VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: Ransomware, Trojan |
zzzavxu.exe
Windows Exe (x86-64)
Created at 2019-04-24T06:38:00
Remarks (2/3)
(0x200000e): The overall sleep time of all monitored processes was truncated from "29 minutes, 35 seconds" to "6 minutes, 10 seconds" to reveal dormant functionality.
Detection Information
Local AV Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps, Embedded Files |
YARA Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps, Embedded Files |
Local AV Matches (3)
»
File Type | Threat Name | Filename | Severity | Actions |
---|---|---|---|---|
Sample File | Generic.Ransom.Ryuk2.6B6124B9 | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zzzavxu.exe |
Malicious
|
...
|
Memory Dump | Generic.Ransom.Ryuk2.F766FA70 | - |
Malicious
|
...
|
Memory Dump | Generic.Ransom.Ryuk2.F766FA70 | zzzavxu.exe |
Malicious
|
...
|
YARA Matches (8)
»
Ruleset Name | Rule Name | Rule Description | File Type | Filename | Classification | Severity | Actions |
---|---|---|---|---|---|---|---|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ga[1].js.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\yg1r61z8\ast[1].js | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\528d82a2[1].js.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\advertisement.ad[1].js.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ast[2].js.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adex[1].js.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[2].js.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[1].js.RYK | - |
Malicious
|
...
|