Try VMRay Platform
Malicious
Classifications

Ransomware

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created on 2025-03-28T06:30:12+00:00

4aa0392fa085affb4a7c91cd107fe3d2.exe

Windows Exe (x86-64)
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "46 minutes, 58 seconds" to "40 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Remarks

(0x0200004A): 2 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 16 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\OqXZRaykm\Desktop\4aa0392fa085affb4a7c91cd107fe3d2.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 9.64 MB
MD5 4aa0392fa085affb4a7c91cd107fe3d2 Copy to Clipboard
SHA1 20e1fa98b8674185f54c1999cf8d1bc995051fd1 Copy to Clipboard
SHA256 99744434805d1147c06aed90282b8c461ac458bc9160aab236e55b56cb8718be Copy to Clipboard
SSDeep 196608:I+D5q1SGs2yRwtkpqShRBhRkhRthR8hR8hRS:DAkLRLR4R/RgRgRS Copy to Clipboard
ImpHash f0070935b15a909b9dc00be7997e6112 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x00458B20
Size Of Code 0x0022C800
Size Of Initialized Data 0x00033600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0022C6C8 0x0022C800 0x00000600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.92
.rdata 0x0062E000 0x00338F4A 0x00339000 0x0022CE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.87
.data 0x00967000 0x00053DB8 0x00033600 0x00565E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.41
.idata 0x009BB000 0x00000392 0x00000400 0x00599400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.99
.symtab 0x009BC000 0x00000004 0x00000200 0x00599800 IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.02
Imports (1)
»
KERNEL32.DLL (31)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile - 0x00967000 0x00567000 0x00565E00 0x00000000
WriteConsoleW - 0x00967008 0x00567008 0x00565E08 0x00000000
WaitForSingleObject - 0x00967010 0x00567010 0x00565E10 0x00000000
VirtualQuery - 0x00967018 0x00567018 0x00565E18 0x00000000
VirtualFree - 0x00967020 0x00567020 0x00565E20 0x00000000
VirtualAlloc - 0x00967028 0x00567028 0x00565E28 0x00000000
SwitchToThread - 0x00967030 0x00567030 0x00565E30 0x00000000
SetWaitableTimer - 0x00967038 0x00567038 0x00565E38 0x00000000
SetUnhandledExceptionFilter - 0x00967040 0x00567040 0x00565E40 0x00000000
SetProcessPriorityBoost - 0x00967048 0x00567048 0x00565E48 0x00000000
SetEvent - 0x00967050 0x00567050 0x00565E50 0x00000000
SetErrorMode - 0x00967058 0x00567058 0x00565E58 0x00000000
SetConsoleCtrlHandler - 0x00967060 0x00567060 0x00565E60 0x00000000
LoadLibraryA - 0x00967068 0x00567068 0x00565E68 0x00000000
LoadLibraryW - 0x00967070 0x00567070 0x00565E70 0x00000000
GetSystemInfo - 0x00967078 0x00567078 0x00565E78 0x00000000
GetSystemDirectoryA - 0x00967080 0x00567080 0x00565E80 0x00000000
GetStdHandle - 0x00967088 0x00567088 0x00565E88 0x00000000
GetQueuedCompletionStatus - 0x00967090 0x00567090 0x00565E90 0x00000000
GetProcessAffinityMask - 0x00967098 0x00567098 0x00565E98 0x00000000
GetProcAddress - 0x009670A0 0x005670A0 0x00565EA0 0x00000000
GetEnvironmentStringsW - 0x009670A8 0x005670A8 0x00565EA8 0x00000000
GetConsoleMode - 0x009670B0 0x005670B0 0x00565EB0 0x00000000
FreeEnvironmentStringsW - 0x009670B8 0x005670B8 0x00565EB8 0x00000000
ExitProcess - 0x009670C0 0x005670C0 0x00565EC0 0x00000000
DuplicateHandle - 0x009670C8 0x005670C8 0x00565EC8 0x00000000
CreateThread - 0x009670D0 0x005670D0 0x00565ED0 0x00000000
CreateIoCompletionPort - 0x009670D8 0x005670D8 0x00565ED8 0x00000000
CreateEventA - 0x009670E0 0x005670E0 0x00565EE0 0x00000000
CloseHandle - 0x009670E8 0x005670E8 0x00565EE8 0x00000000
AddVectoredExceptionHandler - 0x009670F0 0x005670F0 0x00565EF0 0x00000000
Memory Dumps (47)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
4aa0392fa085affb4a7c91cd107fe3d2.exe 1 0x00400000 0x009BCFFF Relevant Image False 64-bit 0x0043FB50 False
...
buffer 1 0x022BF000 0x022BFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x0205F000 0x0205FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x01E5E000 0x01E5FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x01C5F000 0x01C5FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x01A5F000 0x01A5FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00BBD000 0x00BBFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00180000 0x001BFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x001C0000 0x001E1FFF First Network Behavior False 64-bit - False
...
buffer 1 0x001F0000 0x001FFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00E90000 0x00E9FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00EA0000 0x00EDFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00EE0000 0x0103FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x01040000 0x0104FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x01060000 0x0185FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x02060000 0x02081FFF First Network Behavior False 64-bit - False
...
buffer 1 0x02090000 0x020B1FFF First Network Behavior False 64-bit - False
...
buffer 1 0x022C0000 0x022E1FFF First Network Behavior False 64-bit - False
...
buffer 1 0x022F0000 0x02311FFF First Network Behavior False 64-bit - False
...
buffer 1 0x02320000 0x0232FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x02330000 0x0236FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x02370000 0x02391FFF First Network Behavior False 64-bit - False
...
buffer 1 0x023A0000 0x023C1FFF First Network Behavior False 64-bit - False
...
buffer 1 0x023D0000 0x023F1FFF First Network Behavior False 64-bit - False
...
buffer 1 0x02400000 0x02421FFF First Network Behavior False 64-bit - False
...
buffer 1 0x02430000 0x0246FFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000030000 0xC000031FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000058000 0xC000059FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000070000 0xC000077FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000084000 0xC000085FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000094000 0xC000095FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000096000 0xC000097FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC0000BA000 0xC0000BBFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC0000BE000 0xC0000BFFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC0000C0000 0xC0000C1FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC0002DA000 0xC0002E1FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC0002E2000 0xC0002E3FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC0002E4000 0xC0002E5FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC0002E6000 0xC0002EDFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC0002EE000 0xC0002EFFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC0002F0000 0xC0002F7FFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000800000 0xC000BFFFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000C00000 0xC0013FFFFF First Network Behavior False 64-bit - False
...
4aa0392fa085affb4a7c91cd107fe3d2.exe 1 0x00400000 0x009BCFFF First Network Behavior False 64-bit 0x0061B460 False
...
buffer 1 0xC0002F8000 0xC000399FFF Image In Buffer False 64-bit - False
...
4aa0392fa085affb4a7c91cd107fe3d2.exe 1 0x00400000 0x009BCFFF Final Dump False 64-bit - False
...
buffer 1 0xC0000D2000 0xC0001A9FFF Image In Buffer False 64-bit - False
...
C:\Program Files\Common Files\BuNzE64t q5MDF75eUE.jpg Dropped File Binary
Malicious
...
»
Also Known As C:\Program Files\Common Files\BuNzE64t q5MDF75eUE.jpg.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\Services\verisign.bmp.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\msdaps.dll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\msdasql.dll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\msxactps.dll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\oledb32.dll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.exe (Dropped File, Accessed File)
C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.exe (Dropped File, Accessed File)
c:\Windows\System32\.exe (Dropped File, Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 10.00 MB
MD5 2aa98f487bd60aa228c3481046df2609 Copy to Clipboard
SHA1 705f5876ac326f734f1a6d01afadc8f597a0b8e3 Copy to Clipboard
SHA256 fae20c83f19a1caa73e4eada508b1d01f909e75df43ee934ca8e934f41d97fa8 Copy to Clipboard
SSDeep 196608:I+D5q1SGs2yRwtkpqShRBhRkhRthR8hR8hRPhR9:DAkLRLR4R/RgRgRZR9 Copy to Clipboard
ImpHash f0070935b15a909b9dc00be7997e6112 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00458B20
Size Of Code 0x0022C800
Size Of Initialized Data 0x00033600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0022C6C8 0x0022C800 0x00000600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.92
.rdata 0x0062E000 0x00338F4A 0x00339000 0x0022CE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.87
.data 0x00967000 0x00053DB8 0x00033600 0x00565E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.41
.idata 0x009BB000 0x00000392 0x00000400 0x00599400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.99
.symtab 0x009BC000 0x00000004 0x00000200 0x00599800 IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.02
Imports (1)
»
KERNEL32.DLL (31)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile - 0x00967000 0x00567000 0x00565E00 0x00000000
WriteConsoleW - 0x00967008 0x00567008 0x00565E08 0x00000000
WaitForSingleObject - 0x00967010 0x00567010 0x00565E10 0x00000000
VirtualQuery - 0x00967018 0x00567018 0x00565E18 0x00000000
VirtualFree - 0x00967020 0x00567020 0x00565E20 0x00000000
VirtualAlloc - 0x00967028 0x00567028 0x00565E28 0x00000000
SwitchToThread - 0x00967030 0x00567030 0x00565E30 0x00000000
SetWaitableTimer - 0x00967038 0x00567038 0x00565E38 0x00000000
SetUnhandledExceptionFilter - 0x00967040 0x00567040 0x00565E40 0x00000000
SetProcessPriorityBoost - 0x00967048 0x00567048 0x00565E48 0x00000000
SetEvent - 0x00967050 0x00567050 0x00565E50 0x00000000
SetErrorMode - 0x00967058 0x00567058 0x00565E58 0x00000000
SetConsoleCtrlHandler - 0x00967060 0x00567060 0x00565E60 0x00000000
LoadLibraryA - 0x00967068 0x00567068 0x00565E68 0x00000000
LoadLibraryW - 0x00967070 0x00567070 0x00565E70 0x00000000
GetSystemInfo - 0x00967078 0x00567078 0x00565E78 0x00000000
GetSystemDirectoryA - 0x00967080 0x00567080 0x00565E80 0x00000000
GetStdHandle - 0x00967088 0x00567088 0x00565E88 0x00000000
GetQueuedCompletionStatus - 0x00967090 0x00567090 0x00565E90 0x00000000
GetProcessAffinityMask - 0x00967098 0x00567098 0x00565E98 0x00000000
GetProcAddress - 0x009670A0 0x005670A0 0x00565EA0 0x00000000
GetEnvironmentStringsW - 0x009670A8 0x005670A8 0x00565EA8 0x00000000
GetConsoleMode - 0x009670B0 0x005670B0 0x00565EB0 0x00000000
FreeEnvironmentStringsW - 0x009670B8 0x005670B8 0x00565EB8 0x00000000
ExitProcess - 0x009670C0 0x005670C0 0x00565EC0 0x00000000
DuplicateHandle - 0x009670C8 0x005670C8 0x00565EC8 0x00000000
CreateThread - 0x009670D0 0x005670D0 0x00565ED0 0x00000000
CreateIoCompletionPort - 0x009670D8 0x005670D8 0x00565ED8 0x00000000
CreateEventA - 0x009670E0 0x005670E0 0x00565EE0 0x00000000
CloseHandle - 0x009670E8 0x005670E8 0x00565EE8 0x00000000
AddVectoredExceptionHandler - 0x009670F0 0x005670F0 0x00565EF0 0x00000000
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image