GrandSoft Exploit Kit delivers GandCrab 3.0.0 Ransomware

VTI SCORE: 100/100

Target:

win7_64_sp1 | ie

Classification:

Downloader, Ransomware

http://financialbroker.gq

URL

Created at 2018-04-24 10:30:00

Notifications (2/3)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

The operating system was rebooted during the analysis.

Top Threat Indicators (View all 36 threat indicators)

Category	Operation	Classification
Anti Analysis	Tries to detect virtual machine	-
File System	Modifies application directory	-
OS	Modifies certificate store	-

Screenshots

Monitored Processes

Analysis Information

Creation Time	2018-04-24 12:30 (UTC+2)
Analysis Duration	00:10:29
Number of Monitored Processes	8
Execution Successful
Reputation Enabled
Termination Reason	Timeout
Tags	#exploit_kit #ransomware

Analyzer and Virtual Machine Information

Analyzer Version	2.3.0
Analyzer Build Date	2018-04-12 16:32 (UTC+2)
Adobe Acrobat Reader Version	10.0.0
Microsoft Office	2010
Microsoft Office Version	14.0.4762.1000
Microsoft Project Version	14.0.6023.1000
Microsoft Visio Version	14.0.6022.1000
VM Name	win7_64_sp1
VM Architecture	x86 64-bit
VM OS	Windows 7
VM Kernel Version	6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)

Sample Information

ID	#45437
URL	http://financialbroker.gq
File Type	URL

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".