Cuckoo Sandbox

Name	71449e630fb0a6ec_backup.exe Download Submit file
Filepath	C:\Users\Administrator\AppData\Local\Temp\0C7910BA-F902-421E-9E69-CF9AEE0DD4D7\backup.exe
Size	92.3KB
Processes	2740 (537de433cdb88f14_backup.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`23dc97d368fb918277f0f208fbbb0500`
SHA1	`58df9518a3332249e2c93ebbb42b654301decc93`
SHA256	`71449e630fb0a6ecc7c7ca2a24e38160850803e112568795b58105c50008eef9`
CRC32	`B0DE60A9`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Name	8302329cfd85d7bc_backup.exe Download Submit file
Filepath	C:\backup.exe
Size	92.3KB
Processes	2380 (backup.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5	`825ff2d0bcd05c433741f9e2484d50ae`
SHA1	`f6be23b363fac52a8e69a68ed17c6a1bcb17b1e1`
SHA256	`8302329cfd85d7bc67da6aa07111f4bd9512d2997156b9ac22090273bd5e3147`
CRC32	`FEA6C92C`
ssdeep	`None`
Yara	suspicious_packer_section - The packer/protector section names/keywords SEH__vba - (no description) escalate_priv - Escalade priviledges win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token
VirusTotal	Search for analysis

Dropped Files