ba809c00...dd22

VMRay Threat Indicators (12 rules, 200 matches)

Severity	Category	Operation	Count	Classification
5/5	Local AV	Malicious content was detected by heuristic scan	1	-
Local AV detected the sample itself as "Gen:Win32.Malware.lKW@aOXq@A". ... VTI Actions Go to AV match Go to file details
4/5	File System	Modifies content of user files	1	Ransomware
Modifies the content of multiple user files. This is an indicator for an encryption attempt. ... VTI Actions Go to Behavior
4/5	File System	Renames user files	1	Ransomware
Renames multiple user files. This is an indicator for an encryption attempt. ... VTI Actions Go to Behavior
3/5	File System	Possibly drops ransom note files	1	Ransomware
Possibly drops ransom note files (creates 34 instances of the file "!!! YOUR FILES ARE ENCRYPTED !!!.TXT" in different locations). ... VTI Actions Go to file details
2/5	Anti Analysis	Tries to detect virtual machine	1	-
Possibly trying to detect VM via rdtsc. ... VTI Actions
1/5	Process	Creates process with hidden window	1	-
The process "C:\WINDOWS\system32\cmd.exe" starts with hidden window. ... VTI Actions Go to Behavior
1/5	Persistence	Installs system startup script or application	1	-
Adds ""C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\ctfmon.exe" *" to Windows startup via registry. ... VTI Actions Go to Behavior
1/5	Hide Tracks	Writes an unusually large amount of data to the registry	1	-
Hides 1737 byte in "HKEY_CURRENT_USER\Software\Buran\Service\Private". ... VTI Actions Go to Behavior
1/5	File System	Modifies application directory	189	-
Modifies "c:\program files\java\jre1.8.0_144\copyright". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\license". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\readme.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\release". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\thirdpartylicensereadme-javafx.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\thirdpartylicensereadme.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\welcome.html". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\bin\server\classes.jsa". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\bin\server\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\bin\server\xusage.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\accessibility.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\calendars.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\charsets.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\classlist". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\content-types.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\currency.data". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\flavormap.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fontconfig.bfc". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fontconfig.properties.src". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\hijrah-config-umalqura.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\javafx.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\javaws.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\jce.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\jfr.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\jfxswt.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\jsse.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\jvm.hprof.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\logging.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\management-agent.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\meta-index". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\net.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\plugin.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\psfont.properties.ja". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\psfontj2d.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\resources.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\rt.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\sound.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\tzdb.dat". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\tzmappings". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\amd64\jvm.cfg". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\amd64\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\cmm\ciexyz.pf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\cmm\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\cmm\gray.pf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\cmm\linear_rgb.pf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\cmm\pycc.pf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\cmm\srgb.pf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\ffjcext.zip". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_de.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_es.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_fr.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_it.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_ja.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_ko.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_pt_br.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_sv.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_zh_cn.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_zh_hk.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\messages_zh_tw.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash@2x.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash_11-lic.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\access-bridge-64.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\cldrdata.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\dnsns.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\jaccess.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\jfxrt.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\localedata.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\meta-index". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\nashorn.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\sunec.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\sunjce_provider.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\sunmscapi.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\sunpkcs11.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\ext\zipfs.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fonts\lucidabrightdemibold.ttf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fonts\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fonts\lucidabrightdemiitalic.ttf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fonts\lucidabrightitalic.ttf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fonts\lucidabrightregular.ttf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fonts\lucidasansdemibold.ttf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fonts\lucidasansregular.ttf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fonts\lucidatypewriterbold.ttf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\fonts\lucidatypewriterregular.ttf". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\cursors.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_copydrop32x32.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_copynodrop32x32.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_linkdrop32x32.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_linknodrop32x32.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_movedrop32x32.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_movenodrop32x32.gif". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\jfr\default.jfc". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\jfr\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\jfr\profile.jfc". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\management\jmxremote.access". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\management\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\management\jmxremote.password.template". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\management\management.properties". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\management\snmp.acl.template". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\security\blacklist". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\security\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\security\blacklisted.certs". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\security\cacerts". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\security\java.policy". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\security\java.security". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\security\javaws.policy". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\security\local_policy.jar". ... VTI Actions
Modifies "c:\program files\java\jre1.8.0_144\lib\security\us_export_policy.jar". ... VTI Actions
Modifies "c:\program files\microsoft office\appxmanifest.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\microsoft office\filesystemmetadata.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\office16\ospp.htm". ... VTI Actions
Modifies "c:\program files\microsoft office\office16\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\microsoft office\office16\slerror.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0015-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0019-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-0c0a-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.common.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifestloc.en-us.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\packagemanifests\authoredextensions.xml". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00004_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\!!! your files are encrypted !!!.txt". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00011_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00021_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00037_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00038_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00040_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00052_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00057_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00090_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00092_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00103_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00120_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00126_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00129_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00130_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00135_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00139_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00142_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00154_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00157_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00158_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00160_.gif". ... VTI Actions
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00161_.gif". ... VTI Actions
1/5	File System	Creates an unusually large number of files	1	-
Creates an unusually large number of files. ... VTI Actions Go to file details
1/5	Network	Connects to HTTP server	1	-
URL "iplogger.ru/http://iplogger.info/1jqu87.html". ... VTI Actions Go to Behavior
1/5	Static	Unparsable sections in file	1	-
Static analyzer was unable to completely parse the analyzed file: C:\Users\FD1HVy\Desktop\2.exe. ... VTI Actions Go to file details

Screenshots

Monitored Processes

Sample Information

ID	#672200
MD5	db45c3e8e48c0d21cb82819a17225bbc
SHA1	4ca4e72d58717610f613eb0805468228d9a77a98
SHA256	ba809c00f829015cb70f26fe1be979f5a372e346d0e974252e8c3ee18b21dd22
SSDeep	3072:w3t17Da7zjx7hpiO1y0tN4hgNevX3fld3u98H7ykF/6FdXn8sVG9o2GuQnS9:w3t17IPx7hpiQtbNen3uGykF/6HXntVB
ImpHash	cc46e73e67527002aee4fe0fe64741a9
Filename	2.exe
File Size	188.00 KB
Sample Type	Windows Exe (x86-32)

Analysis Information

Creation Time	2019-06-03 18:07 (UTC+2)
Analysis Duration	00:04:55
Number of Monitored Processes	5
Execution Successful
Reputation Enabled
WHOIS Enabled
Local AV Enabled
YARA Enabled
Number of AV Matches	1
Number of YARA Matches	0
Termination Reason	Timeout
Tags

Remarks (1/1)

VMRay Threat Indicators (12 rules, 200 matches)

Screenshots

Monitored Processes

Sample Information

Analysis Information

Before

After