45e3b30b...9ecf | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Dropper, Trojan

Ztarter.exe

Windows Exe (x86-32)

Created 5 years ago

...

VMRay Threat Identifiers (20 rules, 6809 matches)

SeverityCategoryOperationCountClassification
5/5
Local AVMalicious content was detected by heuristic scan2-
5/5
ReputationKnown malicious file1Trojan
4/5
OSDisables a crucial system tool1-
4/5
File SystemModifies content of user files1Ransomware
4/5
File SystemRenames user files1Ransomware
4/5
OSModifies Windows automatic backups1-
4/5
ReputationContacts known malicious URL1-
3/5
OSDisables a Windows system tool1-
2/5
Anti AnalysisResolves APIs dynamically to possibly evade static detection1-
2/5
Information StealingReads sensitive application data1-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Modify Registry
Software Packing
Credential Access
Credentials in Files
Discovery
File and Directory Discovery
Lateral Movement
Collection
Automated Collection
Data from Local System
Command and Control
Standard Application Layer Protocol
Standard Cryptographic Protocol
Exfiltration
Impact
Inhibit System Recovery
Data Encrypted for Impact

Sample Information

ID#384257
MD5
2b89ef183c92e9079dbbc94e1ec98882
SHA1
0c002fd5bc1f8cc160eb8ab703efed34d98a0ab6
SHA256
45e3b30b0f9c9c6448397a5023ae896f3fe9460bab7c6f63c4cc856c60ed9ecf
SSDeep
49152:j5Hu8Dz/QWPllSS932iAllZnSieTOAHy:j5Hu8vQk4dN
ImpHash
c836057dae67f1a056025c5091865bb1
FilenameZtarter.exe
File Size2863.50 kB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time:2019-12-19 20:12 (UTC+)
Analysis Duration:00:04:00
Number of Monitored Processes10
Execution SuccessfulTrue
Reputation EnabledTrue
WHOIS EnabledFalse
Local AV EnabledTrue
YARA EnabledTrue
Number of AV Matches3
Number of YARA Matches0
Termination ReasonTimeout
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image