Cuckoo Sandbox

Name	9ac3f373fcd3dc65_backup.exe Download Submit file
Filepath	C:\Users\Administrator\AppData\Local\Temp\0C7910BA-F902-421E-9E69-CF9AEE0DD4D7\backup.exe
Size	92.4KB
Processes	3060 (76460c88b0cfa710_system restore.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`0616fd822eb09c0dec9fbd8fbed25f7d`
SHA1	`642e79c0edee4422bf835ab3aba28268b9efe079`
SHA256	`9ac3f373fcd3dc65ae302d6110099e697d7e6be400aa9f2067af18108f105033`
CRC32	`F2C4F7EB`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Name	a07583ccee601785_update.exe Download Submit file
Filepath	C:\update.exe
Size	92.4KB
Processes	292 (backup.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`1696dd6e0001bc699fe953ac215c44c7`
SHA1	`16b054df7cf072277a52725edc6bd79678962847`
SHA256	`a07583ccee60178535b5aed446f84640bdb67904c5cf009ee5c5d324b5c2bce4`
CRC32	`F9539D0F`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Dropped Files