VMRay Analyzer Report

VMRay Analyzer Report

Try VMRay Analyzer

Analysis Information

Creation Time	2017-09-20 18:07 (UTC+2)
VM Analysis Duration Time	00:05:22
Execution Successful
Sample Filename	lxqfwvdqlkd.exe
Command Line Parameters
Prescript
Number of Processes	14
Termination Reason	Timeout
Reputation Enabled
Download	Archive Function Logfile Generic Logfile PCAP STIX/CybOX XML Summary JSON

VTI Information

VTI Score 98 / 100
VTI Database Version	2.6
VTI Rule Match Count	62
VTI Rule Type	Default (PE, ...)

Tags

#malware

Remarks

	The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.
	The operating system was rebooted during the analysis.
	The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.

Screenshots

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Monitored Processes

Process Graph

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0x9f4	Analysis Target	High (Elevated)	lxqfwvdqlkd.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lxqfwvdqlkd.exe"
#2	0xa24	Child Process	High (Elevated)	lxqfwvdqlkd.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lxqfwvdqlkd.exe"	#1
#3	0x564	Injection	Medium	explorer.exe	C:\Windows\Explorer.EXE	#2
#4	0xa30	Child Process	Medium	autofmt.exe	"C:\Windows\SysWOW64\autofmt.exe"	#3
#5	0xa38	Child Process	Medium	msiexec.exe	"C:\Windows\SysWOW64\msiexec.exe"	#3
#6	0xa44	Child Process	Medium	cmd.exe	/c copy "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lxqfwvdqlkd.exe" "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\igfxonux.scr" /V	#5
#7	0xa58	Child Process	Medium	cmd.exe	/c del "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lxqfwvdqlkd.exe"	#5
#8	0xb08	Child Process	Medium	firefox.exe	"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"	#5
#9	0x53c	Autostart	Medium	igfxonux.scr	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\igfxonux.scr" /S
#10	0x338	Child Process	Medium	igfxonux.scr	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\igfxonux.scr" /S	#9
#11	0x34c	Injection	Medium	explorer.exe	C:\Windows\Explorer.EXE	#10
#12	0x624	Child Process	Medium	autochk.exe	"C:\Windows\SysWOW64\autochk.exe"	#11
#13	0x634	Child Process	Medium	cmstp.exe	"C:\Windows\SysWOW64\cmstp.exe"	#11
#14	0x6dc	Child Process	Medium	firefox.exe	"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"	#13

Sample Information

ID	#18795
MD5 Hash Value	f5aceff295707412e7679e7c0f3a797e
SHA1 Hash Value	89c58b4bc7130630ff093afe1c57614a4b85ddc7
SHA256 Hash Value	ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d
Filename	lxqfwvdqlkd.exe
File Size	284.00 KB (290816 bytes)
File Type	Windows Exe (x86-32)

Analyzer and Virtual Machine Information

Analyzer Version	2.2.0
Analyzer Build Date	2017-09-12 16:39
Internet Explorer Version	8.0.7601.17514
Chrome Version	58.0.3029.110
Firefox Version	25.0
Flash Version	10.3.183.75
Java Version	7.0.450
VM Name	win7_64_sp1
VM Architecture	x86 64-bit
VM OS	Windows 7
VM Kernel Version	6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy".

Screenshot