ee5ebb71...e7ef

VTI SCORE: 91/100

Target:

win7_64_sp1 | exe

Classification:

Trojan, Dropper, Ransomware

ee5ebb71405d500052076c8e1885555de9414454839e9c26a2746b1cc97fe7ef (SHA256)

KryptoTrojaner.exe

Windows Exe (x86-32)

Created at 2018-07-01 18:25:00

Severity	Category	Operation	Classification
4/5	File System	Renames user files	Ransomware
Renames multiple user files. This is an indicator for an encryption attempt. ... VTI Actions Go to Function Call
4/5	File System	Associated with malicious files	Trojan
File "c:\users\5p5nrgjn0js halpmcxz\appdata\local\templanran.exe" is a known malicious file. ... VTI Actions Go to File Details Go to Function Call
3/5	Browser	Reads data related to browser cookies	-
Reads Cookies for "Microsoft Internet Explorer". ... VTI Actions Go to Function Call
2/5	File System	Associated with suspicious files	Trojan
File "c:\users\5p5nrgjn0js halpmcxz\appdata\local\temprunsom.exe" is a known suspicious file. ... VTI Actions Go to File Details Go to Function Call
1/5	File System	Creates an unusually large number of files	-
Creates an unusually large number of files. ... VTI Actions Go to File Details Go to Function Call
1/5	PE	Drops PE file	Dropper
Drops file "c:\users\5p5nrgjn0js halpmcxz\appdata\local\templanran.exe". ... VTI Actions Go to File Details Go to Function Call
Drops file "c:\users\5p5nrgjn0js halpmcxz\appdata\local\temprunsom.exe". ... VTI Actions Go to File Details Go to Function Call
1/5	PE	Executes dropped PE file	-
Executes dropped file "c:\users\5p5nrgjn0js halpmcxz\appdata\local\templanran.exe". ... VTI Actions Go to File Details Go to Function Call
Executes dropped file "c:\users\5p5nrgjn0js halpmcxz\appdata\local\temprunsom.exe". ... VTI Actions Go to File Details Go to Function Call

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After