Cuckoo Sandbox

Name	990ef8524b7c27f6_backup.exe Download Submit file
Filepath	C:\Users\Administrator\AppData\Local\Temp\0C7910BA-F902-421E-9E69-CF9AEE0DD4D7\backup.exe
Size	92.3KB
Processes	2208 (4678bb2d7a765b70_backup.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`fe23be02e321b48680692f8e3fbde55e`
SHA1	`1fab0041bb63f61515a87465b4965fe9d8942005`
SHA256	`990ef8524b7c27f6d29f35e6a8cd433a530ad09969ad4226a24d24278763019f`
CRC32	`7A3C8EE2`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Name	d7ee3dcb334b11b2_backup.exe Download Submit file
Filepath	C:\backup.exe
Size	92.3KB
Processes	176 (backup.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`85e4fc61b7d8ac69a8b5f4afc956ac47`
SHA1	`c04426695280ba15c553ff5574e7f5b74af6657b`
SHA256	`d7ee3dcb334b11b28a57a47825bf7a6915227dbc9f90455d5237a3c6caa3a0a5`
CRC32	`B72E4A1B`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Dropped Files