Try VMRay Platform
Malicious
Classifications

Ransomware

Threat Names

Mal/Generic-S RedNet

Dynamic Analysis Report

Created on 2022-04-28T11:47:08+00:00

be88512c9250a558a3524e1c3bbd0299517cb0d6c3fb749c22df32033bf081e8.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000046): The maximum binlog size was reached. The analysis was terminated prematurely.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\be88512c9250a558a3524e1c3bbd0299517cb0d6c3fb749c22df32033bf081e8.exe Sample File Binary
Malicious
...
»
Also Known As \??\C:\Users\RDhJ0CNFevzX\Desktop\be88512c9250a558a3524e1c3bbd0299517cb0d6c3fb749c22df32033bf081e8.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 221.00 KB
MD5 17f97f9c91b0daf856526130cf9bd702 Copy to Clipboard
SHA1 268685c49e0bc50f7a7e977d2d71768a1e958f03 Copy to Clipboard
SHA256 be88512c9250a558a3524e1c3bbd0299517cb0d6c3fb749c22df32033bf081e8 Copy to Clipboard
SSDeep 6144:adSK04ETTZ+4TBpvjLCQHlJUgvoAbcz+w:aoL4EnU4T/vjLhnlv1bBw Copy to Clipboard
ImpHash 9dd8c0ff4fc84287e5b766563240f983 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x0040CCEF
Size Of Code 0x00019800
Size Of Initialized Data 0x0001D800
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2020-02-22 07:21 (UTC+1)
Version Information (7)
»
FileDescription
FileVersion 2.1.0.0
InternalName svchosta.exe
LegalCopyright
OriginalFilename svchosta.exe
ProductVersion 2.1.0.0
Assembly Version 2.1.0.0
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x000196D8 0x00019800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.75
.rdata 0x0041B000 0x00006DF2 0x00006E00 0x00019C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.44
.data 0x00422000 0x000030C0 0x00001600 0x00020A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.26
.rsrc 0x00426000 0x00015324 0x00015400 0x00022000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.99
Imports (4)
»
KERNEL32.dll (84)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RaiseException - 0x0041B000 0x00021618 0x00020218 0x0000035A
GetLastError - 0x0041B004 0x0002161C 0x0002021C 0x000001E6
MultiByteToWideChar - 0x0041B008 0x00021620 0x00020220 0x0000031A
lstrlenA - 0x0041B00C 0x00021624 0x00020224 0x000004B5
InterlockedDecrement - 0x0041B010 0x00021628 0x00020228 0x000002BC
GetProcAddress - 0x0041B014 0x0002162C 0x0002022C 0x00000220
LoadLibraryA - 0x0041B018 0x00021630 0x00020230 0x000002F1
FreeResource - 0x0041B01C 0x00021634 0x00020234 0x0000014F
SizeofResource - 0x0041B020 0x00021638 0x00020238 0x00000420
LockResource - 0x0041B024 0x0002163C 0x0002023C 0x00000307
LoadResource - 0x0041B028 0x00021640 0x00020240 0x000002F6
FindResourceA - 0x0041B02C 0x00021644 0x00020244 0x00000136
GetModuleHandleA - 0x0041B030 0x00021648 0x00020248 0x000001F6
Module32Next - 0x0041B034 0x0002164C 0x0002024C 0x0000030F
CloseHandle - 0x0041B038 0x00021650 0x00020250 0x00000043
Module32First - 0x0041B03C 0x00021654 0x00020254 0x0000030D
CreateToolhelp32Snapshot - 0x0041B040 0x00021658 0x00020258 0x000000AC
GetCurrentProcessId - 0x0041B044 0x0002165C 0x0002025C 0x000001AA
SetEndOfFile - 0x0041B048 0x00021660 0x00020260 0x000003CD
GetStringTypeW - 0x0041B04C 0x00021664 0x00020264 0x00000240
GetStringTypeA - 0x0041B050 0x00021668 0x00020268 0x0000023D
LCMapStringW - 0x0041B054 0x0002166C 0x0002026C 0x000002E3
LCMapStringA - 0x0041B058 0x00021670 0x00020270 0x000002E1
GetLocaleInfoA - 0x0041B05C 0x00021674 0x00020274 0x000001E8
CreateFileA - 0x0041B060 0x00021678 0x00020278 0x00000078
HeapFree - 0x0041B064 0x0002167C 0x0002027C 0x000002A1
GetProcessHeap - 0x0041B068 0x00021680 0x00020280 0x00000223
HeapAlloc - 0x0041B06C 0x00021684 0x00020284 0x0000029D
GetCommandLineA - 0x0041B070 0x00021688 0x00020288 0x0000016F
HeapCreate - 0x0041B074 0x0002168C 0x0002028C 0x0000029F
VirtualFree - 0x0041B078 0x00021690 0x00020290 0x00000457
DeleteCriticalSection - 0x0041B07C 0x00021694 0x00020294 0x000000BE
LeaveCriticalSection - 0x0041B080 0x00021698 0x00020298 0x000002EF
EnterCriticalSection - 0x0041B084 0x0002169C 0x0002029C 0x000000D9
VirtualAlloc - 0x0041B088 0x000216A0 0x000202A0 0x00000454
HeapReAlloc - 0x0041B08C 0x000216A4 0x000202A4 0x000002A4
HeapSize - 0x0041B090 0x000216A8 0x000202A8 0x000002A6
TerminateProcess - 0x0041B094 0x000216AC 0x000202AC 0x0000042D
GetCurrentProcess - 0x0041B098 0x000216B0 0x000202B0 0x000001A9
UnhandledExceptionFilter - 0x0041B09C 0x000216B4 0x000202B4 0x0000043E
SetUnhandledExceptionFilter - 0x0041B0A0 0x000216B8 0x000202B8 0x00000415
IsDebuggerPresent - 0x0041B0A4 0x000216BC 0x000202BC 0x000002D1
GetModuleHandleW - 0x0041B0A8 0x000216C0 0x000202C0 0x000001F9
Sleep - 0x0041B0AC 0x000216C4 0x000202C4 0x00000421
ExitProcess - 0x0041B0B0 0x000216C8 0x000202C8 0x00000104
WriteFile - 0x0041B0B4 0x000216CC 0x000202CC 0x0000048D
GetStdHandle - 0x0041B0B8 0x000216D0 0x000202D0 0x0000023B
GetModuleFileNameA - 0x0041B0BC 0x000216D4 0x000202D4 0x000001F4
WideCharToMultiByte - 0x0041B0C0 0x000216D8 0x000202D8 0x0000047A
GetConsoleCP - 0x0041B0C4 0x000216DC 0x000202DC 0x00000183
GetConsoleMode - 0x0041B0C8 0x000216E0 0x000202E0 0x00000195
ReadFile - 0x0041B0CC 0x000216E4 0x000202E4 0x00000368
TlsGetValue - 0x0041B0D0 0x000216E8 0x000202E8 0x00000434
TlsAlloc - 0x0041B0D4 0x000216EC 0x000202EC 0x00000432
TlsSetValue - 0x0041B0D8 0x000216F0 0x000202F0 0x00000435
TlsFree - 0x0041B0DC 0x000216F4 0x000202F4 0x00000433
InterlockedIncrement - 0x0041B0E0 0x000216F8 0x000202F8 0x000002C0
SetLastError - 0x0041B0E4 0x000216FC 0x000202FC 0x000003EC
GetCurrentThreadId - 0x0041B0E8 0x00021700 0x00020300 0x000001AD
FlushFileBuffers - 0x0041B0EC 0x00021704 0x00020304 0x00000141
SetFilePointer - 0x0041B0F0 0x00021708 0x00020308 0x000003DF
SetHandleCount - 0x0041B0F4 0x0002170C 0x0002030C 0x000003E8
GetFileType - 0x0041B0F8 0x00021710 0x00020310 0x000001D7
GetStartupInfoA - 0x0041B0FC 0x00021714 0x00020314 0x00000239
RtlUnwind - 0x0041B100 0x00021718 0x00020318 0x00000392
FreeEnvironmentStringsA - 0x0041B104 0x0002171C 0x0002031C 0x0000014A
GetEnvironmentStrings - 0x0041B108 0x00021720 0x00020320 0x000001BF
FreeEnvironmentStringsW - 0x0041B10C 0x00021724 0x00020324 0x0000014B
GetEnvironmentStringsW - 0x0041B110 0x00021728 0x00020328 0x000001C1
QueryPerformanceCounter - 0x0041B114 0x0002172C 0x0002032C 0x00000354
GetTickCount - 0x0041B118 0x00021730 0x00020330 0x00000266
GetSystemTimeAsFileTime - 0x0041B11C 0x00021734 0x00020334 0x0000024F
InitializeCriticalSectionAndSpinCount - 0x0041B120 0x00021738 0x00020338 0x000002B5
GetCPInfo - 0x0041B124 0x0002173C 0x0002033C 0x0000015B
GetACP - 0x0041B128 0x00021740 0x00020340 0x00000152
GetOEMCP - 0x0041B12C 0x00021744 0x00020344 0x00000213
IsValidCodePage - 0x0041B130 0x00021748 0x00020348 0x000002DB
CompareStringA - 0x0041B134 0x0002174C 0x0002034C 0x00000052
CompareStringW - 0x0041B138 0x00021750 0x00020350 0x00000055
SetEnvironmentVariableA - 0x0041B13C 0x00021754 0x00020354 0x000003D0
WriteConsoleA - 0x0041B140 0x00021758 0x00020358 0x00000482
GetConsoleOutputCP - 0x0041B144 0x0002175C 0x0002035C 0x00000199
WriteConsoleW - 0x0041B148 0x00021760 0x00020360 0x0000048C
SetStdHandle - 0x0041B14C 0x00021764 0x00020364 0x000003FC
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleInitialize - 0x0041B184 0x0002179C 0x0002039C 0x000000F4
OLEAUT32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantInit 0x00000008 0x0041B154 0x0002176C 0x0002036C -
SafeArrayCreate 0x0000000F 0x0041B158 0x00021770 0x00020370 -
SafeArrayAccessData 0x00000017 0x0041B15C 0x00021774 0x00020374 -
SafeArrayUnaccessData 0x00000018 0x0041B160 0x00021778 0x00020378 -
SafeArrayDestroy 0x00000010 0x0041B164 0x0002177C 0x0002037C -
SafeArrayCreateVector 0x0000019B 0x0041B168 0x00021780 0x00020380 -
VariantClear 0x00000009 0x0041B16C 0x00021784 0x00020384 -
SysFreeString 0x00000006 0x0041B170 0x00021788 0x00020388 -
SysAllocString 0x00000002 0x0041B174 0x0002178C 0x0002038C -
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CorBindToRuntimeEx - 0x0041B17C 0x00021794 0x00020394 0x0000000E
Memory Dumps (7)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
be88512c9250a558a3524e1c3bbd0299517cb0d6c3fb749c22df32033bf081e8.exe 1 0x00400000 0x0043BFFF Relevant Image False 32-bit 0x0041083E False
...
buffer 1 0x020B0000 0x020CFFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x04D60000 0x04D7EFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
mscorjit.dll 1 0x6DCF0000 0x6DD4AFFF First Execution False 32-bit 0x6DD3800B False
...
buffer 1 0x04E00000 0x04E00FFF First Execution False 32-bit 0x04E00000 False
...
buffer 1 0x01F84738 0x01FA4745 Image In Buffer False 32-bit - False
...
be88512c9250a558a3524e1c3bbd0299517cb0d6c3fb749c22df32033bf081e8.exe 1 0x00400000 0x0043BFFF Final Dump False 32-bit - False
...
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
Packer_RedNet Packer used to distribute malware -
5/5
...
C:\Users\Public\sys.bat Dropped File Text
Malicious
...
»
MIME Type text/plain
File Size 1.48 KB
MD5 d2aba3e1af80edd77e206cd43cfd3129 Copy to Clipboard
SHA1 3116da65d097708fad63a3b73d1c39bffa94cb01 Copy to Clipboard
SHA256 8940135a58d28338ce4ea9b9933e6780507c56ab37a2f2e3a1a98c6564548a12 Copy to Clipboard
SSDeep 24:oIAIYhuQuYmhYwbYm9Y8zYxQ4fkfgwu8rfev+eCW15i:oXTtXMZu8rfePr1U Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
C:\Program Files\Common Files\n_NxG3 TG8VT.jpg[newpatek@cock.li].MARRA Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 25.58 KB
MD5 85b500c8b7921e1243bd82f777f951c2 Copy to Clipboard
SHA1 ee6e7d259374ed7aeeb5242cd6a55883e09e971a Copy to Clipboard
SHA256 ab87b945b4cd562202394bf73e6fd2f604a6ffdb3b31307418ba47d9b8cfd7b3 Copy to Clipboard
SSDeep 768:8g4MYrcc10mv/OGnuULTzA9V1aixXYCrMNvwtqTZ:8grkcc1NG6uUL4V1aqYfNvso Copy to Clipboard
ImpHash -
C:\$Recycle.Bin\MARRACRYPT_INFORMATION.HTML Dropped File HTML
Clean
...
»
Also Known As C:\Boot\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\PerfLogs\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\Services\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\System\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\System\ado\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\System\ado\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\System\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ClickToRun\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\Stationery\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\TextConv\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\Triedit\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\VC\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\VGX\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\da-DK\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\de-DE\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\el-GR\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\en-GB\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\es-ES\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\es-MX\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\et-EE\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\he-IL\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\it-IT\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Defender\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Journal\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Journal\Templates\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Journal\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Mail\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Mail\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Media Player\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Media Player\Media Renderer\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Media Player\Network Sharing\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Media Player\Skins\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Media Player\Visualizations\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Multimedia Platform\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows NT\Accessories\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows NT\Accessories\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows NT\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows NT\TableTextService\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows NT\TableTextService\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Photo Viewer\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Photo Viewer\en-US\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Portable Devices\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Sidebar\Gadgets\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Sidebar\MARRACRYPT_INFORMATION.HTML (Accessed File)
C:\Program Files\Windows Sidebar\Shared Gadgets\MARRACRYPT_INFORMATION.HTML (Accessed File)
c:\users\marracrypt_information.html (Dropped File)
MIME Type text/html
File Size 6.24 KB
MD5 218b149978d7e893780d6cd0489d1dae Copy to Clipboard
SHA1 d0cfdbcc72447852fa5e384bd97ff087f0a2a0bd Copy to Clipboard
SHA256 88f0015ad381b66e803842931dda2704b5d0076392f69b66e8a964e222e3cc8d Copy to Clipboard
SSDeep 96:hS8D6Iu8wfPzS9VA6lFsvf7lV6la3HmQgIuVkvjbfk60u2oj73/snkTKOcDxBqsA:h4zf4/qt38kv3t0uNy8RgxkesigaE Copy to Clipboard
ImpHash -
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml[newpatek@cock.li].MARRA Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 4.94 KB
MD5 e909f3fddcb0801cb1cb01228f3177f5 Copy to Clipboard
SHA1 8cf7d5bddf60d7dac6aca5ac9a7eb217a9963ec0 Copy to Clipboard
SHA256 6e110d252e956412713fcc9b7fa0cb6b195a6d662651635629e44a7d101e0b52 Copy to Clipboard
SSDeep 96:sGzpcWuYjpx5eD4hBSET7Vsxa7Z+nAgEaiM7zM/UKpW+WFAmKjilx:HzNx4qSEPVsEsAz1MziAWjij Copy to Clipboard
ImpHash -
C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml[newpatek@cock.li].MARRA Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 4.61 KB
MD5 91689ec79b03b06bf9cc6695d21fefdd Copy to Clipboard
SHA1 5c434d0e3f2e78d7e80bf9102d45adb32d15d090 Copy to Clipboard
SHA256 fa7943a3aed783cd7ed4c6e95be582876c1f02c21204721d216eff2597962cdb Copy to Clipboard
SSDeep 96:VxuYeVFLHa8sGKbpMTxcIiAQ7U+zLY0dvxz5XRqCb5cgf:V268jTxttQ7hznjNXfbjf Copy to Clipboard
ImpHash -
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml[newpatek@cock.li].MARRA Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 4.31 KB
MD5 ac96a1e41cea03809aca024a631f0d43 Copy to Clipboard
SHA1 33237c75241b3dd2753e41aeff76da79fbabe742 Copy to Clipboard
SHA256 037632396b47ec22658e15758a6a1b7357b1a39703f8eafe9e0cf6bc0bc0024d Copy to Clipboard
SSDeep 96:2d/6KAG1lUTneutkSwSebexQCvu6Am2hXI0iT+W6twCWP8EPy7MYwq5s4:eD12eOkSLebKZqN52CWUwygG59 Copy to Clipboard
ImpHash -
C:\Users\Public\MARRACRYPT_ID_DO_NOT_TOUCH Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.66 KB
MD5 9b8c096fe23dd8d0ece79b29e1619d2b Copy to Clipboard
SHA1 e298c529c98838736597926e701bb9b2221e24c3 Copy to Clipboard
SHA256 75ceb6d60b0abf24795bd77de0fc9b8f9958638bf111f04e831714a34b3beb47 Copy to Clipboard
SSDeep 48:RdjkuEZwu2EGeEJp+1WFZG77g+swcAwcs9GoF:RdQuaijeEJpcwfAxs9DF Copy to Clipboard
ImpHash -
C:\Users\Public\MARRACRYPT_ID_DO_NOT_TOUCH Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.14 KB
MD5 dd425f446829b27a23da7102b0722af9 Copy to Clipboard
SHA1 e550db5005de5e417804c15b573ed0f7b028ba1b Copy to Clipboard
SHA256 b8c94f3f2f59902accf583a1d63607d4edd6b74f32ff46d6562fd9774e472997 Copy to Clipboard
SSDeep 24:I4VFHiBG2Av8W6l7uVrgDfJlMA1lrB41mDeHqSXCqJ06NI0GLzfJSsz:/P2EUuVAMgB8miHS6enhz Copy to Clipboard
ImpHash -
C:\ProgramData\newpatek\onmywrist.bat Dropped File Text
Clean
...
»
Also Known As \??\C:\ProgramData\newpatek\onmywrist.bat (Accessed File)
MIME Type text/x-msdos-batch
File Size 346 Bytes
MD5 3a359ee45cf4c173ba6952f2a015cf05 Copy to Clipboard
SHA1 263464d3f25dd755e59ec76e9e0185fe18079d6e Copy to Clipboard
SHA256 75f25a3c2d1383ff052b7848e1133c383075e8f65b8a70eb2fd49321dcf076b0 Copy to Clipboard
SSDeep 6:hlmRA78cjWr3FchDQDVdjYWW3Yo5POc9/ToHIFleQi0EDmRC/ISU65vrJXSLp2WE:t7Er3FEDQTj7W3Ykf7DLU1DmRyID6VN5 Copy to Clipboard
ImpHash -
C:\Users\Public\PUBLIC_KEY_DO_NOT_TOUCH Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 276 Bytes
MD5 3561460993bef0af654a731fd34846d2 Copy to Clipboard
SHA1 9420921e269b35bf7f087a7c46db2f41833b9558 Copy to Clipboard
SHA256 cc1d60af1cc96282afa832d3f65cacbcc612c47e00d2006beb5949b144d1638e Copy to Clipboard
SSDeep 6:mtNERt4Rgj+5OWwoeft9+L0xSloqwX4x7VrIrddHvPesQJyvPOv:Y4H3o491cloHiBITPP1QJyvPOv Copy to Clipboard
ImpHash -
C:\Program Files\Common Files\System\msadc\MARRACRYPT_INFORMATION.HTML Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Program Files\Windows Media Player\en-US\MARRACRYPT_INFORMATION.HTML Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image