VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: |
Ransomware
|
Threat Names: |
Gen:Variant.Ursu.776837
|
dwm.exe
Windows Exe (x86-32)
Created at 2020-03-04T09:12:00
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "30 seconds" to "10 seconds" to reveal dormant functionality.
Indicators
File (968)
»
Registry (45)
»
Mutex (1)
»
Mutex Name | Operations |
---|---|
Global\c1a76b5a-12ab-45c5-b9d9-d692faa6e7a2 | Access |
Domain (1)
»
Domain | Sources | Severity |
---|---|---|
f0402724.xsph.ru | Function Log, PCAP |
Unknown
|
URL (1)
»
URL | Operations | Category | Severity |
---|---|---|---|
http://f0402724.xsph.ru/wallpaper/Ravack.bmp | GET | Contacted |
Unknown
|
IP (1)
»
IP | Protocols | Sources |
---|---|---|
141.8.192.151 | TCP, DNS, HTTP | Function Log, PCAP |