01aa2cf8...3993 | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Threat Names:
Gen:Variant.Mikey.113920

PnbkiTYYJ8UbA9a3.exe

Windows Exe (x86-32)

Created 5 years ago

...

VMRay Threat Identifiers (12 rules, 39 matches)

SeverityCategoryOperationCountClassification
5/5
Defense EvasionBypasses Windows User Account Control (UAC)1-
5/5
User Data ModificationEncrypts content of user files1Ransomware
5/5
AntivirusMalicious content was detected by heuristic scan1-
4/5
User Data ModificationModifies Windows automatic backups1-
2/5
ObfuscationResolves APIs dynamically to possibly evade static detection1-
2/5
Anti AnalysisTries to detect debugger2-
1/5
MutexCreates mutex1-
1/5
DiscoveryReads SMB connection information27-
1/5
Network ConnectionPerforms DNS request1-
1/5
System ModificationCreates an unusually large number of files1-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Modify Registry
Software Packing
Credential Access
Discovery
Network Share Discovery
System Network Connections Discovery
System Network Configuration Discovery
Process Discovery
Lateral Movement
Collection
Command and Control
Standard Application Layer Protocol
Standard Cryptographic Protocol
Exfiltration
Impact
Data Encrypted for Impact
Inhibit System Recovery

Sample Information

ID#1067338
MD5
f8290f2d593a05ea811edbd3bff6eacc
SHA1
497985116f4ebaa05f1774c16adb5aa52b8e9756
SHA256
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993
SSDeep
24576:AxT2+3dmY7FF1JLurH0q7kRZLJn0A0ffqN3CzPtakNLIE4GPoyP:f+NmY7FFHurUayLLKCdCzPtFZb
ImpHash
50a420668550f98372c95025cc500359
FilenamePnbkiTYYJ8UbA9a3.exe
File Size2058.84 KB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time2020-06-30 14:06 (UTC+)
Analysis Duration00:03:49
Number of Monitored Processes8
Execution SuccessfulTrue
Reputation EnabledTrue
WHOIS EnabledFalse
Local AV EnabledTrue
Local AV Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
YARA EnabledTrue
YARA Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
Number of AV Matches19
Number of YARA Matches0
Termination ReasonTimeout
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image