Dropped Files

Name f2e0d77f0abb7f89_ltxtem.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Roaming\Microsoft\ltxtem.exe
Size 97.5KB
Processes 2432 (a972a2d70f76546096764c7f655c8434df56a0498cf2b80596f5170449547e8d.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 481c336fa22856d0adc1da80e55b7b70
SHA1 e83feed6483b84a3fe56b66a5c262a019046cd62
SHA256 f2e0d77f0abb7f8915b555926927c4cc227780ef34121247e0e0342e475667af
CRC32 7743D776
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • Gandcrab - Gandcrab Payload
  • ReflectiveLoader - Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
  • CrowdStrike_CSIT_18151_01 - This rule detects GandCrab ransomware once it is in an unpacked state.
  • network_http - Communications over HTTP
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.