7282df13...1c55 | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Threat Names:
Gen:Variant.Symmi.31899

pewpew.exe

Windows Exe (x86-32)

Created 5 years ago

...

Remarks (1/1)

(0x02000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

VMRay Threat Identifiers (17 rules, 145 matches)

SeverityCategoryOperationCountClassification
5/5
AntivirusMalicious content was detected by heuristic scan1-
5/5
PersistenceWrites to Master Boot Record (MBR)1-
4/5
User Data ModificationModifies Windows automatic backups1-
3/5
Anti AnalysisTries to evade debugger1-
3/5
User Data ModificationPossibly drops ransom note files1Ransomware
2/5
ObfuscationResolves APIs dynamically to possibly evade static detection1-
2/5
Defense EvasionSends control codes to connected devices1-
2/5
Data CollectionReads sensitive browser data1-
1/5
Anti AnalysisTries to detect analyzer sandbox1-
1/5
System ModificationModifies application directory123-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Bootkit
Privilege Escalation
Defense Evasion
Software Packing
Virtualization / Sandbox Evasion
Hidden Window
Masquerading
Credential Access
Credentials in Files
Discovery
File and Directory Discovery
Virtualization / Sandbox Evasion
System Time Discovery
Lateral Movement
Collection
Automated Collection
Data from Local System
Command and Control
Standard Application Layer Protocol
Exfiltration
Impact
Inhibit System Recovery

Sample Information

ID#1332866
MD5
202bf9be9a4e45526e482f08104717ad
SHA1
1e5bbfb9167150935c6eb25bbbebbe5c77a97aa2
SHA256
7282df1360af4c028930ffd9fbc30ea9d17f08f14b725f8020677dd9df961c55
SSDeep
24576:u71XTfGSBd+CBOKBH95XPJS1yQg21Gam:u79TfDBgCB7fJyyQgP
ImpHash
2e5467cba76f44a088d39f78c5e807b6
Filenamepewpew.exe
File Size1042.50 KB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time2020-09-15 22:09 (UTC+)
Analysis Duration00:04:00
Number of Monitored Processes8
Execution SuccessfulTrue
Reputation EnabledTrue
WHOIS EnabledFalse
Local AV EnabledTrue
Local AV Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
YARA EnabledTrue
YARA Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
Number of AV Matches22
Number of YARA Matches0
Termination ReasonTimeout
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image