VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: Ransomware, Trojan |
_00270000.mem.exe
Windows Exe (x86-32)
Created at 2019-05-13T19:45:00
Remarks (2/3)
(0x2000002): The maximum VM disk space was reached. The analysis was terminated prematurely.
(0x200000e): The overall sleep time of all monitored processes was truncated from "39 minutes, 35 seconds" to "13 minutes, 50 seconds" to reveal dormant functionality.
Detection Information
Local AV Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps, Embedded Files |
YARA Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps, Embedded Files |
Local AV Matches (1)
»
File Type | Threat Name | Filename | Severity | Actions |
---|---|---|---|---|
Sample File | Gen:Variant.Ransom.1687 | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_00270000.mem.exe |
Malicious
|
...
|
YARA Matches (7)
»
Ruleset Name | Rule Name | Rule Description | File Type | Filename | Classification | Severity | Actions |
---|---|---|---|---|---|---|---|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ga[1].js.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\528d82a2[1].js.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[2].jspg.RYK.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[1].jspg.RYK.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ast[2].js].jpg.RYK.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\ast[1].jsni.RYK.RYK | - |
Malicious
|
...
|
Generic | JS_High_Entropy | JavaScript has a high entropy; possible obfuscation | Modified File | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adex[1].js.jpg.RYK.RYK | - |
Malicious
|
...
|