Spora Ransomware | VMRay Analyzer Report
Try VMRay Analyzer
Analysis Information
Creation Time 2017-01-11 14:00 (UTC+1)
VM Analysis Duration Time 00:02:14
Execution Successful True
Sample Filename 46a3363282b09631b84d2fe70c1519fe7dac3133e7a85e5e3db638d258b03024.hta
Command Line Parameters False
Prescript False
Number of Processes 12
Termination Reason Timeout
Download Archive Function Logfile Generic Logfile PCAP STIX/CybOX
VTI Information
VTI Score
85 / 100
VTI Database Version 2.4
VTI Rule Match Count 18
VTI Rule Type Default (PE, ...)
Tags
Tags are only available in online mode!
Screenshots
Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot
Monitored Processes
Process Graph


ID PID Monitor Reason Image Name Command Line Origin ID
#1 0x980 Analysis Target mshta.exe "C:\WINDOWS\System32\mshta.exe" "C:\Users\UWZPA0~1\Desktop\46A336~1.HTA"
#2 0xa90 Child Process wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\UWZPA0~1\AppData\Local\Temp\spr2x.js" #1
#4 0xb30 Child Process wordpad.exe "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\UWZPA0~1\AppData\Local\Temp\doc_113fce.docx" #2
#5 0xb3c Child Process 4a0f17b9936.exe "C:\Users\UWZPA0~1\AppData\Local\Temp\4a0f17b9936.exe" #2
#6 0xb68 Child Process 4a0f17b9936.exe C:\Users\UWZPA0~1\AppData\Local\Temp\4a0f17b9936.exe #5
#7 0x9c8 Child Process cmd.exe "C:\WINDOWS\SysWOW64\cmd.exe" /c "C:\Users\UWZPA0~1\AppData\Local\Temp\4a0f17b9936.exe" /u #6
#9 0xa3c Child Process 4a0f17b9936.exe C:\Users\UWZPA0~1\AppData\Local\Temp\4a0f17b9936.exe /u #7
#10 0xa48 Child Process 4a0f17b9936.exe C:\Users\UWZPA0~1\AppData\Local\Temp\4a0f17b9936.exe #9
#11 0xa44 Child Process iexplore.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Users\uWZPA0LPqa\Desktop\US115-4ERZT-OTZTZ-TOFTZ.HTML #6
#12 0xa54 Child Process iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:78849 /prefetch:2 #11
#14 0x678 Child Process iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:333057 /prefetch:2 #12
#15 0x9a0 Child Process iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:529665 /prefetch:2 #12
Sample Information
ID #722919
MD5 Hash Value fd2f9c1651f9f4220cdce9620ed3c70d
SHA1 Hash Value 9ddfe8f5d50bed57e079eb73e856630792a4b826
SHA256 Hash Value 46a3363282b09631b84d2fe70c1519fe7dac3133e7a85e5e3db638d258b03024
Filename 46a3363282b09631b84d2fe70c1519fe7dac3133e7a85e5e3db638d258b03024.hta
File Size 215.18 KB (220342 bytes)
File Type HTML Application
Analyzer and Virtual Machine Information
Analyzer Version 1.11.0
Analyzer Build Date 2017-01-09 17:13 (UTC+2)
VM Name win8.1_64
VM Description Windows 8.1 (64-bit)
VM Architecture x86 64-bit
VM OS Windows 8.1
VM Kernel Version 6.3.9600.17415 (4a1e2990-c0d9-4049-afea-eada5768eab3)
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 



    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image