13d263fb...c5e1 | Kernel
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

Wacatac_2019-11-20_00-10.exe

Windows Exe (x86-32)

Created at 2019-11-20T19:59:00

...

Remarks (1/1)

(0x2000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Kernel Graph 1

Kernel Graph

Kernel Graph Legend
Code Block #1 (EP #2)
»
Information Value
Trigger ExpWorkerThread+0x10f
Start Address 0xfffffa80018c0244
Execution Path #2 (length: 1, count: 1, processes: 1 incomplete)
»
Information Value
Sequence Length 1
Processes
»
Process Count
Process 9 (System, PID: 4) 1
Sequence
»
Symbol Parameters
KeDelayExecutionThread WaitMode_unk = 0x0, Alertable = 0, Interval_ptr = 0xfffff88001f655a8, Interval = -1234192295

Kernel Graph 2

Kernel Graph

Kernel Graph Legend
Code Block #2 (EP #1)
»
Information Value
Trigger unknown_0xfffffa80018f0000+0x23b
Start Address 0xfffff800016eac10
Execution Path #1 (length: 1, count: 1, processes: 1)
»
Information Value
Sequence Length 1
Processes
»
Process Count
Process 9 (System, PID: 4) 1
Sequence
»
Symbol Parameters
ExQueueWorkItem WorkItem_ptr = 0xfffffa80018f03bb, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0x0, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80018f4fa0, WorkItem_deref_Parameter_ptr = 0xfffffa80018f017b, QueueType_unk = 0x1, WorkItem_ptr_out = 0xfffffa80018f03bb, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0x0, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80018f4fa0, WorkItem_deref_Parameter_ptr_out = 0xfffffa80018f017b
Code Block #3 (EP #3)
»
Information Value
Trigger ExpWorkerThread+0x10f
Start Address 0xfffffa80018f4fa0
Execution Path #3 (length: 2, count: 1, processes: 1 incomplete)
»
Information Value
Sequence Length 2
Processes
»
Process Count
Process 9 (System, PID: 4) 1
Sequence
»
Symbol Parameters
ExAllocatePoolWithTag PoolType_unk = 0x0, NumberOfBytes_ptr = 0x1cd6f, Tag = 0x70764946, ret_val_ptr_out = 0xfffffa8001991000
KeSetTimer Timer_unk = 0xfffffa80018b4b1b, DueTime_unk = 0xffffffffb3c544f1, Dpc_unk = 0xfffffa80018b4b5b, Timer_unk_out = 0xfffffa80018b4b1b, ret_val_out = 0
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image