Dropped Files

Name 60afbf64fcf8670b_mgeywrojgb.exe
Download Submit file
Filepath C:\Temp\mgeywrojgb.exe
Size 361.0KB
Processes 2400 (lfdxvpnifaysqkic.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9cdbc7ff8cf39b6fd45360aa0212dfc3
SHA1 ace27e61cb1d3035843403cf4d0f4c1ae8ab3c8b
SHA256 60afbf64fcf8670bb99c75ddb11ee2db8283c6da0f26780ecf83cbb049084402
CRC32 D10AB7CF
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Name 4720b076b34a25b6_i_mgeywrojgb.exe
Download Submit file
Filepath C:\Temp\i_mgeywrojgb.exe
Size 361.0KB
Processes 2400 (lfdxvpnifaysqkic.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 73eb1085fd6dc2437fa1ad12956036a0
SHA1 ff197ed90cb1412f79b2b342de3ea7aec702f79d
SHA256 4720b076b34a25b6dbbab357ce74404d131e571c2a35742d355a8ccf5f8fca3d
CRC32 D3F31530
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.