Dropped Files

Name 8a6309173bdf0748_aqkicausnk.exe
Download Submit file
Filepath C:\Temp\aqkicausnk.exe
Size 361.0KB
Processes 1924 (wuomhezwrpjhbzur.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6e4b57814b15abcdeff62d41e47c447c
SHA1 20f5185481a48f9b966ea1b022906b905e6d5597
SHA256 8a6309173bdf074800ede953c27d896cd3edb49c68972ca2faa1fa9d87b388c6
CRC32 938F1855
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Name dfba1aa1603aafc8_i_aqkicausnk.exe
Download Submit file
Filepath C:\Temp\i_aqkicausnk.exe
Size 361.0KB
Processes 1924 (wuomhezwrpjhbzur.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b6d0678a968e0762239c6a6bc1b4170f
SHA1 c504ec617a0a185fc036dce02a504a37840f1f8f
SHA256 dfba1aa1603aafc8ec12ef02eae46bcbfa154af71c0b3ee90023794964fc6fe5
CRC32 153B6763
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.