8b55419d...28e5 | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Worm
Threat Names:
Olympic Destroyer
Gen:Heur.Ransom.Imps.3

nqxxyd.exe

Windows Exe (x86-32)

Created 5 years ago

...

VMRay Threat Identifiers (8 rules, 2279 matches)

SeverityCategoryOperationCountClassification
5/5
AntivirusMalicious content was detected by heuristic scan2-
5/5
YARAMalicious content matched by YARA rules1Worm
4/5
User Data ModificationModifies Windows automatic backups1-
1/5
Hide TracksCreates process with hidden window1-
1/5
MutexCreates mutex1-
1/5
Hide TracksChanges folder appearance4-
1/5
System ModificationModifies application directory2268-
1/5
System ModificationCreates an unusually large number of files1-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Hidden Window
Masquerading
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Inhibit System Recovery

Sample Information

ID#465958
MD5
2a5f3ab8d25cd871e42cb497ea05d095
SHA1
89ee0b5f62898f5f956a865eaa809f2c53b43e76
SHA256
8b55419d7438f31677086f23e4fc7746d26704ae9ac3fafc3bab53d1d9fa28e5
SSDeep
1536:tQisS1xANITFKvxqr118w6Z8WutuQr9VJGFqPgvWu1dLSlPv4+:tBsSPA6hKZqr156GvDVoVNHSlPg+
Filenamenqxxyd.exe
File Size81.00 KB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time2020-02-13 02:02 (UTC+)
Analysis Duration00:04:00
Number of Monitored Processes6
Execution SuccessfulTrue
Reputation EnabledTrue
WHOIS EnabledFalse
Local AV EnabledTrue
Local AV Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
YARA EnabledTrue
YARA Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
Number of AV Matches3
Number of YARA Matches1
Termination ReasonTimeout
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image