Gandcrab Ransomware v4.1 | VMRay Analyzer Report
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win10_64 | exe
Classification: Trojan, Downloader, Ransomware

8ecbfe6f52ae98b5c9e406459804c4ba7f110e71716ebf05015a3a99c995baa1 (SHA256)

Jeremy Witt's Dental Records.exe

Windows Exe (x86-32)

Created at 2018-07-05 13:44:00

Notifications (2/2)

Due to a reputation service error, no query could be made to determine the reputation status of any contacted URL.

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

Top Threat Indicators (View all 138 threat indicators)

Screenshots

Monitored Processes

Analysis Information

Creation Time 2018-07-05 15:44 (UTC+2)
Analysis Duration 00:02:32
Number of Monitored Processes 2
Execution Successful True
Reputation Enabled True
Termination Reason Timeout
Tags
#gandcrab #ransomware

Analyzer and Virtual Machine Information

Analyzer Version 2.3.0
Analyzer Build Date 2018-04-12 16:32 (UTC+2)
Adobe Acrobat Reader Version 18.009.20050
Microsoft Office 2016
Microsoft Office Version 16.0.8431.2079
Microsoft Project Version 16.0.8431.2079
Microsoft Visio Version 16.0.8431.2079
Internet Explorer Version 11.0.10240.16384
Chrome Version 58.0.3029.110
Firefox Version 53.0.3
Flash Version 25.0.0.148
Java Version 8.0.1310.11
VM Name win10_64
VM Architecture x86 64-bit
VM OS Windows 10 Threshold 1
VM Kernel Version 10.0.10240.16384 (c68ee22f-dcf6-4778-95c5-4a862be16567)

Sample Information

ID #69119
MD5 Hash Value 903f8718a1c3c12042fc44bac6a4c786
SHA1 Hash Value b304bdfd90b5f24180bbe8ef7a19f386e9a4df41
SHA256 Hash Value 8ecbfe6f52ae98b5c9e406459804c4ba7f110e71716ebf05015a3a99c995baa1
Filename Jeremy Witt's Dental Records.exe
File Size 121.50 KB
File Type Windows Exe (x86-32)
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image