Dropped Files

Name 0cb0f6e303130a0f_vminst.log
Download Submit file
Filepath C:\Users\Administrator\AppData\Local\Temp\vminst.log
Size 18.4KB
Processes 1960 (VMware-VMRC-12.0.5-22744838.exe)
Type ASCII text, with CRLF line terminators
MD5 062fcd663939b28f1f14db3fd09ca69c
SHA1 a0ab6c4e8d2757135f928ea1ab9202a08873ed75
SHA256 0cb0f6e303130a0f2ae135b8478641b88bd1196349480ac5d87e575eaa1eed81
CRC32 69511AAB
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
VirusTotal Search for analysis
Name 39e5ac1cf6b42e07_vcredist_x64.exe
Download Submit file
Filepath C:\Windows\Temp\{A1ECCD21-BF90-4005-AC8C-949138EF7F0E}\.cr\vcredist_x64.exe
Size 633.1KB
Processes 2920 (vcredist_x64.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 303507c360d53f2bb488579029d2134f
SHA1 85bf0dde00c62feb9dc19bd2dfc0a158d113e400
SHA256 39e5ac1cf6b42e072d498ebddd9122f205aab20fd36c5f59ee61e9a7d8ee3f18
CRC32 E165376D
ssdeep None
Yara
  • APT32_KerrDown - (no description)
  • anti_dbg - Checks if being debugged
  • network_http - Communications over HTTP
  • network_dga - Communication using dga
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.