83870dd4c1c44775e9c3aa5d5bd4abce782cb07f3454de4a82bf24f26381d947 (SHA256)
WscParent.exe
Created at 2018-10-03 03:10:00
Notifications (2/2)
Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.
The operating system was rebooted during the analysis.
Severity | Category | Operation | Classification | |
---|---|---|---|---|
4/5
|
File System | Modifies content of user files | Ransomware | |
|
||||
4/5
|
File System | Deletes user files | Wiper | |
|
||||
4/5
|
File System | Known malicious file | Trojan | |
|
||||
2/5
|
Anti Analysis | Resolves APIs dynamically to possibly evade static detection | - | |
|
||||
2/5
|
Injection | Writes into the memory of a process running from a created or modified executable | - | |
|
||||
2/5
|
Injection | Modifies control flow of a process running from a created or modified executable | - | |
|
||||
1/5
|
Process | Creates system object | - | |
|
||||
|
||||
|
||||
1/5
|
Process | Creates process with hidden window | - | |
|
||||
|
||||
1/5
|
Process | Creates a page with write and execute permissions | - | |
|
||||
1/5
|
File System | Modifies operating system directory | - | |
|
||||
1/5
|
Persistence | Installs system startup script or application | - | |
|
||||
|
||||
|
||||
1/5
|
Process | Reads from memory of another process | - | |
|
||||
|
||||
1/5
|
Masquerade | Changes folder appearance | Riskware | |
|
||||
1/5
|
File System | Modifies application directory | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
1/5
|
File System | Creates an unusually large number of files | - | |
|