Cuckoo Sandbox

Name	cfa3afd8fbb7b732_sysctl.exe Download Submit file
Filepath	C:\Windows\SysWOW64\sysctl.exe
Size	423.5KB
Processes	1456 (20526025a95ffa9f64999cf4710158d844abda8ae2d43934adb772980e0cb574.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`bd1f166c352e2ea0654a3f4c35a11a6e`
SHA1	`dcf2423bb7235aeeb66c313e7faa5beccc9c6052`
SHA256	`cfa3afd8fbb7b732a62a019e1ca60ec838be03d96213ab259ef4e02a80deac20`
CRC32	`A901D270`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords screenshot - Take screenshot keylogger - Run a keylogger win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile win_hook - Affect hook table
VirusTotal	Search for analysis

Name	ae0c756b0525ff1b_realex.exe Download Submit file
Filepath	C:\Windows\SysWOW64\realex.exe
Size	423.0KB
Processes	1456 (20526025a95ffa9f64999cf4710158d844abda8ae2d43934adb772980e0cb574.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`e1e40c77d255d32d1a5a45cdbdaba8b1`
SHA1	`3ad2a6f09ec8a44bf43e6353d4b565c8818ad2f0`
SHA256	`ae0c756b0525ff1b559a3212438d8458c753d947b321c800736f37771cde36fa`
CRC32	`76E42B46`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords screenshot - Take screenshot keylogger - Run a keylogger win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile win_hook - Affect hook table
VirusTotal	Search for analysis

Dropped Files