Scheduled Task
OnB5h0yX46mreVq4.exe
Windows Exe (x86-32)
Created 4 years ago
Remarks (2/3)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 45 seconds" to "10 seconds" to reveal dormant functionality.
(0x0200003A): 2 tasks were rescheduled ahead of time to reveal dormant functionality.
VMRay Threat Identifiers (20 rules, 147 matches)
| Severity | Category | Operation | Count | Classification | |
|---|---|---|---|---|---|
5/5 | Antivirus | Malicious content was detected by heuristic scan | 7 | - | |
5/5 | Reputation | Known malicious file | 3 | - | |
5/5 | YARA | Malicious content matched by YARA rules | 101 | Ransomware | |
4/5 | User Data Modification | Modifies content of user files | 1 | Ransomware | |
4/5 | User Data Modification | Renames user files | 1 | Ransomware | |
4/5 | Reputation | Contacts known malicious URL | 7 | - | |
3/5 | YARA | Suspicious content matched by YARA rules | 6 | - | |
2/5 | Obfuscation | Resolves APIs dynamically to possibly evade static detection | 1 | - | |
2/5 | Hide Tracks | Deletes file after execution | 1 | - | |
2/5 | Task Scheduling | Schedules task | 1 | - | |
Screenshots
Monitored Processes
MITRE ATT&CK™ Matrix - Windows
ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Scheduled Task
Registry Run Keys / Startup Folder
Privilege Escalation
Scheduled Task
Defense Evasion
Software Packing
Hidden Window
Modify Registry
Credential Access
Discovery
System Network Connections Discovery
System Network Configuration Discovery
Process Discovery
Lateral Movement
Remote File Copy
Collection
Command and Control
Remote File Copy
Standard Application Layer Protocol
Standard Cryptographic Protocol
Exfiltration
Impact
Data Encrypted for Impact
Sample Information
| ID | #1408453 |
| MD5 | |
| SHA1 | |
| SHA256 | |
| SSDeep | |
| ImpHash | |
| Filename | OnB5h0yX46mreVq4.exe |
| File Size | 687.00 KB |
| Sample Type | Windows Exe (x86-32) |
Analysis Information
| Creation Time | 2020-10-05 05:10 (UTC+) |
| Analysis Duration | 00:04:00 |
| Number of Monitored Processes | 11 |
| Execution Successful |  |
| Reputation Enabled | |
| WHOIS Enabled |  |
| Local AV Enabled | |
| Local AV Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps |
| YARA Enabled | |
| YARA Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps |
| Number of AV Matches | 26 |
| Number of YARA Matches | 129 |
| Termination Reason | Timeout |
