Https://www.hybrid-analysis.com là gì
Submission name: Set-up.exe
Mime: application/x-dosexec Operating System: Windows Last Anti-Virus Scan: 08/05/2022 00:18:02 (UTC) Last Sandbox Report: 08/03/2021 12:58:02 (UTC) malicious Threat Score: 65/100 Anti-Virus Results RefreshCrowdStrike Falcon Downloading data Static Analysis and ML
MetaDefender Submitting file Multi Scan Analysis
VirusTotal Downloading data Multi Scan Analysis
Related HashesFalcon Sandbox ReportsCommunityNetwork Behavior Contacts 2 domains and 2 hosts. View all details Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details. details Wrote 106 instructions to foreign process "300de5e62ae85a0c85540fa39758ad4f8c11fa88c9a1d4a5e8f1291a0725566b" (UID: 00101562-00001540) details 3/57 Antivirus vendors marked sample as malicious (5% detection rate) sourceExternal Systemrelevance
10/10 details "" allocated 00000088 bytes of
memory in "risjrov.exe" (Protection: "read/write") details "" wrote 65536 bytes starting with PE header signature to file "%LOCALAPPDATA%\risjrov.exe": 4d5a90000300000004000000ffff0000b8000000000000004000000000000000000000000000000000000000000000000000 ... sourceAPI Callrelevance1/10 details "" wrote 32 bytes to a foreign process "300de5e62ae85a0c85540fa39758ad4f8c11fa88c9a1d4a5e8f1291a0725566b" (PID: 00001540) details Found the following User-Agents: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022) details "All your documents, photos, databases and other important files have been encrypted Private decryption key is stored on a secret Internet server and nobody can Private decryption key is stored on a secret Internet server and nobody can If you see the main
encryptor red window, examine it and follow the instructions. If you have problems with gates, use direct connection: If you see the main encryptor red window, examine it and follow the instructions. Otherwise, it seems that you or your antivirus deleted the encryptor program. Now you have the last chance to decrypt your files. Open in your browser one of the links: http://iq3ahijcfeont3xx.fenaow48fn42.com http://iq3ahijcfeont3xx.sm4i8smr3f43.com
https://iq3ahijcfeont3xx.tor2web.blutmagie.de They are public gates to the secret server. Copy and paste the following Bitcoin address in the input form on server. Avoid missprints. %s Follow the instructions on the server. If you have problems with gates, use direct connection: 1. Download Tor Browser from http://torproject.org 2. In the Tor Browser open the http://iq3ahijcfeont3xx.onion/ Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable. Copy and paste the following Bitcoin address in the input form on server. Avoid missprints." (Source: 00001540.000001C8.101453.0043B000.wprm, Indicator: "decrypt your files") Private decryption key is stored on a secret Internet server and nobody can If you see the main encryptor red window, examine it and follow the instructions. If you have problems with gates, use direct connection: details Found dropped filename "RECOVERY_FILE.TXT"
File DetailsAll Details: hfxtnsu.exeFilenamehfxtnsu.exeSize375KiB (383488 bytes)Typepeexe executableDescriptionPE32 executable (GUI) Intel 80386, for MS WindowsArchitecture WINDOWSSHA256300de5e62ae85a0c85540fa39758ad4f8c11fa88c9a1d4a5e8f1291a0725566b VisualizationInput File (PortEx)Classification (TrID)
ScreenshotsLoading content, please wait... Hybrid AnalysisTip: Click an analysed process below to view more details. Analysed 5 processes in total. Network AnalysisDNS RequestsHTTP TrafficExtracted FilesDisplaying 32 extracted file(s). The remaining 251 file(s) are available in the full version and XML/JSON reports.
Notifications
|