XZZX Cryptomix Ransomware Variant | VTI by Score
Try VMRay Analyzer
|
VTI Score
100 / 100
|
|
| VTI Database Version | 2.6 |
| VTI Rule Match Count | 54 |
| VTI Rule Type | Default (PE, ...) |
|
File System | Encrypt content of user files |
|
|
Encrypt the content of multiple user files. This is an indicator for ransomware.
|
|||
|
|
File System | Delete user files |
|
|
Delete multiple user files. This is an indicator for wiper malware.
|
|||
|
|
OS | Disable crucial system service |
|
|
Stop "Windows Security Center Service" by ControlService.
|
|||
|
Stop "Windows Defender Service" by ControlService.
|
|||
|
Stop "Windows Update Service" by ControlService.
|
|||
|
|
Hide Tracks | Use alternate data stream (ADS) |
|
|
Use alternate data stream in "bce1010314.exe:zone.identifier".
|
|||
|
|
Persistence | Install system startup script or application |
|
|
Add ""C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe"" to windows startup via registry.
|
|||
|
Add ""C:\ProgramData\BCE1010314.exe"" to windows startup via registry.
|
|||
|
|
Process | Create process with hidden window |
|
|
The process "cmd" starts with hidden window.
|
|||
|
|
Process | Create system object |
|
|
Create mutex with name "E1010314_offset".
|
|||
|
|
File System | Modify application directory |
|
|
Modify "c:\program files\_help_instruction.txt".
|
|||
|
Modify "c:\program files (x86)\_help_instruction.txt".
|
|||
|
|
Masquerade | Change folder appearance |
|
|
Folder "c:\users" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\contacts" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\documents" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\documents\my shapes" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\downloads" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\favorites" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\favorites\links" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\links" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\music" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\pictures" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\saved games" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\searches" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\videos" has a changed appearance.
|
|||
|
Folder "c:\users\default\contacts" has a changed appearance.
|
|||
|
Folder "c:\users\default\documents" has a changed appearance.
|
|||
|
Folder "c:\users\default\downloads" has a changed appearance.
|
|||
|
Folder "c:\users\default\favorites" has a changed appearance.
|
|||
|
Folder "c:\users\default\favorites\links" has a changed appearance.
|
|||
|
Folder "c:\users\default\links" has a changed appearance.
|
|||
|
Folder "c:\users\default\music" has a changed appearance.
|
|||
|
Folder "c:\users\default\pictures" has a changed appearance.
|
|||
|
Folder "c:\users\default\saved games" has a changed appearance.
|
|||
|
Folder "c:\users\default\searches" has a changed appearance.
|
|||
|
Folder "c:\users\default\videos" has a changed appearance.
|
|||
|
Folder "c:\users\public" has a changed appearance.
|
|||
|
Folder "c:\users\public\documents" has a changed appearance.
|
|||
|
Folder "c:\users\public\downloads" has a changed appearance.
|
|||
|
Folder "c:\users\public\libraries" has a changed appearance.
|
|||
|
Folder "c:\users\public\music" has a changed appearance.
|
|||
|
Folder "c:\users\public\music\sample music" has a changed appearance.
|
|||
|
Folder "c:\users\public\pictures" has a changed appearance.
|
|||
|
Folder "c:\users\public\pictures\sample pictures" has a changed appearance.
|
|||
|
Folder "c:\users\public\recorded tv" has a changed appearance.
|
|||
|
Folder "c:\users\public\recorded tv\sample media" has a changed appearance.
|
|||
|
Folder "c:\users\public\videos" has a changed appearance.
|
|||
|
Folder "c:\users\public\videos\sample videos" has a changed appearance.
|
|||
|
Folder "c:\users\5p5nrgjn0js halpmcxz\desktop" has a changed appearance.
|
|||
|
Folder "c:\users\default\desktop" has a changed appearance.
|
|||
|
Folder "c:\users\public\desktop" has a changed appearance.
|
|||
|
|
Anti Analysis | Dynamic API usage |
|
|
Resolve above average number of APIs.
|
|||
|
|
File System | Modify operating system directory |
|
|
Create file "C:\Windows\_HELP_INSTRUCTION.TXT" in the OS directory.
|
|||
|
|
File System | Create many files |
|
|
Create above average number of files.
|
|||
