d27298c2...3db0

VMRay Threat Indicators (9 rules, 18 matches)

Severity	Category	Operation	Count	Classification
5/5	Local AV	Malicious content was detected by heuristic scan	1	-
Local AV detected the sample itself as "Gen:Variant.Razy.501351". ... VTI Actions Go to AV match Go to file details
5/5	Reputation	Known malicious file	1	Trojan
File "C:\Users\FD1HVy\Desktop\___sondeuw.exe" is a known malicious file. ... VTI Actions Go to file details
4/5	File System	Modifies content of user files	1	Ransomware
Modifies the content of multiple user files. This is an indicator for an encryption attempt. ... VTI Actions Go to Behavior
4/5	OS	Modifies Windows automatic backups	1	-
Deletes Windows volume shadow copies. ... VTI Actions Go to process
1/5	Persistence	Installs system startup script or application	1	-
Adds "C:\Users\FD1HVy\Desktop\___sondeuw.exe" to Windows startup via registry. ... VTI Actions Go to Behavior
1/5	Process	Creates process with hidden window	1	-
The process "vssadmin" starts with hidden window. ... VTI Actions Go to Behavior
1/5	Masquerade	Changes folder appearance	3	-
Folder "c:\program files" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\program files (x86)" has a changed appearance. ... VTI Actions Go to Behavior
Folder "c:\users" has a changed appearance. ... VTI Actions Go to Behavior
1/5	File System	Modifies application directory	8	-
Modifies "c:\program files\desktop.ini". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files (x86)\desktop.ini". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\appxmanifest.xml". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\microsoft office\filesystemmetadata.xml". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\mozilla firefox\accessible.tlb". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\mozilla firefox\accessiblehandler.dll". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\mozilla firefox\accessiblemarshal.dll". ... VTI Actions Go to Behavior Go to file details
Modifies "c:\program files\mozilla firefox\api-ms-win-core-console-l1-1-0.dll". ... VTI Actions Go to Behavior Go to file details
1/5	Information Stealing	Possibly does reconnaissance	1	-
Possibly trying to gather information about application "Mozilla Firefox" by file. ... VTI Actions Go to Behavior

Screenshots

Monitored Processes

Sample Information

ID	#129198
MD5	ae0ac3d07b173d497066507b5d5585f1
SHA1	600ca6ebbfaf81fa9a118f0e5770c00715a85ec7
SHA256	d27298c23e8a7124efa37c7f2ff66b205d4b1740ca7666daafb9312748f33db0
SSDeep	24576:g+nvGxCcDglC1P8o8CXV26aZC92f/h48AcNr5V5KP/ccR5ewttk6:/vuD8cV26aZC92fK0Nj5KP/c6Ewttk6
ImpHash	6106ba735dc198349c7bf52b8eceaff3
Filename	___sondeuw.exe
File Size	1.05 MB
Sample Type	Windows Exe (x86-32)

Analysis Information

Creation Time	2019-07-30 22:10 (UTC+2)
Analysis Duration	00:04:37
Number of Monitored Processes	2
Execution Successful
Reputation Enabled
WHOIS Enabled
Local AV Enabled
YARA Enabled
Number of AV Matches	1
Number of YARA Matches	0
Termination Reason	Timeout
Tags

Remarks (1/1)

VMRay Threat Indicators (9 rules, 18 matches)

Screenshots

Monitored Processes

Sample Information

Analysis Information

Before

After