Analysis Date2018-05-08 22:09:06
MD50bd562f63266d3e7e036ce7585eec3f3
SHA17fe1b4b0abf774aa98140c4f860a315e712bcecc

Static Details:

AVArcabit (arcavir)Gen:Variant.Daytre.30
AVAuthentiumW32/S-02552467!Eldorado
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Kuluoz.lrse
AVAlwil (avast)Error Scanning File
AVAd-AwareGen:Variant.Daytre.30
AVBitDefenderGen:Variant.Daytre.30
AVBullGuardGen:Variant.Daytre.30
AVClamAVError Scanning File
AVDr. WebTrojan.PWS.Panda.7586
AVEmsisoftError Scanning File
AVMicroWorld (escan)Gen:Variant.Daytre.30
AVCA (E-Trust Ino)Error Scanning File
AVFortinetW32/Kryptik.WASH!tr
AVFrisk (f-prot)W32/S-02552467!Eldorado
AVF-SecureGen:Variant.Daytre.30
AVIkarusError Scanning File
AVK7Trojan ( 0052964f1 )
AVKasperskyError Scanning File
AVMalwareBytesRansom.CryptoWall
AVMcafeeDownloader-FSH!FB8AD87C8C6C
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVNANONo Virus
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVPadvishNo Virus
AVCAT (quickheal)TrojanRansom.Cryptodef
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecNo Virus
AVTrend MicroTROJ_UPATRE.SM37
AVTwisterSuspicious.E80000000058@.mg
AVVirusBlokAda (vba32)Hoax.Cryptodef
AVWindows DefenderTrojanDownloader:Win32/Upatre
AVZillya!Trojan.Cryptodef.Win32.2717

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\7fe1b4b0abf774aa98140c4f860a315e712bcecc.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\7fe1b4b0abf774aa98140c4f860a315e712bcecc.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\btkba.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\btkba.exe

Creates Mutex
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\btkba.exe

Network Details:


Raw Pcap

Strings