Cuckoo Sandbox

Name	ccd6e253107805aa_dw20.exe Download Submit file
Filepath	C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
Size	14.3MB
Processes	2620 (5f78019ec59c52a6_dw20.exe)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`2e76bb3b03c5fac612b05f40a722962b`
SHA1	`0de99fb6fbe7092ac16d137f97387bae4a3e4272`
SHA256	`ccd6e253107805aabcf47ee6fe60a9d4d643dc1042589065684529d0e7fdeea6`
CRC32	`ADFFBD54`
ssdeep	`None`
Yara	vmdetect - Possibly employs anti-virtualization techniques Base64_encoded_Executable - Detects an base64 encoded executable (often embedded) DebuggerException__ConsoleCtrl - (no description) DebuggerException__SetConsoleCtrl - (no description) SEH__vectored - (no description) create_service - Create a windows service network_udp_sock - Communications over UDP network network_tcp_listen - Listen for incoming communication network_tcp_socket - Communications over RAW socket network_dns - Communications use DNS
VirusTotal	Search for analysis

Name	a8acc55f3ff8f5e5_msaddndr.dll Download Submit file
Filepath	C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL
Size	14.3MB
Processes	2620 (5f78019ec59c52a6_dw20.exe)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`ccd31c5d9a82b36924274a463c8b1178`
SHA1	`811d904f110e01153835750c8374c2fedff75081`
SHA256	`a8acc55f3ff8f5e5581148e633fb4a7c40008ea38004509732870e418ee4f935`
CRC32	`D562FDA7`
ssdeep	`None`
Yara	vmdetect - Possibly employs anti-virtualization techniques Base64_encoded_Executable - Detects an base64 encoded executable (often embedded) DebuggerException__ConsoleCtrl - (no description) DebuggerException__SetConsoleCtrl - (no description) SEH__vectored - (no description) create_service - Create a windows service network_udp_sock - Communications over UDP network network_tcp_listen - Listen for incoming communication network_tcp_socket - Communications over RAW socket network_dns - Communications use DNS
VirusTotal	Search for analysis

Dropped Files