VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: |
Ransomware
|
Threat Names: |
Djvu
STOP
Trojan.GenericKD.43348205
...
|
host1506_2020-06-15_14-07.exe
Windows Exe (x86-32)
Created at 2020-06-16T14:47:00
Remarks (2/2)
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
Indicators
File (306)
»
Registry (4)
»
Mutex (1)
»
Mutex Name | Operations |
---|---|
{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} | Access |
Domain (2)
»
Domain | Sources | Severity |
---|---|---|
cjto.top | Function Log, PCAP |
Blacklisted
|
api.2ip.ua | Function Log |
Unknown
|
URL (2)
»
URL | Operations | Category | Severity |
---|---|---|---|
http://cjto.top/yyyxxx1/get.php?pid=B0ED29E149F193F03F22B39AC6D876E7 | GET | Contacted |
Blacklisted
|
https://api.2ip.ua/geo.json | GET | Contacted |
Unknown
|
IP (2)
»
IP | Protocols | Sources |
---|---|---|
77.123.139.189 | TCP, HTTPS | Function Log, PCAP |
84.38.182.129 | TCP, HTTP | Function Log, PCAP |