test.exe
Windows Exe (x86-32)
Created at 2019-06-01T18:40:00
Remarks (1/1)
(0x2000002): The maximum VM disk space was reached. The analysis was terminated prematurely.
VMRay Threat Indicators (12 rules, 17 matches)
| Severity | Category | Operation | Count | Classification | |
|---|---|---|---|---|---|
|
5/5
|
Local AV | Malicious content was detected by heuristic scan | 2 | - | |
|
|||||
|
|||||
|
4/5
|
OS | Modifies Windows automatic backups | 1 | - | |
|
|||||
|
3/5
|
File System | Possibly drops ransom note files | 1 | Ransomware | |
|
|||||
|
2/5
|
Anti Analysis | Tries to detect debugger | 1 | - | |
|
|||||
|
2/5
|
Reputation | Known suspicious file | 1 | Trojan | |
|
|||||
|
1/5
|
Process | Creates system object | 1 | - | |
|
|||||
|
1/5
|
Process | Creates process with hidden window | 1 | - | |
|
|||||
|
1/5
|
Process | Overwrites code | 1 | - | |
|
|||||
|
1/5
|
Network | Connects to remote host | 3 | - | |
|
|||||
|
|||||
|
|||||
|
1/5
|
Network | Connects to HTTP server | 3 | - | |
|
|||||
|
|||||
|
|||||
|
0/5
|
Process | Enumerates running processes | 1 | - | |
|
|||||
Screenshots
Monitored Processes
Sample Information
| ID | #670337 |
| MD5 |
345d140139d2d11713b06f1cd9a5669e
|
| SHA1 |
ca3c843964caa54471c136e8fc36bcb3534c1432
|
| SHA256 |
f9dfdce85f83d7a416ecc162a9f68643357b1fd10ea29e6b2cd934b967192a74
|
| SSDeep |
6144:kNlHAp8tUArLrLrLfMemq5MmsCdKSXZ/cJlCJ6AWJE9V50DErTNg/ydlb4fQ6wFL:14DmGw6yDKNg6dNoQl+v
|
| ImpHash |
a18f19bfde6ec917a1a314ee3f6727cd
|
| Filename | test.exe |
| File Size | 351.50 KB |
| Sample Type | Windows Exe (x86-32) |
Analysis Information
| Creation Time | 2019-06-01 20:40 (UTC+2) |
| Analysis Duration | 00:01:18 |
| Number of Monitored Processes | 5 |
| Execution Successful |
|
| Reputation Enabled |
|
| WHOIS Enabled |
|
| Local AV Enabled |
|
| YARA Enabled |
|
| Number of AV Matches | 2 |
| Number of YARA Matches | 0 |
| Termination Reason | VM disk exhausted |
| Tags |
