VMRay Analyzer Report
Severity Score
Total Score
Artifacts Database Version1.09
Artifacts Severity Rule TypePE32 (gui)
Detected Behavior
ArrowDeviceWrite master boot record (MBR)
ArrowKernelExecute code with kernel privileges
See kernel behavior tab for detailed information
ArrowAnti AnalysisIllegitimate API usage
Internal API "CreateProcessInternalW" used to start ""
ArrowInjectionWrite into memory of an other process
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\csrss.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\services.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\wininit.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\lsass.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\services.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\svchost.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\lsass.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\svchost.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\csrss.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\svchost.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\csrss.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winpeshl.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winlogon.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winpeshl.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\csrss.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\wallpaperhost.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winpeshl.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\wallpaperhost.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\winpeshl.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\sources\recovery\recenv.exe
\device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\csrss.exe modifies memory of \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\sources\recovery\recenv.exe
ArrowProcessCreate system object
Creates nameless mutex
Creates mutex with name "Global\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}"
Creates mutex with name "WinPEProfilingMutex"
ArrowFile SystemCreate many files
Create more than 50 files
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 
































Screenshot



Expand-Icon


Exit-Icon






icon_left




icon_left








image