Dropped Files

Name 5a29b425ed910fe3_system restore.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Local\Temp\0C7910BA-F902-421E-9E69-CF9AEE0DD4D7\System Restore.exe
Size 172.5KB
Processes 940 (a0bbe7a1d2e3c9bf_backup.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 12d2709b89bbe913f4f939a40b14df82
SHA1 ebc66818571a97e6c74fd1ce7008f4ebb5b5f3f3
SHA256 5a29b425ed910fe3f9129f80472a22f0c73bc87020084f97f800244a2af316fc
CRC32 665F0215
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Name 8c99c950fa8081ef_backup.exe
Download Submit file
Filepath C:\backup.exe
Size 172.5KB
Processes 1916 (System Restore.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 6abc2d7bd9bf422e2f223f7720bd1936
SHA1 b48c10ab9f3109147aa3b2c8639c3e608959feef
SHA256 8c99c950fa8081effe041443374af936b8af7867f737f43af6f62647f613d87a
CRC32 B9D6072D
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.