Cuckoo Sandbox

Name	c1095ce02c0b7ddd_backup.exe Download Submit file
Filepath	C:\Users\Administrator\AppData\Local\Temp\0C7910BA-F902-421E-9E69-CF9AEE0DD4D7\backup.exe
Size	446.8KB
Processes	2428 (8452036ca45611a556252468a0dfc5b75f164dd21ea3f069c6e95748ea56f4e3.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`463d54d98607d3949307a26133c43a26`
SHA1	`fd477d9fc357b36ab53af84032d46e79ec47c35f`
SHA256	`c1095ce02c0b7dddfaaceeb7ec83c63644a6cddf2603d9e826a5f65a386025c4`
CRC32	`2F565DDB`
ssdeep	`None`
Yara	UPX - (no description) suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Name	07fcf32f96aba31f_backup.exe Download Submit file
Filepath	C:\backup.exe
Size	446.8KB
Processes	2652 (backup.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`a0615838994452f69d7a9a0d869b3071`
SHA1	`c0899d9b3cee1d97f8e320a89cc3f39b4bf52171`
SHA256	`07fcf32f96aba31fa18cc50a5d5c03f10ca2439f8b741d4d7ad23fcefa904d61`
CRC32	`E4C289C9`
ssdeep	`None`
Yara	UPX - (no description) suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Dropped Files