Try VMRay Platform
Malicious
Classifications

Spyware Ransomware

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created 3 years ago

a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe

Windows Exe (x86-32)
...

VMRay Threat Identifiers (15 rules, 33 matches)

ScoreCategoryOperationCountClassification
5/5
User Data ModificationModifies content of user files1Ransomware
5/5
User Data ModificationRenames user files1Ransomware
5/5
User Data ModificationAppends the same extension to many filenames1Ransomware
5/5
Data CollectionTries to read cached credentials of various applications1Spyware
4/5
ReputationKnown malicious file1-
3/5
User Data ModificationPossibly drops ransom note files1Ransomware
2/5
Data CollectionReads sensitive ftp data1-
2/5
Data CollectionReads sensitive mail data1-
2/5
Data CollectionReads sensitive browser data1-
1/5
Privilege EscalationEnables process privilege2-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Registry Run Keys / Startup Folder
Privilege Escalation
Defense Evasion
Masquerading
Credential Access
Credentials in Files
Discovery
File and Directory Discovery
Process Discovery
Lateral Movement
Collection
Automated Collection
Data from Local System
Command and Control
Exfiltration
Impact
Data Encrypted for Impact

Sample Information

ID#4194433
MD5
cf6ff9e0403b8d89e42ae54701026c1f
SHA1
a4f5cb11b9340f80a89022131fb525b888aa8bc6
SHA256
a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b
SSDeep
384:Uo3Mg/bqo25M0RHcY5pmyjuwzUHJhr91CHW8wNa9get:UWqo2Zn5pPjKphr9z8wNHet
ImpHash
f34d5f2d4577ed6d9ceec516c1f5a744
File Namea7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe
File Size26.00 KB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time2022-04-25 22:04 (UTC+)
Analysis Duration00:04:00
Termination ReasonTimeout
Number of Monitored Processes2
Execution Successful
Reputation Enabled
Built-in AV Enabled
Number of AV Matches0
YARA Enabled
Number of YARA Matches0
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image