sgm_20190527_desfuhohdt.exe
Created at 2019-06-09T15:05:00
VMRay Threat Indicators (21 rules, 67 matches)
Severity | Category | Operation | Count | Classification | |
---|---|---|---|---|---|
4/5
|
Information Stealing | Exhibits Spyware behavior | 1 | Spyware | |
|
|||||
4/5
|
Injection | Writes into the memory of another running process | 8 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
4/5
|
Injection | Modifies control flow of another process | 9 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
3/5
|
Browser | Changes security-related browser settings | 1 | - | |
|
|||||
3/5
|
Device | Monitors keyboard input | 1 | Keylogger | |
|
|||||
2/5
|
Anti Analysis | Resolves APIs dynamically to possibly evade static detection | 1 | - | |
|
|||||
2/5
|
Information Stealing | Reads sensitive mail data | 1 | - | |
|
|||||
2/5
|
Information Stealing | Reads sensitive browser data | 5 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
2/5
|
Anti Analysis | Delays execution | 1 | - | |
|
|||||
2/5
|
Reputation | Known suspicious file | 1 | Trojan | |
|
|||||
2/5
|
YARA | YARA match | 1 | - | |
|
|||||
1/5
|
Information Stealing | Reads system data | 1 | - | |
|
|||||
1/5
|
Process | Creates process with hidden window | 6 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
1/5
|
Process | Reads from memory of another process | 7 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
1/5
|
Process | Creates a page with write and execute permissions | 1 | - | |
|
|||||
1/5
|
Process | Creates system object | 10 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
1/5
|
Information Stealing | Possibly does reconnaissance | 1 | - | |
|
|||||
1/5
|
File System | Creates an unusually large number of files | 1 | - | |
|
|||||
1/5
|
Process | Overwrites code | 1 | - | |
|
|||||
1/5
|
Network | Connects to HTTPS server | 8 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
0/5
|
Process | Enumerates running processes | 1 | - | |
|
|||||
Screenshots
Monitored Processes
Sample Information
Analysis Information
Creation Time | 2019-06-09 17:05 (UTC+2) |
Analysis Duration | 00:15:21 |
Number of Monitored Processes | 35 |
Execution Successful | |
Reputation Enabled | |
WHOIS Enabled | |
Local AV Enabled | |
YARA Enabled | |
Number of AV Matches | 0 |
Number of YARA Matches | 1 |
Termination Reason | Timeout |
Tags |