7bb3816e58d8

Classifications

Ransomware Wiper

Threat Names

Dynamic Analysis Report

Created 10 months ago

7bb3816e58d8a956b13aac53f75f762442a9849cd0ab324be6334e9a5e4b718f.exe

Windows Exe (x86-32)

Remarks (2/3)

Max File Reputation Requests Reached (0x0200001B): The maximum number of file Reputation Analysis requests per analysis (150) was exceeded.

Process Crash (0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Anti-Sleep Triggered (0x0200000E): The overall sleep time of all monitored processes was truncated from "26 minutes, 38 seconds" to "10 seconds" to reveal dormant functionality.

VMRay Threat Identifiers (25 rules, 31 matches)

Score	Category	Operation	Count	Classification
5/5	User Data Modification	Deletes user files	1	Wiper
5/5	User Data Modification	Appends new extensions to many filenames	1	Ransomware
4/5	Defense Evasion	Tries to disable antivirus software	2	-
4/5	Reputation	Malicious file detected via reputation	1	-
4/5	YARA	Malicious content matched by YARA rules	2	-
3/5	Anti Analysis	Tries to evade debugger	1	-
3/5	System Modification	Disables a crucial system service	2	-
3/5	User Data Modification	Possibly drops ransom note files	1	Ransomware
3/5	Anti Analysis	Modifies native system functions	1	-
2/5	Anti Analysis	Delays execution	1	-

Screenshots

Monitored Processes

MITRE ATT&CK™ Matrix - Windows

ActiveAll

Version: 2019-04-25 20:53:07.719000

Initial Access

Execution

Windows Management Instrumentation

Persistence

Registry Run Keys / Startup Folder

Service Registry Permissions Weakness

New Service

Privilege Escalation

Service Registry Permissions Weakness

New Service

Defense Evasion

Disabling Security Tools

Hidden Window

Modify Registry

Software Packing

Masquerading

File System Logical Offsets

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Data Destruction

Service Stop

Defacement

Sample Information

ID	#10499859
MD5	0f878dfe1534672d7236b1268ff7a8df
SHA1	05f04be9b9afc3f5823c5ed6f4911f25d7a464c5
SHA256	7bb3816e58d8a956b13aac53f75f762442a9849cd0ab324be6334e9a5e4b718f
SSDeep	3072:U6glyuxE4GsUPnliByocWep6muEEeh2T9IBw6P:U6gDBGpvEByocWeMnDu2T9IBt
ImpHash	41fb8cb2943df6de998b35a9d28668e8
File Name	7bb3816e58d8a956b13aac53f75f762442a9849cd0ab324be6334e9a5e4b718f.exe
File Size	153.50 KB
Sample Type	Windows Exe (x86-32)

Analysis Information

Creation Time	2024-05-24 23:05 (UTC+)
Analysis Duration	00:04:00
Termination Reason	Timeout
Number of Monitored Processes	37
Execution Successful
Reputation Enabled
Built-in AV Enabled
Number of AV Matches	0
YARA Enabled
Number of YARA Matches	2

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot