VMRay Analyzer Report
| Creation Time | 2016-10-13 15:41 (UTC+2) |
| VM Analysis Duration Time | 00:02:42 |
| Execution Successful |  |
| Sample Filename | Tax Tool.exe |
| Command Line Parameters |  |
| Prescript | |
| Number of Processes | 5 |
| Termination Reason | Timeout |
| Download | Function Logfile Generic Logfile PCAP STIX/CybOX |
VTI Score 75 / 100 | |
| VTI Database Version | 2.2 |
| VTI Rule Match Count | 30 |
| VTI Rule Type | Default (PE, ...) |
| The tags feature is only available in the fully licensed version of VMRay Analyzer. |
| ID | PID | Monitor Reason | Image Name | Command Line | Origin ID |
|---|---|---|---|---|---|
| #1 | 0x990 | Analysis Target | tax tool.exe | "C:\Users\WI2yhmtI onvScY7Pe\Desktop\Tax Tool.exe" | |
| #2 | 0x84 | Child Process | devices.exe | "C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\Sun\Java\Devices.exe" | #1 |
| #3 | 0x2ec | Child Process | svchost.exe | C:\Windows\SysWOW64\svchost.exe -k netsvcs | #2 |
| #4 | 0xc54 | Child Process | svchost.exe | C:\Windows\SysWOW64\svchost.exe -k netsvcs | #2 |
| #5 | 0xcac | Child Process | cmd.exe | "C:\Windows\system32\cmd.exe" /c "C:\Users\WI2YHM~1\AppData\Local\Temp\upd823d0e12.bat" | #1 |
| ID | #625180 |
| MD5 Hash Value | 212ba96c626898e00e140d5fb3230dd8 |
| SHA1 Hash Value | 204764a6e5f7b2426274da728ee07927b813f68d |
| SHA256 Hash Value | ec2504089edf0330d58433079b2a5f72c102582c399ad73c59777ee03363929a |
| Filename | Tax Tool.exe |
| File Size | 121.50 KB (124416 bytes) |
| File Type | Windows Exe (x86-32) |
| Analyzer Version | 1.11.0 |
| Analyzer Build Date | 2016-09-19 10:58 (UTC+2) |
| VM Name | win10_64 |
| VM Description | Windows 10 (64-bit) |
| VM Architecture | x86 64-bit |
| VM OS | Windows 10 |
| VM Kernel Version | 10.0.10240.16384 (c68ee22f-dcf6-4778-95c5-4a862be16567) |
