486f405d...e9aa

VMRay Threat Indicators (13 rules, 42 matches)

Severity	Category	Operation	Count	Classification
5/5	File System	Encrypts content of user files	1	Ransomware
Encrypts the content of multiple user files. This is an indicator for ransomware. ... VTI Actions Go to Behavior
5/5	Local AV	Malicious content was detected by heuristic scan	1	-
Local AV detected the sample itself as "Gen:Heur.Ransom.Imps.3". ... VTI Actions Go to AV match Go to file details
3/5	Network	Reads network adapter information	1	-
Reads the network adapters' addresses by API. ... VTI Actions Go to Behavior
3/5	File System	Possibly drops ransom note files	1	Ransomware
Possibly drops ransom note files (creates 499 instances of the file "Decrypt.txt" in different locations). ... VTI Actions Go to file details
2/5	Information Stealing	Reads sensitive browser data	1	-
Trying to read sensitive data of web browser "Google Chrome" by file. ... VTI Actions Go to Behavior
2/5	Anti Analysis	Delays execution	1	-
One thread sleeps more than 5 minutes. ... VTI Actions Go to Behavior
2/5	Reputation	Known suspicious file	1	Trojan
File "C:\Users\FD1HVy\Desktop\ConsoleApp1.exe" is a known suspicious file. ... VTI Actions Go to file details
1/5	Network	Performs DNS request	2	-
Resolves host name "checkip.dyndns.org". ... VTI Actions Go to Behavior
Resolves host name "ip-api.com". ... VTI Actions Go to Behavior
1/5	Masquerade	Changes folder appearance	28	-
Folder "c:\users" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\$recycle.bin\s-1-5-18" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\$recycle.bin\s-1-5-21-1051304884-625712362-2192934891-1000" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\contacts" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\desktop" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\documents" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\downloads" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\favorites" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\links" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\music" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\onedrive" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\pictures" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\saved games" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\searches" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\videos" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\accountpictures" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\desktop" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\documents" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\downloads" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\libraries" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\music" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\pictures" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\public\videos" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\documents\my shapes" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\favorites\links" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\pictures\camera roll" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users\fd1hvy\pictures\saved pictures" has a changed appearance. ... VTI Actions Go to Behavior
1/5	Network	Checks external IP address	1	-
Checks external IP by asking IP info service at "checkip.dyndns.org/". ... VTI Actions Go to Behavior
1/5	Network	Connects to remote host	2	-
Outgoing TCP connection to host "162.88.193.70:80". ... VTI Actions Go to Behavior
Outgoing TCP connection to host "54.38.92.92:80". ... VTI Actions Go to Behavior
1/5	Network	Connects to HTTP server	1	-
URL "checkip.dyndns.org/". ... VTI Actions Go to Behavior
1/5	Static	Unparsable sections in file	1	-
Static analyzer was unable to completely parse the analyzed file: C:\Users\FD1HVy\Desktop\ConsoleApp1.exe. ... VTI Actions Go to file details

Screenshots

Monitored Processes

Sample Information

ID	#672118
MD5	b2941a554d6db6eeeeceab24fae5e961
SHA1	52bc6d9c3a612fc31e57aac69b6d927d232d66d3
SHA256	486f405db5b12cd436fc2444ea3f34a754584d6dd61c6a4f20773810cfcbe9aa
SSDeep	384:YSI3AJQjfb0wFKXzrlV9a2bAMSZSir3gMS13BG09:Yt8wFqM2bPahWRG0
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744
Filename	ConsoleApp1.exe
File Size	17.10 KB
Sample Type	Windows Exe (x86-32)

Analysis Information

Creation Time	2019-06-03 16:18 (UTC+2)
Analysis Duration	00:04:35
Number of Monitored Processes	1
Execution Successful
Reputation Enabled
WHOIS Enabled
Local AV Enabled
YARA Enabled
Number of AV Matches	1
Number of YARA Matches	0
Termination Reason	Timeout
Tags

Remarks (1/1)

VMRay Threat Indicators (13 rules, 42 matches)

Screenshots

Monitored Processes

Sample Information

Analysis Information

Before

After