2d2eebc4...4da6 | VMRay Analyzer Report
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

Remarks (1/1)

(0x2000010): The operating system was rebooted during the analysis.

VMRay Threat Indicators (12 rules, 39 matches)

Severity Category Operation Count Classification
5/5
File System Encrypts content of user files 1 Ransomware
  • Encrypts the content of multiple user files. This is an indicator for ransomware.
5/5
Local AV Malicious content was detected by heuristic scan 1 -
3/5
Hide Tracks Hides data in extended file attributes 1 -
  • Sets extended file attributes for "c:\programdata\foo.db" to possibly hide the file.
3/5
File System Possibly drops ransom note files 1 Ransomware
  • Possibly drops ransom note files (creates 36 instances of the file "DECRYPT-FILES.html" in different locations).
2/5
Anti Analysis Tries to detect debugger 1 -
2/5
Reputation Known suspicious file 1 Trojan
  • File "C:\Users\FD1HVy\Desktop\iphnlp.exe" is a known suspicious file.
1/5
Process Creates system object 1 -
1/5
File System Creates an unusually large number of files 1 -
1/5
Process Overwrites code 1 -
1/5
Network Connects to remote host 14 -
  • Outgoing TCP connection to host "92.63.29.137:80".
  • Outgoing TCP connection to host "92.63.32.52:80".
  • Outgoing TCP connection to host "92.63.32.2:80".
  • Outgoing TCP connection to host "92.63.194.20:80".
  • Outgoing TCP connection to host "92.63.15.6:80".
  • Outgoing TCP connection to host "92.63.11.151:80".
  • Outgoing TCP connection to host "92.63.194.3:80".
  • Outgoing TCP connection to host "92.63.17.245:80".
  • Outgoing TCP connection to host "92.63.32.57:80".
  • Outgoing TCP connection to host "92.63.15.8:80".
  • Outgoing TCP connection to host "92.63.15.56:80".
  • Outgoing TCP connection to host "92.63.37.100:80".
  • Outgoing TCP connection to host "92.63.32.55:80".
  • Outgoing TCP connection to host "92.63.8.47:80".
1/5
Network Connects to HTTP server 15 -
  • URL "92.63.8.47/register/forum/abage.asp?y=8mxva3".
  • URL "92.63.32.2/messages/check/ltbyk.html?cha=ej4t43guw&jep=00".
  • URL "92.63.32.55/checkout/cj.do?vpey=fq1f12qc4".
  • URL "92.63.29.137/support/crcff.shtml?a=uc1313&dw=hjt&pt=kup135&uy=uj6614j".
  • URL "92.63.11.151/news/signin/stmxoom.cgi?sle=36r41so03".
  • URL "92.63.32.52/webauth/update/kq.aspx?qt=7ya76cx&r=s5ged584a4".
0/5
Process Enumerates running processes 1 -

Screenshots

Monitored Processes

Sample Information

ID #669462
MD5 d444509ad9103c7b53886c25f7a0db7d Copy to Clipboard
SHA1 5815f849de39537e54d080d6875dd886191afaf6 Copy to Clipboard
SHA256 2d2eebc4d408c5f261c8cd130246bca1736376a5b434f422033ff02566354da6 Copy to Clipboard
SSDeep 6144:XbJBS5s9UErLrLrLr3Lxf0ESUwHwiUHkF9ODJjJU5GUPHV50DErgNg/ydlb4fQ6Z:L4YWHaJU5TgDhNg6dNoQl+v Copy to Clipboard
ImpHash 3bbd7f6ced894d80d7e269bb1114f305 Copy to Clipboard
Filename iphnlp.exe
File Size 348.50 KB
Sample Type Windows Exe (x86-32)

Analysis Information

Creation Time 2019-05-31 22:11 (UTC+2)
Analysis Duration 00:04:39
Number of Monitored Processes 1
Execution Successful True
Reputation Enabled True
WHOIS Enabled True
Local AV Enabled True
YARA Enabled True
Number of AV Matches 1
Number of YARA Matches 0
Termination Reason Timeout
Tags
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image