popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7a3271b0079e9f56_wzoptup.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\wzoptup.exe
Size 330.5KB
Processes 1836 (WezoAutoUP.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 206c606e09f81262fbc85065ceca4f59
SHA1 96fa2aba33f86d809697d04d083ef3f6108ab197
SHA256 7a3271b0079e9f56f20acdb731e46174fc0a1f1a59e5fbd951a6ce9c07db48f9
CRC32 2283FD16
ssdeep 6144:e68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1I3A:efnnK9zABs+TbFx9SXOPCf8DkqAR8zHK
Yara
  • AutoIt - autoit
  • PE_Header_Zero - PE File Signature
  • CoinMiner_IN - CoinMiner
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 21db0fda1eca852d_arpwriteIni.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\arpwriteIni.exe
Size 441.5KB
Processes 1836 (WezoAutoUP.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 8ffe154b25091cb5a8547eb4f56d112c
SHA1 e5a94d1b4c609bc7dc1e177e8dc54896a9d29369
SHA256 21db0fda1eca852d06185e4bc4939c8979771045b9a2939ac1d45cb60d05a7d3
CRC32 DE25DADE
ssdeep 12288:oFLN7pJxDibQF4ulRCX11Ab1i0n9aMzgK+nZL3eWq/U:MN7p/DjF7CHIkozgze8
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name fee735580b6b08f6_7z.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7z.dll
Size 1.1MB
Processes 2500 (DownVerySync.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 d5d42c33a42d0351511b204c8b1f1126
SHA1 b099dce5071e19cc35ecba536e4fb1126b565f3e
SHA256 fee735580b6b08f6a602971881a385d52793810a68ef46bb72e3eca270930f65
CRC32 ADC43EFB
ssdeep 24576:v4K5hK124cWKupj+zEgf94/JEo2BXrXNH6YsPfRQuIeCoFkDe:v4wKYJuN+zEgoJSaNPpQuIeDkDe
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Microsoft_Office_File_Zero - Microsoft Office File
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 446c32f18d11f941_autD423.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autD423.tmp
Size 175.7KB
Processes 2500 (DownVerySync.exe)
Type data
MD5 a536f91b8d76b853ea989e296b77be23
SHA1 8f847223a10233707ab43aaf87a5ddc2e17b5c1c
SHA256 446c32f18d11f941311e39518f7f5b4650625c8e03182d79ddc8bcfe478ebaa3
CRC32 D43052C8
ssdeep 3072:XBN7v//uVtNcyyJd2zzu3ooFhwGZP4h/PzH+/YmIig76eDlLgjDlE/atFnk5LhgN:XPGVtNcyy32zz6ooFhC/PzHupq6g0NjF
Yara None matched
VirusTotal Search for analysis
Name 3c2211246c15cb72_storyhosts.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\storyhosts.exe
Size 708.0KB
Processes 1836 (WezoAutoUP.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 3c48dddcbad4b1bd6285722968150c80
SHA1 c5a5e606623a2eed71175fa9efba658bf25199ba
SHA256 3c2211246c15cb72cf93da21212663ae414ce8127639785b930b52077c02478a
CRC32 43BB27FE
ssdeep 12288:j6tyWjX4LovCsYi5xYZheILnhXFTpqNTCwLpFmEGxZgtJJwtMXDJZyMndIcMQl:GUWjEmPLnIt4T5tFmEGxZg1ZNecL
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 44c1753d235bd0a8_sysup.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\sysup.exe
Size 1.7MB
Processes 1836 (WezoAutoUP.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 e11e67d21c40e31313b4611bd0af0301
SHA1 e9ed06599806d90cec2c605135fceedb5091950f
SHA256 44c1753d235bd0a849bd87b6fcfe6a1a5ac496ff36d043a6827ab9db0a446e03
CRC32 CBBEF888
ssdeep 49152:ymmPLnIXHFJPoXjQ9/U+O9fw8dB14QWlvdR3G+/ontfl:iPD4HPPoXc9/4fpWHR3N/ontf
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name eda460401f4bf87c_7z.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7z.exe
Size 288.5KB
Processes 2500 (DownVerySync.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 5859d8fca5e45c28aa4e4f708fbe50d7
SHA1 0843e9fbe29e226bc3eb186407920a611ab5c718
SHA256 eda460401f4bf87c9c1bfcbfc039eabd7c479cbd8a670e87642098d7fd380412
CRC32 9AD34928
ssdeep 6144:2deUJaXYOMqsGXKdFhLOWtE+Q2UsIEgbbe73aTL/VctpuaL:2dRVOsfCyE+QPsIEic3
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 9e2285e53e066d6c_wzopt240312
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\wzopt240312
Size 15.0B
Processes 1836 (WezoAutoUP.exe)
Type ASCII text, with no line terminators
MD5 45f16651c15ad06d601d3de913675eb5
SHA1 b7d4ea0a71c3f68e9fc70b8fbfbde40fe3dd87ff
SHA256 9e2285e53e066d6cd52d89215df2e46670ace17a3c1ecf65e70d0b9be4171586
CRC32 EDE6F8B0
ssdeep 3:tBAG:x
Yara None matched
VirusTotal Search for analysis
Name b33031705aa73544_WezoEventUP.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\WezoEventUP.exe
Size 330.0KB
Processes 1836 (WezoAutoUP.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 47bfeea9297530e45f26c4877bc078a6
SHA1 880ab0fb1721e06893e2c68ef3310fa7fc859b37
SHA256 b33031705aa73544858df53f11b3a5d9c969489d2c109cf32bbe1b796963c102
CRC32 9B3B3F21
ssdeep 6144:+68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1IP:+fnnK9zABs+TbFx9SXOPCf8DkqAR8zHt
Yara
  • AutoIt - autoit
  • PE_Header_Zero - PE File Signature
  • CoinMiner_IN - CoinMiner
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 5e74a8f714cd9bb5_kstziih
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\kstziih
Size 984.0B
Processes 1836 (WezoAutoUP.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 cfcd5fc0e571398b318eb19ecaa77d0e
SHA1 db53c8261c2a39151da8626417822ead5f64bf51
SHA256 5e74a8f714cd9bb5d881f41b3b34b11b8f4b1fe768cab9dd97cd26e2758a8eba
CRC32 39FE8E0B
ssdeep 12:6HGjfzmZmm0V5Ztbzugk0hwN/GzNQRcmaOVpARcmaOVHwNtelQrznVFJ2znVFTWY:8GLzmZmmmtbCgk0W8zOtPAtineSvgetu
Yara
  • Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal Search for analysis
Name af8efe67b47c1b63_dbzclientUpdate.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\dbzclientUpdate.exe
Size 1.3MB
Processes 1836 (WezoAutoUP.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 c14dd372e1ac076ccfdddce7c5e429b3
SHA1 1fecac88485ab97ac9ae0f550671d6df909f985e
SHA256 af8efe67b47c1b6354686df8de9c68577117beeebf20ffcd4e234802c1f9373e
CRC32 ED937AD6
ssdeep 24576:aUWjEmPLnItxyVz/HxL4fvyYJOLZfwbBRCCizAUBExcVdX/HIPeFAc:ammPLnIDK/Oz6JcBRCCi8UOUfIW6c
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 024e348d35d8e1b9_autD482.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autD482.tmp
Size 626.7KB
Processes 2500 (DownVerySync.exe)
Type data
MD5 65f759729528c6d83d7f46c5ae7b608d
SHA1 71bdb673b6ccb3ffc10cc2c5af019c94faad0e3c
SHA256 024e348d35d8e1b9aa4517ddf5d97b6a0477c61883febf0002bc85332299dae5
CRC32 895173DF
ssdeep 12288:BMecg0ORnwXW4NXAAGUcs7YlV1mQIesa/sk+bOTV0Y8vLy4tZg+9wfao/6:BBXKTGUR7SaQIeJ+ZY8zySg+W/6
Yara None matched
VirusTotal Search for analysis
Name 2d6bdfb341be3a62_hosts
Submit file
Filepath C:\Windows\System32\drivers\etc\hosts
Size 824.0B
Type ASCII text, with CRLF line terminators
MD5 3688374325b992def12793500307566d
SHA1 4bed0823746a2a8577ab08ac8711b79770e48274
SHA256 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085
CRC32 259FD3A9
ssdeep 24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTt8:vDZhyoZWM9rU5fFcp
Yara None matched
VirusTotal Search for analysis
Name 88c32d5d4132b4d5_changezuhaolnk.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\changezuhaolnk.exe
Size 401.5KB
Processes 1836 (WezoAutoUP.exe)
Type MS-DOS executable, MZ for MS-DOS
MD5 90f9973120104179d008e06cde39670c
SHA1 75b4479066accc2320385d0bed8d7c5d1d666bfc
SHA256 88c32d5d4132b4d58d1b02b9d183fd954f87f449f3d51ea3eaec8f9d12f913f2
CRC32 BF6F5113
ssdeep 6144:rGdCAohu2CHYuZXL4HURkKd6Sq4Tk6XlC9RukP5vBH0vwr5LtOztaOaZIm09Pkfy:SuT3u5eU3kFRDHvLCa8ea
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • MPRESS_Zero - MPRESS packed file
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name a237d48ef8685d9a_autE328.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autE328.tmp
Size 624.7KB
Processes 2148 (dbzclientUpdate.exe)
Type data
MD5 23c2e1b29bf35a0431038e6d50483258
SHA1 eb173b7f6e317ff7ed14aa58bfa5f5cda87c3316
SHA256 a237d48ef8685d9a6893c1966e84badfa60d6f4280ce79c5aa22869f3980b1d6
CRC32 491EBF6F
ssdeep 12288:Bf2KMqgPD5Pa7vSC96YKZsGnxHx05TUgqtDeMRLOF1nm2lLJ5TNnB7c4GmxtQM7z:BeKtg1Pa7vSCURntoUhFe2LgJp1BA0Xv
Yara None matched
VirusTotal Search for analysis
Name 00f26743c9486fac_autoupdate.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\AutoUpdate.dat
Size 295.0B
Processes 1836 (WezoAutoUP.exe)
Type ASCII text, with CRLF line terminators
MD5 dae1eed168a0536a275e5a15ae7db07f
SHA1 0b2754d37c534480a0ab720f8624f4e5abe30f57
SHA256 00f26743c9486fac7e82f9e79712c138b7a988c99ea27554283eaaca998dab49
CRC32 570E902E
ssdeep 6:i4cKzB4uKs4OAcuXE2ySc5P3AmWVyVbIFi9NGb/:zZivOlS7HyvLGT
Yara None matched
VirusTotal Search for analysis
Name f4af111386d937e7_wzoptBmp.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\wzoptBmp.exe
Size 313.2KB
Processes 1836 (WezoAutoUP.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8c6a57551936555b3fdc90562ccb9bf7
SHA1 b9597b52dac45c3915c1cb25dfc4226cb57a2c14
SHA256 f4af111386d937e7bd64fd304d947b542f44993d8f2f092c0ff2f2b584e18129
CRC32 D4CB7086
ssdeep 6144:4jT5Zh17eWxoG/+ov/2OIQ4wW3OBsCeAWIT+tMXY0be:4RZ+IoG/n9IQxW3OBsehT+tF0be
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name e53630de39937a26_DelHosts.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\DelHosts.exe
Size 328.9KB
Processes 1836 (WezoAutoUP.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 b0283aa6cc06b0880a1681f2c9802f05
SHA1 868fb3493c2a71a3c6613733a1f603d82ae43fed
SHA256 e53630de39937a263e8e87652569cb0815adfc700a42956ff960b8a18fc5a086
CRC32 5CEC5A0B
ssdeep 6144:x68oipnnK9jqXEX52Ums+Tbxzbx9SmIqQyPodMUf8Dkzel6R8zHe1It:3fnnK9zABs+TbFx9SXOPCf8DkqAR8zHz
Yara
  • AutoIt - autoit
  • PE_Header_Zero - PE File Signature
  • CoinMiner_IN - CoinMiner
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 7cb6dbf0990bcfe8_DownVerySync.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\DownVerySync.exe
Size 1.8MB
Processes 1836 (WezoAutoUP.exe)
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 a54ca6fc8ecfab0cc46f506d29acfd19
SHA1 8a1a072e0a3f47a5334d95232df4b3a3e723caa1
SHA256 7cb6dbf0990bcfe8384403e2a172ab5c3b0925c0149462de6f827bc3970a915c
CRC32 0A81EBE3
ssdeep 49152:5yzTf0oeJlypTbTNgGr03w4+l1diaIaKazTSx/P7eBN6Gp/:IfPTbBzTqDsN7p/
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 903d7479f85cf259_autBE98.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autBE98.tmp
Size 400.0B
Processes 1836 (WezoAutoUP.exe)
Type data
MD5 e4153373dd0754f3fe30add53c496576
SHA1 2e4365d9618839818db050783c995df6a4a5a60b
SHA256 903d7479f85cf2592c71d6a98470dfe29c118aa131ebb19f05d7549cd400bb89
CRC32 46527D9C
ssdeep 12:nQbOSvjS1540U1Xrtvr/kw5Liu6SXnFmt:nQbO6jO54blr/kw5LX6SVi
Yara None matched
VirusTotal Search for analysis
Name 0d885e052a12e590_hosts
Submit file
Filepath C:\Windows\System32\drivers\etc\hosts
Size 13.0B
Processes 2944 (storyhosts.exe)
Type ASCII text, with CRLF line terminators
MD5 e41c53c743e4ff59b6df563eca5ac478
SHA1 2cf556d7241daedeeaaa3dede7a066c35d600185
SHA256 0d885e052a12e590605bb1d6cbf7c2af98a20318d7ad8af35ad6170861815e76
CRC32 C4592C91
ssdeep 3:SG4Ovn:SGZv
Yara None matched
VirusTotal Search for analysis
Name 949c54c0119b00ac_autE308.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\autE308.tmp
Size 175.2KB
Processes 2148 (dbzclientUpdate.exe)
Type data
MD5 961c03bda9f144d9b08f9f239f4dfd31
SHA1 5c5dd4a3a3bb758bd6398a5c9774bd108a928a6c
SHA256 949c54c0119b00ac120772d5ee69f71b84f5a721807fd7be92a7d0cc84346618
CRC32 2E63B141
ssdeep 3072:zOQlkhd34kVTEInsoyR9++IxsX4zEtzLUC+IUWOC3MZiiq2Z52qrrwhVr:zOpf46EInslJmz2LUCWWX3dphVr
Yara None matched
VirusTotal Search for analysis