0761d457...5af4 | VMRay Analyzer Report
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan

VMRay Threat Identifiers (8 rules, 8 matches)

SeverityCategoryOperationCountClassification
5/5
Local AVMalicious content was detected by heuristic scan1-
5/5
DeviceWrites to Master Boot Record (MBR)1-
5/5
ReputationKnown malicious file1Trojan
1/5
Network ConnectionPerforms DNS request1-
1/5
ProcessCreates process with hidden window1-
1/5
Network ConnectionConnects to remote host1-
1/5
Network ConnectionConnects to HTTP server1-
1/5
StaticUnparsable sections in file1-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Bootkit
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Standard Application Layer Protocol
Exfiltration
Impact

Sample Information

ID#394166
MD5
e1a0d2c243b13462fae23efc1c153832
SHA1
d981f405e8426bae262fa203eefdfc9057b7f7b1
SHA256
0761d457fc499631b8da39898ac7207530cb419cb6cbf8b01c689dcc6d635af4
SSDeep
12288:tRXEyRxsMGLHc95PaC0qtLGvLLSkkg6z5eTHIxG6F/KTdRZ5pnr09m:tR0EOMkw5Payt6vxHa4Elit3r09m
ImpHash
f34d5f2d4577ed6d9ceec516c1f5a744
FilenameShrugTwo.exe
File Size566.00 kB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time:2019-12-26 06:12 (UTC+)
Analysis Duration:00:04:00
Number of Monitored Processes5
Execution SuccessfulTrue
Reputation EnabledTrue
WHOIS EnabledFalse
Local AV EnabledTrue
YARA EnabledTrue
Number of AV Matches1
Number of YARA Matches0
Termination ReasonTimeout
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image