15a9c963...9cdc | IOCs
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Trojan
Threat Names:
Win32.Trojan.Genkryptik

0AJTD.txt.exe

Windows Exe (x86-32)

Created at 2020-01-13T12:01:00

...

Indicators

File (5)
»
Filename Hash Operations Category Severity
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0AJTD.txt.exe MD5: b3c84d5c7cde6b094a0e2c7b9a2004fd
SHA1: f32a43ac984e3ed11f374f69281539aa62acd6dd
SHA256: 15a9c96372795124730f77034d64357fa50a82d71ebbc4dc5384c23d13e99cdc
SSDeep: 1536:AO6ayqCgtrA/xR+R6qzRayqCgtrA/xRIO:9ZxXlexMYqzcxXlexD
ImpHash: 0d752340c040aec272d06f0ff2a5afa7 		Access Sample File
Malicious
C:\%insfolder%\%insname% - Access
Not Available
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config - Access
Not Available
C:\Windows\system32\MSVBVM60.DLL - Access
Not Available
\??\C:\Windows\syswow64\mstsc.exe - Access
Not Available
Registry (7)
»
Registry Key Name Operations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors Access
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework Access
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgManagedDebugger Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Impersonation Level Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Namespace Access, Read
Mutex (1)
»
Mutex Name Operations
Access
Domain (2)
»
Domain Sources Severity
teknik.io Function Log
Unknown
u.teknik.io Function Log
Unknown
URL (1)
»
URL Operations Category Severity
https://u.teknik.io/uEs1w.bin GET Contacted
Unknown
IP (1)
»
IP Protocols Sources
5.79.72.163 TCP, HTTPS PCAP, Function Log
Export to TXT Export to JSON
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image