Try VMRay Platform
Malicious
Classifications

Wiper Ransomware

Threat Names

-

Dynamic Analysis Report

Created on 2021-06-17T20:42:00

Windows Session Manager.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 minutes" to "40 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\Windows Session Manager.exe Sample File Binary
malicious
...
»
Also Known As C:\Users\kEecfMwgj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Session Manager.exe (Dropped File)
C:\SaraJay.exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 278.00 KB
MD5 6736b48ac9b71f21d8e41d5a1f27a0a6 Copy to Clipboard
SHA1 45eb63e779cb9f33209b29a175199a9048bd9035 Copy to Clipboard
SHA256 5ad38d579fb249b3326a25cffb6f5ffea11b125cda7b61205893432f59a02101 Copy to Clipboard
SSDeep 6144:AhyeUdWgyNuXCphsogRi+xB+jyVEdIcbvjb7DiPQZu7xsyPD:AhyldyFp6e++yVDcbbX2PQgVsy Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x44e00a
Size Of Code 0xa600
Size Of Initialized Data 0x3ae00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2060-05-27 03:32:56+00:00
Version Information (11)
»
Comments -
CompanyName -
FileDescription Windows Session Manager
FileVersion 1.0.0.0
InternalName Windows Session Manager.exe
LegalCopyright Copyright © 2021
LegalTrademarks -
OriginalFilename Windows Session Manager.exe
ProductName Windows Session Manager
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UA?IyCw| 0x402000 0x3a304 0x3a400 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 8.0
.text 0x43e000 0xa3e8 0xa400 0x3a800 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.22
.rsrc 0x44a000 0x618 0x800 0x44c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.45
.reloc 0x44c000 0xc 0x200 0x45400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
- 0x44e000 0x10 0x200 0x45600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.14
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x44e000 0x3f970 0x3c170 0x0
Memory Dumps (17)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
windows session manager.exe 1 0x010C0000 0x0110FFFF Relevant Image False 32-bit - False True
...
buffer 1 0x004A0000 0x004E5FFF First Execution False 32-bit 0x004C0040 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004C1000 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004C2000 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004C5850 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004C6708 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004C72A8 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004C8013 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004C9000 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004CA308 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004CB000 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004C4000 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004CC000 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004CD053 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004CE000 False False
...
buffer 1 0x004A0000 0x004E5FFF Content Changed False 32-bit 0x004CF000 False False
...
windows session manager.exe 1 0x010C0000 0x0110FFFF Final Dump False 32-bit - False True
...
YARA Matches (7)
»
Rule Name Rule Description Classification Score Actions
MultipleNetObfuscatorAttributes .NET file contains multiple obfuscator attributes -
2/5
...
BabelObfuscatorAttributes Babel Obfuscator Attributes -
1/5
...
DNGuardObfuscatorAttributes DNGuard HVM Attributes -
1/5
...
MaxtoCodeObfuscatorAttributes MaxtoCode Obfuscator Attributes -
1/5
...
NETReactorObfuscatorAttributes .NET Reactor Obfuscator Attributes -
1/5
...
RyanBorlandProtectorAttributes Ryan Borland Protector Attributes -
1/5
...
YanoObfuscatorAttributes Yano Obfuscator Attributes -
1/5
...
C:\Users\kEecfMwgj\Videos\NxzOBAzgvcNeV3cE gd-\b5GepjBp9EYKzeV\-1DVuhiu_x6Y\LvrtiqeAx zdKEixkd\MP8Ghk7Dv AjRZ\readme.txt.Poteston Modified File Stream
clean
...
»
Also Known As C:\Users\kEecfMwgj\Videos\NxzOBAzgvcNeV3cE gd-\b5GepjBp9EYKzeV\readme.txt.Poteston (Modified File)
C:\Users\kEecfMwgj\Videos\NxzOBAzgvcNeV3cE gd-\b5GepjBp9EYKzeV\-1DVuhiu_x6Y\LvrtiqeAx zdKEixkd\2FDVYf8sCprKRTU\readme.txt.Poteston (Dropped File)
C:\Users\kEecfMwgj\Videos\NxzOBAzgvcNeV3cE gd-\b5GepjBp9EYKzeV\-1DVuhiu_x6Y\LvrtiqeAx zdKEixkd\ajlEoh\readme.txt.Poteston (Dropped File)
MIME Type application/octet-stream
File Size 832 Bytes
MD5 2a8ec24f831c44d37f95fab94a52c56c Copy to Clipboard
SHA1 02926743b8dfb14ee05ce29df1287a0ef426d951 Copy to Clipboard
SHA256 1d4129ac33550b0e8b2d6577d5829bb5a34a187f45a6c5c3c71108b56a1c4ef3 Copy to Clipboard
SSDeep 24:ZIF1nGGr6R+rIoQ51MYi3bhb0a8TvzhZa+mCYM:KF1nn2R+hYi3hIqjCYM Copy to Clipboard
ImpHash -
C:\readme.txt Dropped File Text
clean
...
»
Also Known As C:\Users\kEecfMwgj\Desktop\LyNdnxnx\readme.txt (Dropped File)
C:\Users\kEecfMwgj\Videos\NxzOBAzgvcNeV3cE gd-\b5GepjBp9EYKzeV\-1DVuhiu_x6Y\readme.txt (Dropped File)
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\readme.txt (Dropped File)
C:\Users\kEecfMwgj\Videos\NxzOBAzgvcNeV3cE gd-\b5GepjBp9EYKzeV\-1DVuhiu_x6Y\LvrtiqeAx zdKEixkd\2FDVYf8sCprKRTU\readme.txt (Dropped File)
C:\Users\kEecfMwgj\Videos\NxzOBAzgvcNeV3cE gd-\b5GepjBp9EYKzeV\-1DVuhiu_x6Y\LvrtiqeAx zdKEixkd\ajlEoh\readme.txt (Dropped File)
C:\Users\kEecfMwgj\Videos\NxzOBAzgvcNeV3cE gd-\b5GepjBp9EYKzeV\-1DVuhiu_x6Y\LvrtiqeAx zdKEixkd\MP8Ghk7Dv AjRZ\readme.txt (Dropped File)
C:\Users\kEecfMwgj\Videos\NxzOBAzgvcNeV3cE gd-\b5GepjBp9EYKzeV\-1DVuhiu_x6Y\LvrtiqeAx zdKEixkd\readme.txt (Dropped File)
C:\Users\kEecfMwgj\Desktop\9a-Wiva\readme.txt (Dropped File)
MIME Type text/plain
File Size 830 Bytes
MD5 b42274f7396c4fa412a34a53db29efce Copy to Clipboard
SHA1 760af5691819b4ba75fea72d9bc977feb27e8a12 Copy to Clipboard
SHA256 321e77b3958cef6de23d0260b9fd9445dd70d4057f4859c161af67fa578bba0e Copy to Clipboard
SSDeep 12:A+GmjsXnQ0hQ0TTRoUM1V1bgWIwFJpwRi72HtZeLLVM/e1Nz0S1CuoXfijK:DhsXtRa9bgZQpwR62HtelDzdiXF Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\-S33.bmp.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 33.88 KB
MD5 e2778b0a5ea3d86015a1ab72d0532c89 Copy to Clipboard
SHA1 d8fa04b7f3697792f798889ff1f71df400cf9f27 Copy to Clipboard
SHA256 047af4a43bf2fad5d1e390002014d8576c320d141378b25274d611a714f63092 Copy to Clipboard
SSDeep 768:ai2ugxOhM+zggVXQtlN4iiVN5OigazCF4Dk4XJnER2:LmxT+zpVXQ3yiON5Oig9F4Dk4Z3 Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\9a-Wiva\DJIlxXh.pptx.Poteston Dropped File Compressed
clean
...
»
MIME Type application/zlib
File Size 29.17 KB
MD5 3b9f083a4cffb6a51ceedef3d5df89eb Copy to Clipboard
SHA1 b9e3fdb11d3b281a0d96ea57af2ad8f459e51795 Copy to Clipboard
SHA256 192753d1c02a3d0a70cfff3c8c5fe884085f5ee75f5b4d6b7c3c1e122e60dadd Copy to Clipboard
SSDeep 768:eo/esNEnM2xxVkUGdZ/EMvMSyTccXMMRU0jJEPwIqw51wrY:eIEDfV9qZPUs4MMRLjJEPwp61R Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\9a-Wiva\epH-_N hU0l.jpg.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 80.98 KB
MD5 eb82670fe80d5aab987829c1db61fab7 Copy to Clipboard
SHA1 1471f4df2a7986116a8e842714f6f11ac6f0239d Copy to Clipboard
SHA256 2e44f0b4b7a4f3718e8e8fd1cf16e7dc95854cefc9e3b0ee8d15e3f943a7db44 Copy to Clipboard
SSDeep 1536:iUXE4sUZju0FaDqOkGlc2Y++QHcWqtQnjnbyvN6lfWeMJ0GnHMupO:igG8jFaDqhGlzsyvrjnboN6lfJf2supO Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\9a-Wiva\nGUytBPJlqP.rtf.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 11.44 KB
MD5 ea21901411c624801bfadcc74d493136 Copy to Clipboard
SHA1 da3b0b5d1de0ac9c3ddae000e266985c19e437df Copy to Clipboard
SHA256 a6d6c6873a9eaef18c80cc37347316fb9db562f38296e5aa4e59d413355a3e63 Copy to Clipboard
SSDeep 192:5SL81UwED18SGmXwmbhtvrSls4fmEeeJ/TLrIc5DIdMC/91oghr19mc5H1F+vXMa:YwSwEep/qPrSi8eetnrI4nC/z7xB5T+T Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\9a-Wiva\SPnXfcP7CFdFT0XeBuv6.ots.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 57.05 KB
MD5 5b2e1ea9f60810812fe292843741ee59 Copy to Clipboard
SHA1 df42527a54aa2452c9166a3ca1bffd4063fda304 Copy to Clipboard
SHA256 dcc8ffbb46430ade2400d8b3c429071b9f3a4d7c356f43d37659843b9294b467 Copy to Clipboard
SSDeep 1536:WNCRscPmN35nAkxHDHLtDUxPt/RY9n4MhN+oavcan59NR:/LON3hpxjdMVZMbN/a0a5jR Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\9a-Wiva\UapJbgd7.flv.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 17.50 KB
MD5 7d2c0139bc6ebe66a514ea2b066c54d0 Copy to Clipboard
SHA1 29c3d175e99e97291f704ca34eeca66905123429 Copy to Clipboard
SHA256 e334a029408c5794a066273bf6bdb7b5382235dde264c7e706ab8e6abb4830c8 Copy to Clipboard
SSDeep 384:bBF1dtWWO5nBd23m30xsR/byRt7XDgFW5Ujo5112npbHTCp4o7:b1nWWInK3m3CKGRd8Fa+npbHO57 Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\9a-Wiva\vc-4n.png.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 51.38 KB
MD5 d89ee1c7b73624e7cc784998170ed916 Copy to Clipboard
SHA1 3a6c3fc87295ba81ad8b9b80c51b784285e5fc02 Copy to Clipboard
SHA256 397c918d658b155538bfc8c67414c7130d4b4dce5b959bc4291c28807c66cc2d Copy to Clipboard
SSDeep 768:dDyPGtZHCfuS/vPly2DvEGIGuLRmY3W6J/IihBR0/mf2pfqBDYPmVoY6XHWYqMIE:jtpUuevP9vkLRmQJX0efZuPmN6mr/UGe Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\7du2.gif.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 10.48 KB
MD5 4d9d6fb61f728389a048e99adaf10902 Copy to Clipboard
SHA1 4cfb3ae7dc01c81529d60e0450b1194ad3318d4c Copy to Clipboard
SHA256 14a6a915da00cc6659b6afdc425d2b963cca573f0b4de3ad5765956a807069be Copy to Clipboard
SSDeep 192:ng1yy4BOy6eYdCT++Eh60PBSPe4OEOfl04OYfLx4egYqJu1XFAki1eKcqxYf:nBOyGdCC53JKUlvl7JU0XFAkisKcN Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\2W4Hx.m4a.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 33.41 KB
MD5 d6e827afa4c189495386da540917e4c6 Copy to Clipboard
SHA1 9a0e9dde1c385a150766377a9fd0832c6a5427fe Copy to Clipboard
SHA256 28b6edd5ff2c2ad436863fd0e82cc3b42cba514a170b6772689358f74448d0a3 Copy to Clipboard
SSDeep 768:DnNiCpYKqaIsZ9z+M2mJpfO5Pz0Dm59xAxq+:rNiCpoaIsjtPO5b0Dm59xS Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\EoS9VOqOPP_4IHn.mp4.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 82.78 KB
MD5 86c716ed825c59217ac25ac47f6fc41a Copy to Clipboard
SHA1 d68421d34d26cced7d54a0bd3305385db7ad1a40 Copy to Clipboard
SHA256 0c095aa77838d60bde33c1788f02595f78b14a8ff39518cf3f77b2abcb6a82a3 Copy to Clipboard
SSDeep 1536:UfzJUgbZ7DtoQKAKEeMF3uwN4kzTVTZN81EdTOQFK+fmWodJX3u6:UfzJUgd2QyEeMFH/5T328TOQFdudJX+6 Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\G ZkrQjDnE0.odt.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 81.55 KB
MD5 6865430703df66e0163b5bfaa8809e1f Copy to Clipboard
SHA1 2615b97efba128eb435ddefa7a2076faccc1206b Copy to Clipboard
SHA256 934fb5da514b40719a24b58b5961f0e54853b0c28614309f8bc8b38dd6287b3b Copy to Clipboard
SSDeep 1536:mAIZfI9mqJLqPSeVKizygw8JpX62vrWB97W5/mZjCD0Xa1QmUMYKykwZy8z8:mAv9DbeVKikwKKSP7W5ammyrQKbwY Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\noCEUmxfykebkeyH9.flv.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 38.12 KB
MD5 cbd847da36151121cf89059e242808ee Copy to Clipboard
SHA1 1d16e89482351a21b03ba1e1c7a0da245664ee49 Copy to Clipboard
SHA256 38560c73048df11fe9a2b55947f30f41a48329ea5483d3f039373941efc5635b Copy to Clipboard
SSDeep 768:u9nrasj0GnTRHAXk215n5zD7Zdw9RjvkfzvS/ZEvZ2XX6Iu62:0nrJVdghD9D7U9Rvqm/JXq Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\TbVG3PC0bCG2.png.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 44.31 KB
MD5 4a5ed212cd2dfa7e7436342c7b517b71 Copy to Clipboard
SHA1 76037d7604702bc1b144336b0924521cf35e7baf Copy to Clipboard
SHA256 f2e63eff2431cfc9fb53911169078e69d5e666f386c7bcdee40f45c1405099d8 Copy to Clipboard
SSDeep 768:9FtyU5x+7CcyR7WZGuq3k4OXgYi7/FG7MkwUvDUZQn680TcGOcODyAjaIBLwSR1u:r5LBR7KGbJOa7/MdvDnwGWIBcuk Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\XbvlKnZREA1k.mp3.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 52.41 KB
MD5 968aaf1c4b8aa2693f428f41d18b0e40 Copy to Clipboard
SHA1 ec4f1e2b3211cf43ff4f3faf171067b886696ead Copy to Clipboard
SHA256 ce158800553110af14ad83214b9a664435df3817ad98d452c6ef31bc2376cd60 Copy to Clipboard
SSDeep 1536:MU0tt3KlMMIiqEt/uCTRlfla7JXnHQaCb5FZmj6xyPuhxHwzp:70DdiqEt/Rla7VwaCbPZmj3PuXHwzp Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\XtD X6g3ZZH.m4a.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 32.33 KB
MD5 855a72fa5f2739e0f09198d60a78deb4 Copy to Clipboard
SHA1 82f87957ac589f2fb62097d527f9e3ec8dadb04b Copy to Clipboard
SHA256 f8653020982fd11e12a569432657a69d317a72da9f830cdd1402b6c5295a43d6 Copy to Clipboard
SSDeep 768:VRUcwN0tLVq/ehQl3+iAEEyVH1hXZTsmWUArRNKVb+IByR9lmpphPe:a/sQt+FED1hJTwrRNKbjpPe Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\ixaXT-WqX0.swf.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 55.64 KB
MD5 e2fffb8a5f186284010ff13370042873 Copy to Clipboard
SHA1 91368cf1c091818ff6f5f88616a7b3d86032da30 Copy to Clipboard
SHA256 4d9042b15d9d7ad638e7d74cf52bb40bba728bea44e8787c77662d0a2651fce5 Copy to Clipboard
SSDeep 768:ArQp2nj1FtY1Xy2oSwc1F4dJL46NBSpcjMxPhGzu0x4HSZoUY3CQ49xgwZPAiZi1:xy/SwcruvNskWhZ0XZoUWCQig/iZi1 Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\readme.txt.Poteston Dropped File Stream
clean
...
»
Also Known As C:\Users\kEecfMwgj\Desktop\9a-Wiva\readme.txt.Poteston (Dropped File)
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\readme.txt.Poteston (Dropped File)
MIME Type application/octet-stream
File Size 832 Bytes
MD5 d8fecb4406db8b1fe0c20d376fdd6060 Copy to Clipboard
SHA1 c2998f6f4a8d471881644ce6ba4fdac531c62713 Copy to Clipboard
SHA256 ee72a319e5bdf201d4a660d6bb1f8487138fba95f1302cbd5be1386b99a83508 Copy to Clipboard
SSDeep 12:hrMphDtJVU1ZPAO9ApTKNV6s5kspzf3/Py1+ylP4bhmgWo0BDw9uVOa3S3v+AHXb:hg7ZYbYqoTAxrL/PCPmmDO91a3S/3d5r Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\TETQ.m4a.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 84.69 KB
MD5 b6212714caba36f9adf263d7a624f7a1 Copy to Clipboard
SHA1 c1baa5f8fa0ac14e0cb9db6a9a7b76ea5d11fedc Copy to Clipboard
SHA256 14b35f02aec8a29f8459ff89ebfffda8a6ed8717c7283760be321c36afdd5210 Copy to Clipboard
SSDeep 1536:BSJsZ1vmDh84h5DVX2E0gw+DycOuLZ+xWrMDYQz5Amq/pCsyAKfHQVXt5eqhYhn:8avy84PDVX6gnectbMDYA1uCBAvYqhYh Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\z71-eOvw.m4a.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 90.36 KB
MD5 6ff775a179e42132fa2b4eb1de2e5e30 Copy to Clipboard
SHA1 8ecb1325ff6718f7c99d2b169356ded061aba99c Copy to Clipboard
SHA256 f68111c5ce9b0eb20cc758410dd23cef9632d2331324504d185f94a345354089 Copy to Clipboard
SSDeep 1536:v3dc9uEOxX7eaLpF+i7H8hYULxEbG7b5vjvnZM/8g1o83RnxEWsBLcyr7c2K6R:vNl3X7eaNcYH8h3tbZgD1dnxpsNHPc2L Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\677aEP3NVPVTqr.jpg.Poteston Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 9.53 KB
MD5 3abf93e590087e1f812e5f355b836ed9 Copy to Clipboard
SHA1 ef3fe7a8c5f8276f1c0a284c7df861803a55da2f Copy to Clipboard
SHA256 f2df3c02d815fa5a7bbfa210518dd1156c9a15fd16a386e7e747116449c92b8e Copy to Clipboard
SSDeep 192:+wm9f4OXUFMCbMkgAIesOYhGo5921vNXszsE3wbA3lOwebhBRnG7XT7P/8Js1R4:8f4OMMtOoXzsJQlv13P/D6 Copy to Clipboard
ImpHash -
C:\autorun.inf Dropped File Setup Script
clean
...
»
MIME Type application/x-setupscript
File Size 50 Bytes
MD5 84f2469b06bab56a62e9ac97905f20b0 Copy to Clipboard
SHA1 0854591a52e79ac9cbb8c8108926dd623e17a97f Copy to Clipboard
SHA256 c6cc17044ddcdba769bcc1d6934b8956b5add43e623995dab4bd7db833ac14ff Copy to Clipboard
SSDeep 3:It1KV2xTcLNyK0x:e1KXED Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\9a-Wiva\readme.txt Dropped File Text
clean
...
»
Also Known As C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\readme.txt (Dropped File)
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\readme.txt (Dropped File)
MIME Type text/plain
File Size 830 Bytes
MD5 14515a7316ed829a68e988c48c780fd7 Copy to Clipboard
SHA1 0a056288724b168da0ac6abc4ca3972a10b78322 Copy to Clipboard
SHA256 ee6b00c8cf6f96397b4aedda4e748ec765bf9ddd9a52809fd3cf4e835128a107 Copy to Clipboard
SSDeep 24:DhsXtRa9bgZQpwR62HtelDaAA03IWXR9KGIFW:Dhgt4hpMIL9IWXRkI Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Desktop\LyNdnxnx\UkCm4Dq_\readme.txt.Poteston Dropped File Stream
clean
...
»
Also Known As C:\Users\kEecfMwgj\Desktop\9a-Wiva\readme.txt.Poteston (Dropped File)
MIME Type application/octet-stream
File Size 832 Bytes
MD5 e56f425447b9a54a187ad66ab7e7c654 Copy to Clipboard
SHA1 6e38fb80e5abc9771fb58303af4c19e323391cd4 Copy to Clipboard
SHA256 0af60cc2fe1717e698127033fe5d40647d1d4a1531779ea98e9de8e074ea9d7e Copy to Clipboard
SSDeep 24:hg7ZYbYqoTAxrL/PCPmmDO91a3SUEEjC6:hMRqoTE6PmmDc0COjC6 Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image