ae121f28...ad23 | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Threat Names:
Generic.Ransom.Blackout2.4A7D872C

US-2020-03-03-16-18-40-0C03624B-9417807A-3C69D917-C6C250EF-C4987959.com.exe

Windows Exe (x86-32)

Created 5 years ago

...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 56 seconds" to "20 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

VMRay Threat Identifiers (7 rules, 18 matches)

SeverityCategoryOperationCountClassification
5/5
AntivirusMalicious content was detected by heuristic scan1-
4/5
System ModificationDisables a crucial system tool1-
4/5
User Data ModificationModifies content of user files1Ransomware
4/5
User Data ModificationRenames user files1Ransomware
1/5
PersistenceInstalls system startup script or application1-
1/5
System ModificationModifies application directory2-
1/5
Hide TracksChanges folder appearance11-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Registry Run Keys / Startup Folder
Privilege Escalation
Defense Evasion
Modify Registry
Masquerading
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Inhibit System Recovery
Data Encrypted for Impact

Sample Information

ID#497486
MD5
eba85b706259f4dc0aec06a6a024609a
SHA1
94873e77bd5b7e5d6bd9e5af40eca26c2c56e0b7
SHA256
ae121f28c05037d09f85f8b7ef9930f2d62c8f0e6e6a8d7ff092932ddbb1ad23
SSDeep
3072:PGsKYlcsy7x7cXt4WYlw4M8Fc0PkH+r46F/kNT3iOeETjbd14Pd3bzjHvdgJu04i:Pavsw7cXt4RK4M8Fc24FNOOJbvud3fL8
ImpHash
f34d5f2d4577ed6d9ceec516c1f5a744
FilenameUS-2020-03-03-16-18-40-0C03624B-9417807A-3C69D917-C6C250EF-C4987959.com.exe
File Size156.50 KB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time2020-03-04 06:03 (UTC+)
Analysis Duration00:04:00
Number of Monitored Processes1
Execution SuccessfulTrue
Reputation EnabledTrue
WHOIS EnabledFalse
Local AV EnabledTrue
Local AV Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
YARA EnabledTrue
YARA Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
Number of AV Matches1
Number of YARA Matches0
Termination ReasonTimeout
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image