Dropped Files

Name c06fa0fa4a94aca6_backup.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Local\Temp\9C7EA51D-B2B9-4ABB-A82F-1B32707A146E\backup.exe
Size 286.4KB
Processes 2104 (0c661898adbf0f9c_backup.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 3a7ccda8a6e7215024163f42079b50be
SHA1 0236fd5b2d76b8e21110e2875bd471a9c82eaaf1
SHA256 c06fa0fa4a94aca6313d624e50a70e93984bd5f8cb42eebaf52f3cd494ca294c
CRC32 03F559A9
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Name 88b0aa88669cb53e_data.exe
Download Submit file
Filepath C:\data.exe
Size 286.4KB
Processes 2624 (data.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 cf34ebb5a4ae7fb53fdbcb3b67a6d904
SHA1 7b777fed65aaf20c1135e606d379527549dcd6ca
SHA256 88b0aa88669cb53e44ae95dbf1fc5351c989d52c87b75cdb7fa95ffd841312a4
CRC32 36712B87
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.