Cuckoo Sandbox

Name	541e4b1225d48f5a_backup.exe Download Submit file
Filepath	C:\Users\Administrator\AppData\Local\Temp\0C7910BA-F902-421E-9E69-CF9AEE0DD4D7\backup.exe
Size	82.2KB
Processes	572 (a7af2569fed576a3acab402888694f819003701dced2be334c555620ddbd35cc.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`e1309cb260ccad8e2cbaa1c34cd27c4d`
SHA1	`b6d384d741d37f925758e8a8153587a3a300683e`
SHA256	`541e4b1225d48f5a197e03822a7db3b22d8bb84a0030478db59a4b62148d1cd1`
CRC32	`59A6C817`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Name	a8bb8d43053b171d_backup.exe Download Submit file
Filepath	C:\backup.exe
Size	82.2KB
Processes	2892 (backup.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`8b9ef7f0711145f2d8c7407d82fa6bd1`
SHA1	`802ee72866b80a311ae28044b42b0ae72af6aa05`
SHA256	`a8bb8d43053b171da0ab80cd3ca581eb534d415e97a39d47bb6e518cc3342aad`
CRC32	`CC529529`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Dropped Files