0cf124b2...f915

VTI SCORE: 100/100

Dynamic Analysis Report

Classification: Ransomware, Trojan

Wacatac_2019-11-20_19-54.exe

Windows Exe (x86-32)

Created at 2019-11-21T07:55:00

Remarks (1/1)

Auto Reboot Triggered (0x2000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Kernel Graph 1

Code Block #1 (EP #1)

Information	Value
Trigger	ExpWorkerThread+0x10f
Start Address	0xfffffa80018d7022

Execution Path #1 (length: 4, count: 1, processes: 1 incomplete)

Information	Value
Sequence Length	4

Processes

Process	Count
Process 10 (System, PID: 4)	1

Sequence

Symbol	Parameters
ExAllocatePoolWithTag	PoolType_unk = 0x0, NumberOfBytes_ptr = 0x1d1a9, Tag = 0x616d6443, ret_val_ptr_out = 0xfffffa8001993000
KeSetTimer	Timer_unk = 0xfffffa80018b46e4, DueTime_unk = 0xffffffffb49d58de, Dpc_unk = 0xfffffa80018b4724, Timer_unk_out = 0xfffffa80018b46e4, ret_val_out = 0
ExAllocatePoolWithTag	PoolType_unk = 0x0, NumberOfBytes_ptr = 0x1ce04, Tag = 0x70764946, ret_val_ptr_out = 0xfffffa80019b1000
KeSetTimer	Timer_unk = 0xfffffa80018b4d4d, DueTime_unk = 0xffffffffb41a4f28, Dpc_unk = 0xfffffa80018b4d8d, Timer_unk_out = 0xfffffa80018b4d4d, ret_val_out = 0

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Remarks (1/1)

Kernel Graph 1

Before

After