2b5c31a6...7008

VTI SCORE: 100/100

Dynamic Analysis Report

Classification: Ransomware, Trojan

myuyeg.exe

Windows Exe (x86-32)

Created at 2019-04-09T07:16:00

Remarks (1/1)

Auto Reboot Triggered (0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

VMRay Threat Indicators (9 rules, 12 matches)

Severity	Category	Operation	Classification
5/5	File System	Known malicious file	Trojan
File "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\myuyeg.exe" is a known malicious file. ... VTI Actions Go to file details
4/5	File System	Renames user files	Ransomware
Renames multiple user files. This is an indicator for an encryption attempt. ... VTI Actions Go to Behavior
3/5	File System	Possibly drops ransom note files	Ransomware
Possibly drops ransom note files (creates 362 instances of the file "@@_BENI_OKU_@@.txt" in different locations). ... VTI Actions Go to file details
2/5	Anti Analysis	Resolves APIs dynamically to possibly evade static detection	-
Resolves an unusually high number of APIs. ... VTI Actions Go to Behavior
2/5	Information Stealing	Reads sensitive browser data	-
Trying to read sensitive data of web browser "Google Chrome" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Internet Explorer / Edge" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Mozilla Firefox" by file. ... VTI Actions Go to Behavior
1/5	Persistence	Installs system startup script or application	-
Adds ""C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\myuyeg.exe" e" to Windows startup via registry. ... VTI Actions Go to Behavior
Adds "c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini.cryptoid" to Windows startup folder. ... VTI Actions Go to Behavior
1/5	Masquerade	Changes folder appearance	-
Folder "c:\$recycle.bin\s-1-5-21-3388679973-3930757225-3770151564-1000" has a changed appearance. ... VTI Actions Go to Behavior
1/5	Information Stealing	Possibly does reconnaissance	-
Possibly trying to gather information about application "Mozilla Firefox" by file. ... VTI Actions Go to Behavior
1/5	File System	Creates an unusually large number of files	-
Creates an unusually large number of files. ... VTI Actions Go to file details

Screenshots

Monitored Processes

Sample Information

ID	#546236
MD5	156425a5c079ae44b6be285d361bb00e
SHA1	5bb1601792a0eba86ba81a8cac437f6d0e4edde9
SHA256	2b5c31a6048574f9b8a0769ed1d8af362c5b354be3a31e6a1ae31c24ac127008
SSDeep	6144:XaZ0kXENm2eK7mnoUSgpAY8ODcDcm7cIs+vMfLvP/C8ja48LQAmzAOYWcpW6lOF2:CbYvMfLnssAmzuWXYNGfya2/3ASI9C
ImpHash	d33d9431544aca0e2c6908f340684735
Filename	myuyeg.exe
File Size	394.00 KB
Sample Type	Windows Exe (x86-32)

Analysis Information

Creation Time	2019-04-09 09:16 (UTC+2)
Analysis Duration	00:04:59
Number of Monitored Processes	2
Execution Successful
Reputation Enabled
WHOIS Enabled
Local AV Enabled
YARA Enabled
Number of YARA Matches	0
Termination Reason	Timeout
Tags

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".