Dropped Files

Name 44a0f356759d65a2_backup.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Local\Temp\0C7910BA-F902-421E-9E69-CF9AEE0DD4D7\backup.exe
Size 92.3KB
Processes 2920 (4ab34a51de83138302ae5318fe564b8212e4aae35073bb0ca14b2297c842a200.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 c9b74441a6dc3703238eb881f0b60772
SHA1 9f9bcf9c5c470605a4f73da24aadcb89f90655ae
SHA256 44a0f356759d65a29e937af0f0fc8c3c8899963c87e0fcccdf12e490329ad5a4
CRC32 3CD60AF6
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Name 537de433cdb88f14_backup.exe
Download Submit file
Filepath C:\backup.exe
Size 92.3KB
Processes 2340 (backup.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 bb8d8d27b83f6e564918ab15615c4fcf
SHA1 2b78f6002748455afc039c173aee1ec27216fe95
SHA256 537de433cdb88f142b2644062185e003eec43aefb246d8f9f367d08f8f41e49f
CRC32 46E03467
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.