9c88c66f...df14 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Ransomware

9c88c66f44eba049dcf45204315aaf8ba1e660822f9e97aec51b1c305f5fdf14 (SHA256)

Kraken.exe

Windows Exe (x86-32)

Created at 2018-09-14 09:46:00

...

Notifications (1/1)

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Network Overview

Hosts (5)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
ipinfo.io 216.239.34.21, 216.239.32.21, 216.239.36.21, 216.239.38.21 Emeryville (United States) TCP, UDP
Unknown
Show WHOIS
download.sysinternals.com, az155186.vo.msecnd.net, cs22.wpc.v0cdn.net 152.199.19.160 Ashburn (United States) TCP, UDP
Unknown
Show WHOIS
127.0.0.1 127.0.0.1 - -
Unknown
Show WHOIS
- 157.56.120.207 - UDP
Not Queried
Not Queried
- 157.56.120.208 - UDP
Not Queried
Not Queried
DNS Queries (3)
»
Hostname Categories Names Source Reputation Status
ipinfo.io - - Function Log
Unknown
download.sysinternals.com - - Function Log
Unknown
127.0.0.1 - - Function Log
Unknown

Connections

ICMP (3)
»
Operation Additional Information Success Count Logfile
Send ICMP Echo source_address = 0.0.0.0, timeout = 4000 True 3
Fn
DNS (6)
»
Operation Additional Information Success Count Logfile
Resolve Address address = 127.0.0.1, host_out = 127.0.0.1 True 2
Fn
Resolve Name host = ipinfo.io, address_out = 216.239.34.21, 216.239.32.21, 216.239.36.21, 216.239.38.21 True 1
Fn
Resolve Name host = download.sysinternals.com, address_out = 152.199.19.160 True 1
Fn
Resolve Name host = 127.0.0.1, address_out = 127.0.0.1 True 1
Fn
Resolve Name host = ipinfo.io, address_out = 216.239.34.21 True 1 -
TCP Sessions (3)
»
Information Value
Total Data Sent 3.19 KB
Total Data Received 199.22 KB
Contacted Host Count 3
Contacted Hosts 216.239.34.21, 152.199.19.160, 152.199.19.160:443
TCP Session #1
»
Information Value
Handle 0x814
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 152.199.19.160
Remote Port 443
Local Address 0.0.0.0
Local Port 49429
Data Sent 0.39 KB
Data Received 165.83 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 152.199.19.160, remote_port = 443 True 1
Fn
Send flags = NO_FLAG_SET, size = 137, size_out = 137 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 69, size_out = 69 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 6606, size_out = 6606 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 331, size_out = 331 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4, size_out = 4 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 134, size_out = 134 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 202, size_out = 202 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 1, size_out = 1 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 48, size_out = 48 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 133, size_out = 133 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 512, size_out = 512 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 5798 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 10618, size_out = 10618 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 1020 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 15396, size_out = 15396 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 4132 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 12284, size_out = 1460 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 10824, size_out = 8760 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 2064, size_out = 2064 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 16416, size_out = 16416 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 32, size_out = 32 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 5, size_out = 5 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 13680, size_out = 13680 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Source PCAP
Stream ID 0
Remote Address 216.239.34.21
Remote Port 443
Local Address 192.168.0.53
Local Port 49426
Data Sent 0.96 KB
Data Received 2.80 KB
Time Highest Layer Additional Information Success
4.250513 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
4.275945 s TCP Data Sent: 0.05 KB, Data Received: 1.45 KB True
5.027909 s SSL Data Sent: 0.17 KB, Data Received: 0.05 KB True
5.056495 s TCP Data Sent: 0.05 KB, Data Received: 0.35 KB True
5.062346 s SSL Data Sent: 0.18 KB, Data Received: 0.11 KB True
5.160630 s TCP Data Sent: 0.05 KB, Data Received: 0.67 KB True
5.550122 s SSL Data Sent: 0.23 KB, Data Received: 0.05 KB True
6.153775 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
106.066641 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
106.118148 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #3
»
Information Value
Source PCAP
Stream ID 4
Remote Address 152.199.19.160
Remote Port 443
Local Address 192.168.0.53
Local Port 49429
Data Sent 1.83 KB
Data Received 30.59 KB
Time Highest Layer Additional Information Success
114.511599 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
114.526192 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.528180 s SSL Data Sent: 0.19 KB, Data Received: 0.05 KB True
114.547669 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.548865 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.552951 s SSL Data Sent: 0.18 KB, Data Received: 0.31 KB True
114.602537 s SSL Data Sent: 0.18 KB, Data Received: 0.59 KB True
114.620467 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.620633 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.620899 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.621189 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.621438 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.621661 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.621813 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.633705 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.633894 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.634189 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.634486 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.640843 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.641043 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.647540 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.647824 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.647955 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.652940 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
114.660438 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
114.660856 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
115.012603 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
UDP Sessions (4)
»
Total Data Sent 1.06 KB
Total Data Received 1.76 KB
Contacted Host Count 3
Contacted Hosts 192.168.0.1, 157.56.120.207, 157.56.120.208
UDP Session #1
»
Information Value
Source PCAP
Stream ID 14
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.53
Local Port 59802
Data Sent 0.07 KB
Data Received 0.27 KB
Time Highest Layer Additional Information Success
4.022645 s DNS Data Sent: 0.07 KB, Data Received: 0.27 KB True
UDP Session #2
»
Information Value
Source PCAP
Stream ID 16
Remote Address 157.56.120.207
Remote Port 3544
Local Address 192.168.0.53
Local Port 58129
Data Sent 0.70 KB
Data Received 1.03 KB
Time Highest Layer Additional Information Success
20.711775 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
61.376683 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
61.413910 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
92.484120 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
127.622317 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
160.112188 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
191.056603 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
UDP Session #3
»
Information Value
Source PCAP
Stream ID 17
Remote Address 157.56.120.208
Remote Port 3544
Local Address 192.168.0.53
Local Port 58129
Data Sent 0.20 KB
Data Received 0.29 KB
Time Highest Layer Additional Information Success
20.755554 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
61.494906 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
UDP Session #4
»
Information Value
Source PCAP
Stream ID 50
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.53
Local Port 49842
Data Sent 0.08 KB
Data Received 0.17 KB
Time Highest Layer Additional Information Success
114.499040 s DNS Data Sent: 0.08 KB, Data Received: 0.17 KB True
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image