Dropped Files

Name 50a46b3120da8285_broomsetup.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Local\Temp\BroomSetup.exe
Size 4.7MB
Processes 520 (8c7c39736cf9d51e1763ec21d68b0ff45b229fb265239fcd3b467087ecb2aa80.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5e94f0f6265f9e8b2f706f1d46bbd39e
SHA1 d0189cba430f5eea07efe1ab4f89adf5ae2453db
SHA256 50a46b3120da828502ef0caba15defbad004a3adb88e6eacf1f9604572e2d503
CRC32 E8BF1656
ssdeep None
Yara
  • GenerateTLSClientHelloPacket_Test - (no description)
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • win_hook - Affect hook table
VirusTotal Search for analysis
Name 824443f0adac4894_task.bat
Download Submit file
Filepath C:\Users\Administrator\AppData\Roaming\Temp\Task.bat
Size 131.0B
Processes 2944 (BroomSetup.exe)
Type ASCII text, with CRLF line terminators
MD5 c15c162c03e5ca7f345055054dac15f9
SHA1 f7dd58db7016b67329ba2e4c9eb0df6a62051517
SHA256 824443f0adac4894938e73d4ebba52b00aca6a1514b935a080e45302a23f28cf
CRC32 CEA2F9B9
ssdeep None
Yara None matched
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.