Try VMRay Platform
Malicious
Classifications

Downloader Injector Backdoor

Threat Names

Warzone SmokeLoader Mal/Generic-S RedNet +3

Remarks (2/3)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "7 minutes, 17 seconds" to "20 seconds" to reveal dormant functionality.

Remarks

(0x0200001F): Code in memory was overwritten during this analysis. Review the corresponding VTI for more information.

(0x0200004A): 3 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 512 MB.

Monitored Processes

Process GraphProcess Graph Legend
»
Process Overview

Behavior Information - Grouped by Category

»
Process #1: 558944fc2adfcd051a2f55cf18141d0b6e70282d51bb425e4035c09d39aac49a.exe
1287
2747
»
Process #2: miner.exe
6
0
»
Process #3: vbc.exe
4
0
»
Process #4: kk.exe
70
0
»
Process #5: 360.exe
0
0
»
Process #6: word.exe
89
0
»
Process #8: 360.exe
0
0
»
Process #9: portable.exe
310
0
»
Process #10: werfault.exe
0
0
»
Process #11: malwr.exe
156
0
»
Process #13: lyla131.exe
712
0
»
Process #14: explorer.exe
1918
0
»
Process #15: ostaj2.1.exe
283
0
»
Process #16: cmd.exe
14
0
»
Process #17: toolspub2.exe
318
0
»
Process #18: vssadmin.exe
0
0
»
Process #19: had.exe
12
0
»
Process #20: luckywheel.exe
0
0
»
Process #21: file.exe
22
0
»
Process #22: toolspub2.exe
42
0
»
Process #23: 5_6232986114823555269.exe
660
0
»
Process #24: ostaj2.1.exe
62
0
»
Process #25: windowsservices.exe
0
0
»
Process #26: cmd.exe
54
0
»
Process #27: photo_560.exe
73
0
»
Process #29: powershell.exe
0
0
»
Process #30: powershell.exe
0
0
»
Process #31: powershell.exe
0
0
»
Process #32: powershell.exe
0
0
»
Process #34: foto0183.exe
0
0
»
Process #38: v6852231.exe
0
0
»
Process #39: taskkill.exe
0
0
»
Process #40: luckywheel.exe
0
0
»
Process #41: luckywheel.exe
0
0
»
Process #42: luckywheel.exe
0
0
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image