB/cdYciIN+iAUx/GNc3rKNceJF+PCxrnTURJkSDc+GK:dwIQiTUWeNpJF7HQDc+5
Yara None matched
VirusTotal Search for analysis
Name a9b1dc8eaa5fcd00_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 3048 (powershell.exe)
Type data
MD5 c1d8708bab1e838a2deda26d58bb8d42
SHA1 95d39e75a804752961c139bb6c0b67f84f685035
SHA256 a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2
CRC32 E71AF2A2
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo
Yara
  • Generic_Malware_Zero - Generic Malware
  • Antivirus - Contains references to security software
VirusTotal Search for analysis