Try VMRay Platform
Malicious
Classifications

Ransomware

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created 1 year ago

Setup.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "2 minutes" to "20 seconds" to reveal dormant functionality.

VMRay Threat Identifiers (14 rules, 21 matches)

ScoreCategoryOperationCountClassification
5/5
User Data ModificationAppends new extensions to many filenames1Ransomware
5/5
User Data ModificationEncrypts content of user files1Ransomware
4/5
Defense EvasionBypasses Windows User Account Control (UAC)1-
4/5
ReputationMalicious file detected via reputation3-
3/5
System ModificationModifies system configuration1-
2/5
System ModificationChanges the desktop wallpaper1-
2/5
Hide TracksHides files4-
1/5
Privilege EscalationEnables process privileges1-
1/5
Input CaptureMonitors mouse movements and clicks1-
1/5
Defense EvasionAccesses volumes directly1-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Hidden Files and Directories
Privilege Escalation
Defense Evasion
Modify Registry
Hidden Files and Directories
Software Packing
Obfuscated Files or Information
File System Logical Offsets
Credential Access
Input Capture
Discovery
Lateral Movement
Collection
Input Capture
Command and Control
Exfiltration
Impact
Data Encrypted for Impact
Defacement

Sample Information

ID#9566692
MD5
da6b7ddd28dc387bcd10b180c9bdff58
SHA1
c29cd8c4370576afb63deea020bcafd8c0638de0
SHA256
077eee74b8f1227707b389a953234756d3bf8b78108a24f132bd5feb209dd8f6
SSDeep
98304:79Xv0eg9Xv0WJEdbxAtwOT3vjONrdbxAtQGTgvjOmh9Xvp79XvTY9XvRy9Xvjo9V:tqiRJAUkotsOFdRvCkn
ImpHash
f34d5f2d4577ed6d9ceec516c1f5a744
File NameSetup.exe
File Size12548.00 KB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time2023-12-27 00:12 (UTC+)
Analysis Duration00:04:00
Termination ReasonTimeout
Number of Monitored Processes32
Execution Successful
Reputation Enabled
Built-in AV Enabled
Number of AV Matches0
YARA Enabled
Number of YARA Matches0
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image