VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: |
Ransomware
|
Threat Names: |
Trojan.JS.Agent.TZA
Gen:Variant.Zusy.304957
|
skyfall_user wilsonk_wilsonk_ste.txt.ps1
PowerShell Script
Created at 2020-10-27T11:15:00
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "13 minutes" to "2 minutes, 10 seconds" to reveal dormant functionality.
Remarks
(0x0200001D): The maximum number of extracted files was exceeded. Some files may be missing in the report.
Master Boot Record Changes
»
Sector Number | Sector Size | Actions |
---|---|---|
2063 | 512 Bytes |
...
|
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\EEBsYm5\Desktop\skyfall_user wilsonk_wilsonk_ste.txt.ps1 | Sample File | Text |
Malicious
|
...
|
»
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Trojan.JS.Agent.TZA |
Malicious
|
C:\ProgramData\Microsoft\Windows\DRM\v3ks.bla | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\EEBsYm5\AppData\Local\Temp\ldyec3np.0.cs | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\EEBsYm5\AppData\Local\Temp\ldyec3np.cmdline | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\EEBsYm5\AppData\Local\Temp\ldyec3np.out | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\EEBsYm5\AppData\Local\Temp\xqnqsdsy.0.cs | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\EEBsYm5\AppData\Local\Temp\xqnqsdsy.cmdline | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\EEBsYm5\AppData\Local\Temp\xqnqsdsy.out | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\no\AC3A86-Readme.txt | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\EEBsYm5\AppData\Local\Temp\ldyec3np.tmp | Dropped File | Unknown |
Not Queried
|
...
|
»