VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: |
Ransomware
|
Threat Names: |
Djvu
STOP
Trojan.GenericKD.42870227
...
|
1A3E.TMP.EXE.exe
Windows Exe (x86-32)
Created at 2020-03-21T04:46:00
Remarks (2/2)
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
Indicators
File (288)
»
Registry (4)
»
Mutex (1)
»
Mutex Name | Operations |
---|---|
{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} | Access |
Domain (2)
»
Domain | Sources | Severity |
---|---|---|
nokd.top | Function Log, PCAP |
Blacklisted
|
api.2ip.ua | Function Log |
Unknown
|
URL (2)
»
URL | Operations | Category | Severity |
---|---|---|---|
http://nokd.top/ydtftysdtyftysdfsdpen3/get.php?pid=61EEC85770ED6E24294ED56A7224FB65 | GET | Contacted |
Blacklisted
|
https://api.2ip.ua/geo.json | GET | Contacted |
Unknown
|
IP (2)
»
IP | Protocols | Sources |
---|---|---|
77.123.139.189 | HTTPS, TCP | Function Log, PCAP |
84.38.180.133 | TCP, HTTP | Function Log, PCAP |