e3dfc048...f1af | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 91/100
Dynamic Analysis Report
Classification:
Ransomware
Threat Names: -

look (uploaded by Matt Browning (via weblink) Sep 22 2020 11-03-47 UTC).exe

Windows Exe (x86-32)

Created 5 years ago

...

VMRay Threat Identifiers (5 rules, 30 matches)

SeverityCategoryOperationCountClassification
4/5
User Data ModificationModifies content of user files1Ransomware
4/5
User Data ModificationRenames user files1Ransomware
3/5
Anti AnalysisTries to detect application sandbox1-
1/5
Hide TracksChanges folder appearance26-
1/5
System ModificationCreates an unusually large number of files1-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Virtualization / Sandbox Evasion
Masquerading
Credential Access
Discovery
Virtualization / Sandbox Evasion
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Data Encrypted for Impact

Sample Information

ID#1357714
MD5
c53b127e1ba5abcad87628af9f11f22a
SHA1
21e4fdb6935038bd0d4ef0294568a011c2276905
SHA256
e3dfc0485c5ecbeeb9a71473a25a6a8cdf616b7f05d66788ed6e6ade76aaf1af
SSDeep
49152:8t3srpomXBAL3b5b9bWwsoVQoQrAwPOhs1t02UlmkgjYnHQ05:81sBxRjYnN
ImpHash
96c44fa1eee2c4e9b9e77d7bf42d59e6
Filenamelook (uploaded by Matt Browning (via weblink) Sep 22 2020 11-03-47 UTC).exe
File Size2625.33 KB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time2020-09-22 19:09 (UTC+)
Analysis Duration00:00:49
Number of Monitored Processes1
Execution SuccessfulTrue
Reputation EnabledTrue
WHOIS EnabledFalse
Local AV EnabledTrue
Local AV Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
YARA EnabledTrue
YARA Applied OnSample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
Number of AV Matches0
Number of YARA Matches0
Termination ReasonAll processes terminated
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image