Analysis Date2018-05-08 14:37:57
MD50884c78dd73335928419171e68d23e7c
SHA1d2ed384a9b1337da6d86951eeaf0f93dc6e2d80e

Static Details:

AVArcabit (arcavir)Gen:Variant.Daytre.30
AVAuthentiumW32/S-02552467!Eldorado
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Kuluoz.lrse
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVAd-AwareGen:Variant.Daytre.30
AVBitDefenderGen:Variant.Daytre.30
AVBullGuardGen:Variant.Daytre.30
AVClamAVBC.Heuristic.Trojan.SusPacked.BF-6.A
AVDr. WebTrojan.PWS.Panda.7586
AVEmsisoftGen:Variant.Daytre.30
AVMicroWorld (escan)Gen:Variant.Daytre.30
AVCA (E-Trust Ino)Gen:Variant.Daytre.30
AVFortinetW32/Kryptik.WASH!tr
AVFrisk (f-prot)W32/S-02552467!Eldorado
AVF-SecureGen:Variant.Daytre.30
AVIkarusTrojan.Win32.Bublik
AVK7Error Scanning File
AVKasperskyTrojan-Ransom.Win32.Cryptodef.zv
AVMalwareBytesError Scanning File
AVMcafeeDownloader-FSH!FB8AD87C8C6C
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Upatre
AVNANONo Virus
AVEset (nod32)Win32/TrojanDownloader.Waski.A
AVPadvishNo Virus
AVCAT (quickheal)TrojanRansom.Cryptodef
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroTROJ_UPATRE.SM37
AVTwisterSuspicious.E80000000058@.mg
AVVirusBlokAda (vba32)Hoax.Cryptodef
AVWindows DefenderTrojanDownloader:Win32/Upatre
AVZillya!Trojan.Cryptodef.Win32.2717

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\d2ed384a9b1337da6d86951eeaf0f93dc6e2d80e.exe

Creates Mutex
Creates Mutex
Creates Mutex
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\d2ed384a9b1337da6d86951eeaf0f93dc6e2d80e.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\btkba.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\btkba.exe

Creates Mutex
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\btkba.exe

Network Details:


Raw Pcap

Strings