VMRay Analyzer Report for Sample #609232
VMRay Analyzer
1.11.0
Process
3212
249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe
2044
249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe
"C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe"
C:\Users\WI2yhmtI onvScY7Pe\Desktop
c:\users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Opened
Opened
Opened
Modified_Properties_Of
Opened
Opened
Process
3448
xumiasww.exe
3212
xumiasww.exe
"C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe"
C:\Users\WI2yhmtI onvScY7Pe\Desktop
c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe
Process
3512
yoummieo.exe
3212
yoummieo.exe
"C:\ProgramData\VmYMsIgM\YOUMMIEo.exe"
C:\Users\WI2yhmtI onvScY7Pe\Desktop
c:\programdata\vmymsigm\yoummieo.exe
Process
3640
cmd.exe
3212
cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware"
C:\Users\WI2yhmtI onvScY7Pe\Desktop
c:\windows\syswow64\cmd.exe
Process
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
None
Process
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
None
Process
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
None
File
users\wi2yhmti onvscy7pe\desktop\jflcfzpjeknoja
users\wi2yhmti onvscy7pe\desktop\jflcfzpjeknoja
c:\
c:\users\wi2yhmti onvscy7pe\desktop\jflcfzpjeknoja
File
users\wi2yhmti onvscy7pe\desktop\edyqopp
users\wi2yhmti onvscy7pe\desktop\edyqopp
c:\
c:\users\wi2yhmti onvscy7pe\desktop\edyqopp
File
users\wi2yhmti onvscy7pe\desktop\vije
users\wi2yhmti onvscy7pe\desktop\vije
c:\
c:\users\wi2yhmti onvscy7pe\desktop\vije
File
users\wi2yhmti onvscy7pe\desktop\skqngilsj
users\wi2yhmti onvscy7pe\desktop\skqngilsj
c:\
c:\users\wi2yhmti onvscy7pe\desktop\skqngilsj
File
users\wi2yhmti onvscy7pe\desktop\rorln
users\wi2yhmti onvscy7pe\desktop\rorln
c:\
c:\users\wi2yhmti onvscy7pe\desktop\rorln
File
users\wi2yhmti onvscy7pe\desktop\ikbh
users\wi2yhmti onvscy7pe\desktop\ikbh
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ikbh
File
users\wi2yhmti onvscy7pe\desktop\evywvrrs
users\wi2yhmti onvscy7pe\desktop\evywvrrs
c:\
c:\users\wi2yhmti onvscy7pe\desktop\evywvrrs
File
users\wi2yhmti onvscy7pe\desktop\rtobnpdljgwwngd
users\wi2yhmti onvscy7pe\desktop\rtobnpdljgwwngd
c:\
c:\users\wi2yhmti onvscy7pe\desktop\rtobnpdljgwwngd
File
users\wi2yhmti onvscy7pe\desktop\wqrqtgk
users\wi2yhmti onvscy7pe\desktop\wqrqtgk
c:\
c:\users\wi2yhmti onvscy7pe\desktop\wqrqtgk
File
users\wi2yhmti onvscy7pe\desktop\agdb
users\wi2yhmti onvscy7pe\desktop\agdb
c:\
c:\users\wi2yhmti onvscy7pe\desktop\agdb
File
users\wi2yhmti onvscy7pe\desktop\igvsjvpdqbzchuq
users\wi2yhmti onvscy7pe\desktop\igvsjvpdqbzchuq
c:\
c:\users\wi2yhmti onvscy7pe\desktop\igvsjvpdqbzchuq
File
users\wi2yhmti onvscy7pe\desktop\kgefqqjfdydaway
users\wi2yhmti onvscy7pe\desktop\kgefqqjfdydaway
c:\
c:\users\wi2yhmti onvscy7pe\desktop\kgefqqjfdydaway
File
users\wi2yhmti onvscy7pe\desktop\vvjmrgfdiuwazeb
users\wi2yhmti onvscy7pe\desktop\vvjmrgfdiuwazeb
c:\
c:\users\wi2yhmti onvscy7pe\desktop\vvjmrgfdiuwazeb
File
users\wi2yhmti onvscy7pe\desktop\lhmk
users\wi2yhmti onvscy7pe\desktop\lhmk
c:\
c:\users\wi2yhmti onvscy7pe\desktop\lhmk
File
users\wi2yhmti onvscy7pe\desktop\exfda
users\wi2yhmti onvscy7pe\desktop\exfda
c:\
c:\users\wi2yhmti onvscy7pe\desktop\exfda
File
users\wi2yhmti onvscy7pe\desktop\dxfpcywdygfese
users\wi2yhmti onvscy7pe\desktop\dxfpcywdygfese
c:\
c:\users\wi2yhmti onvscy7pe\desktop\dxfpcywdygfese
File
users\wi2yhmti onvscy7pe\desktop\bolwkhjyxgq
users\wi2yhmti onvscy7pe\desktop\bolwkhjyxgq
c:\
c:\users\wi2yhmti onvscy7pe\desktop\bolwkhjyxgq
File
users\wi2yhmti onvscy7pe\desktop\gfysb
users\wi2yhmti onvscy7pe\desktop\gfysb
c:\
c:\users\wi2yhmti onvscy7pe\desktop\gfysb
File
users\wi2yhmti onvscy7pe\ayooemee\xumiasww
users\wi2yhmti onvscy7pe\ayooemee\xumiasww
c:\
c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
File
users\wi2yhmti onvscy7pe\desktop\uhnm
users\wi2yhmti onvscy7pe\desktop\uhnm
c:\
c:\users\wi2yhmti onvscy7pe\desktop\uhnm
File
users\wi2yhmti onvscy7pe\desktop\rpevkxqtrvzngt
users\wi2yhmti onvscy7pe\desktop\rpevkxqtrvzngt
c:\
c:\users\wi2yhmti onvscy7pe\desktop\rpevkxqtrvzngt
File
users\wi2yhmti onvscy7pe\desktop\qmufpu
users\wi2yhmti onvscy7pe\desktop\qmufpu
c:\
c:\users\wi2yhmti onvscy7pe\desktop\qmufpu
File
users\wi2yhmti onvscy7pe\desktop\sukproak
users\wi2yhmti onvscy7pe\desktop\sukproak
c:\
c:\users\wi2yhmti onvscy7pe\desktop\sukproak
File
users\wi2yhmti onvscy7pe\desktop\gziysukvx
users\wi2yhmti onvscy7pe\desktop\gziysukvx
c:\
c:\users\wi2yhmti onvscy7pe\desktop\gziysukvx
File
users\wi2yhmti onvscy7pe\desktop\qraq
users\wi2yhmti onvscy7pe\desktop\qraq
c:\
c:\users\wi2yhmti onvscy7pe\desktop\qraq
File
users\wi2yhmti onvscy7pe\desktop\bqnm
users\wi2yhmti onvscy7pe\desktop\bqnm
c:\
c:\users\wi2yhmti onvscy7pe\desktop\bqnm
File
users\wi2yhmti onvscy7pe\desktop\gzwkvrzheieagd
users\wi2yhmti onvscy7pe\desktop\gzwkvrzheieagd
c:\
c:\users\wi2yhmti onvscy7pe\desktop\gzwkvrzheieagd
File
users\wi2yhmti onvscy7pe\desktop\vyqoon
users\wi2yhmti onvscy7pe\desktop\vyqoon
c:\
c:\users\wi2yhmti onvscy7pe\desktop\vyqoon
File
users\wi2yhmti onvscy7pe\desktop\okjjjhibzy
users\wi2yhmti onvscy7pe\desktop\okjjjhibzy
c:\
c:\users\wi2yhmti onvscy7pe\desktop\okjjjhibzy
File
programdata\vmymsigm\yoummieo
programdata\vmymsigm\yoummieo
c:\
c:\programdata\vmymsigm\yoummieo
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
File
users\wi2yhmti onvscy7pe\desktop\jadccbxzcopys
users\wi2yhmti onvscy7pe\desktop\jadccbxzcopys
c:\
c:\users\wi2yhmti onvscy7pe\desktop\jadccbxzcopys
File
users\wi2yhmti onvscy7pe\desktop\vabnhssjqi
users\wi2yhmti onvscy7pe\desktop\vabnhssjqi
c:\
c:\users\wi2yhmti onvscy7pe\desktop\vabnhssjqi
File
users\wi2yhmti onvscy7pe\desktop\sfxs
users\wi2yhmti onvscy7pe\desktop\sfxs
c:\
c:\users\wi2yhmti onvscy7pe\desktop\sfxs
File
users\wi2yhmti onvscy7pe\desktop\dvrkttxonuvxxo
users\wi2yhmti onvscy7pe\desktop\dvrkttxonuvxxo
c:\
c:\users\wi2yhmti onvscy7pe\desktop\dvrkttxonuvxxo
File
users\wi2yhmti onvscy7pe\desktop\zbchwzxtu
users\wi2yhmti onvscy7pe\desktop\zbchwzxtu
c:\
c:\users\wi2yhmti onvscy7pe\desktop\zbchwzxtu
File
users\wi2yhmti onvscy7pe\desktop\fgvyusstvvsmett
users\wi2yhmti onvscy7pe\desktop\fgvyusstvvsmett
c:\
c:\users\wi2yhmti onvscy7pe\desktop\fgvyusstvvsmett
File
users\wi2yhmti onvscy7pe\desktop\eygoj
users\wi2yhmti onvscy7pe\desktop\eygoj
c:\
c:\users\wi2yhmti onvscy7pe\desktop\eygoj
File
users\wi2yhmti onvscy7pe\desktop\fyqyrfypw
users\wi2yhmti onvscy7pe\desktop\fyqyrfypw
c:\
c:\users\wi2yhmti onvscy7pe\desktop\fyqyrfypw
File
users\wi2yhmti onvscy7pe\desktop\kdfsxqp
users\wi2yhmti onvscy7pe\desktop\kdfsxqp
c:\
c:\users\wi2yhmti onvscy7pe\desktop\kdfsxqp
File
users\wi2yhmti onvscy7pe\desktop\ifdaysdzm
users\wi2yhmti onvscy7pe\desktop\ifdaysdzm
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ifdaysdzm
File
users\wi2yhmti onvscy7pe\desktop\bwxt
users\wi2yhmti onvscy7pe\desktop\bwxt
c:\
c:\users\wi2yhmti onvscy7pe\desktop\bwxt
File
users\wi2yhmti onvscy7pe\desktop\mbpi
users\wi2yhmti onvscy7pe\desktop\mbpi
c:\
c:\users\wi2yhmti onvscy7pe\desktop\mbpi
File
users\wi2yhmti onvscy7pe\desktop\qfpfeev
users\wi2yhmti onvscy7pe\desktop\qfpfeev
c:\
c:\users\wi2yhmti onvscy7pe\desktop\qfpfeev
File
users\wi2yhmti onvscy7pe\desktop\sjnrb
users\wi2yhmti onvscy7pe\desktop\sjnrb
c:\
c:\users\wi2yhmti onvscy7pe\desktop\sjnrb
File
users\wi2yhmti onvscy7pe\desktop\zfcdvoztqqsqssn
users\wi2yhmti onvscy7pe\desktop\zfcdvoztqqsqssn
c:\
c:\users\wi2yhmti onvscy7pe\desktop\zfcdvoztqqsqssn
File
users\wi2yhmti onvscy7pe\desktop\adrlcrwowsouok
users\wi2yhmti onvscy7pe\desktop\adrlcrwowsouok
c:\
c:\users\wi2yhmti onvscy7pe\desktop\adrlcrwowsouok
File
users\wi2yhmti onvscy7pe\desktop\sjfffxwsv
users\wi2yhmti onvscy7pe\desktop\sjfffxwsv
c:\
c:\users\wi2yhmti onvscy7pe\desktop\sjfffxwsv
File
users\wi2yhmti onvscy7pe\desktop\eutwzrkvmoo
users\wi2yhmti onvscy7pe\desktop\eutwzrkvmoo
c:\
c:\users\wi2yhmti onvscy7pe\desktop\eutwzrkvmoo
File
users\wi2yhmti onvscy7pe\desktop\fazehwvdxqq
users\wi2yhmti onvscy7pe\desktop\fazehwvdxqq
c:\
c:\users\wi2yhmti onvscy7pe\desktop\fazehwvdxqq
File
users\wi2yhmti onvscy7pe\desktop\pllm
users\wi2yhmti onvscy7pe\desktop\pllm
c:\
c:\users\wi2yhmti onvscy7pe\desktop\pllm
File
users\wi2yhmti onvscy7pe\desktop\ajazmxx
users\wi2yhmti onvscy7pe\desktop\ajazmxx
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ajazmxx
File
users\wi2yhmti onvscy7pe\desktop\tynjyraljh
users\wi2yhmti onvscy7pe\desktop\tynjyraljh
c:\
c:\users\wi2yhmti onvscy7pe\desktop\tynjyraljh
File
users\wi2yhmti onvscy7pe\desktop\nocgllgflajyn
users\wi2yhmti onvscy7pe\desktop\nocgllgflajyn
c:\
c:\users\wi2yhmti onvscy7pe\desktop\nocgllgflajyn
File
users\wi2yhmti onvscy7pe\desktop\udlg
users\wi2yhmti onvscy7pe\desktop\udlg
c:\
c:\users\wi2yhmti onvscy7pe\desktop\udlg
File
users\wi2yhmti onvscy7pe\desktop\psejm
users\wi2yhmti onvscy7pe\desktop\psejm
c:\
c:\users\wi2yhmti onvscy7pe\desktop\psejm
File
users\wi2yhmti onvscy7pe\desktop\gsxqdtmlmrr
users\wi2yhmti onvscy7pe\desktop\gsxqdtmlmrr
c:\
c:\users\wi2yhmti onvscy7pe\desktop\gsxqdtmlmrr
File
users\wi2yhmti onvscy7pe\desktop\deaczjoevu
users\wi2yhmti onvscy7pe\desktop\deaczjoevu
c:\
c:\users\wi2yhmti onvscy7pe\desktop\deaczjoevu
File
users\wi2yhmti onvscy7pe\desktop\nsjgfcryrfzr
users\wi2yhmti onvscy7pe\desktop\nsjgfcryrfzr
c:\
c:\users\wi2yhmti onvscy7pe\desktop\nsjgfcryrfzr
File
users\wi2yhmti onvscy7pe\desktop\wsjaxpyhq
users\wi2yhmti onvscy7pe\desktop\wsjaxpyhq
c:\
c:\users\wi2yhmti onvscy7pe\desktop\wsjaxpyhq
File
users\wi2yhmti onvscy7pe\desktop\ijzo
users\wi2yhmti onvscy7pe\desktop\ijzo
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ijzo
File
users\wi2yhmti onvscy7pe\desktop\rzwdstazova
users\wi2yhmti onvscy7pe\desktop\rzwdstazova
c:\
c:\users\wi2yhmti onvscy7pe\desktop\rzwdstazova
File
users\wi2yhmti onvscy7pe\desktop\tcqrwftqbypivum
users\wi2yhmti onvscy7pe\desktop\tcqrwftqbypivum
c:\
c:\users\wi2yhmti onvscy7pe\desktop\tcqrwftqbypivum
File
users\wi2yhmti onvscy7pe\desktop\vcbnbq
users\wi2yhmti onvscy7pe\desktop\vcbnbq
c:\
c:\users\wi2yhmti onvscy7pe\desktop\vcbnbq
File
users\wi2yhmti onvscy7pe\desktop\rxnvrdscfofjr
users\wi2yhmti onvscy7pe\desktop\rxnvrdscfofjr
c:\
c:\users\wi2yhmti onvscy7pe\desktop\rxnvrdscfofjr
File
users\wi2yhmti onvscy7pe\desktop\yawlipagrm
users\wi2yhmti onvscy7pe\desktop\yawlipagrm
c:\
c:\users\wi2yhmti onvscy7pe\desktop\yawlipagrm
File
users\wi2yhmti onvscy7pe\desktop\ucsfzlbaezn
users\wi2yhmti onvscy7pe\desktop\ucsfzlbaezn
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ucsfzlbaezn
File
users\wi2yhmti onvscy7pe\desktop\zcgwzmuzzmzip
users\wi2yhmti onvscy7pe\desktop\zcgwzmuzzmzip
c:\
c:\users\wi2yhmti onvscy7pe\desktop\zcgwzmuzzmzip
File
users\wi2yhmti onvscy7pe\desktop\ciotal
users\wi2yhmti onvscy7pe\desktop\ciotal
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ciotal
File
users\wi2yhmti onvscy7pe\desktop\dodoqeqrbwahtjq
users\wi2yhmti onvscy7pe\desktop\dodoqeqrbwahtjq
c:\
c:\users\wi2yhmti onvscy7pe\desktop\dodoqeqrbwahtjq
File
users\wi2yhmti onvscy7pe\desktop\swudqd
users\wi2yhmti onvscy7pe\desktop\swudqd
c:\
c:\users\wi2yhmti onvscy7pe\desktop\swudqd
File
users\wi2yhmti onvscy7pe\desktop\jrtgquwkyvanvbi
users\wi2yhmti onvscy7pe\desktop\jrtgquwkyvanvbi
c:\
c:\users\wi2yhmti onvscy7pe\desktop\jrtgquwkyvanvbi
File
users\wi2yhmti onvscy7pe\desktop\hhqjokypw
users\wi2yhmti onvscy7pe\desktop\hhqjokypw
c:\
c:\users\wi2yhmti onvscy7pe\desktop\hhqjokypw
File
users\wi2yhmti onvscy7pe\desktop\bnvwlppbnnua
users\wi2yhmti onvscy7pe\desktop\bnvwlppbnnua
c:\
c:\users\wi2yhmti onvscy7pe\desktop\bnvwlppbnnua
File
users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe
users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe
c:\
c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe
exe
MD5
e8b81e4a627a9f9a772b6d42d9bb3a3c
SHA1
08cdff2e0e82651cde54a58eca4747aadc940a53
SHA256
0fbd214902a4b12b22dd57fc04449cf9642a220d2cc5c0cd274013131446c899
File
users\wi2yhmti onvscy7pe\desktop\cfkdoo
users\wi2yhmti onvscy7pe\desktop\cfkdoo
c:\
c:\users\wi2yhmti onvscy7pe\desktop\cfkdoo
File
users\wi2yhmti onvscy7pe\desktop\ivio
users\wi2yhmti onvscy7pe\desktop\ivio
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ivio
File
users\wi2yhmti onvscy7pe\desktop\okroak
users\wi2yhmti onvscy7pe\desktop\okroak
c:\
c:\users\wi2yhmti onvscy7pe\desktop\okroak
File
users\wi2yhmti onvscy7pe\desktop\woghlxmtdopva
users\wi2yhmti onvscy7pe\desktop\woghlxmtdopva
c:\
c:\users\wi2yhmti onvscy7pe\desktop\woghlxmtdopva
File
users\wi2yhmti onvscy7pe\desktop\okooeoueted
users\wi2yhmti onvscy7pe\desktop\okooeoueted
c:\
c:\users\wi2yhmti onvscy7pe\desktop\okooeoueted
File
users\wi2yhmti onvscy7pe\desktop\eqdzfvvf
users\wi2yhmti onvscy7pe\desktop\eqdzfvvf
c:\
c:\users\wi2yhmti onvscy7pe\desktop\eqdzfvvf
File
users\wi2yhmti onvscy7pe\desktop\dyfwoqbh
users\wi2yhmti onvscy7pe\desktop\dyfwoqbh
c:\
c:\users\wi2yhmti onvscy7pe\desktop\dyfwoqbh
File
users\wi2yhmti onvscy7pe\desktop\ipplbhxcuc
users\wi2yhmti onvscy7pe\desktop\ipplbhxcuc
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ipplbhxcuc
File
users\wi2yhmti onvscy7pe\desktop\pkkpenkyse
users\wi2yhmti onvscy7pe\desktop\pkkpenkyse
c:\
c:\users\wi2yhmti onvscy7pe\desktop\pkkpenkyse
File
users\wi2yhmti onvscy7pe\desktop\ucpgdjptbnw
users\wi2yhmti onvscy7pe\desktop\ucpgdjptbnw
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ucpgdjptbnw
File
users\wi2yhmti onvscy7pe\desktop\ckuhxlydmvbcgt
users\wi2yhmti onvscy7pe\desktop\ckuhxlydmvbcgt
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ckuhxlydmvbcgt
File
users\wi2yhmti onvscy7pe\desktop\lzzjxhcku
users\wi2yhmti onvscy7pe\desktop\lzzjxhcku
c:\
c:\users\wi2yhmti onvscy7pe\desktop\lzzjxhcku
File
users\wi2yhmti onvscy7pe\desktop\rocpuxh
users\wi2yhmti onvscy7pe\desktop\rocpuxh
c:\
c:\users\wi2yhmti onvscy7pe\desktop\rocpuxh
File
users\wi2yhmti onvscy7pe\desktop\pjrrdbkpxxp
users\wi2yhmti onvscy7pe\desktop\pjrrdbkpxxp
c:\
c:\users\wi2yhmti onvscy7pe\desktop\pjrrdbkpxxp
File
users\wi2yhmti onvscy7pe\desktop\ddahqzxmaggrzgk
users\wi2yhmti onvscy7pe\desktop\ddahqzxmaggrzgk
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ddahqzxmaggrzgk
File
users\wi2yhmti onvscy7pe\desktop\zgspcrdzmbdlll
users\wi2yhmti onvscy7pe\desktop\zgspcrdzmbdlll
c:\
c:\users\wi2yhmti onvscy7pe\desktop\zgspcrdzmbdlll
File
users\wi2yhmti onvscy7pe\desktop\tqfrvevei
users\wi2yhmti onvscy7pe\desktop\tqfrvevei
c:\
c:\users\wi2yhmti onvscy7pe\desktop\tqfrvevei
File
users\wi2yhmti onvscy7pe\desktop\fcjudzpy
users\wi2yhmti onvscy7pe\desktop\fcjudzpy
c:\
c:\users\wi2yhmti onvscy7pe\desktop\fcjudzpy
File
users\wi2yhmti onvscy7pe\desktop\efrhdichi
users\wi2yhmti onvscy7pe\desktop\efrhdichi
c:\
c:\users\wi2yhmti onvscy7pe\desktop\efrhdichi
File
users\wi2yhmti onvscy7pe\desktop\okpzlttkzghsb
users\wi2yhmti onvscy7pe\desktop\okpzlttkzghsb
c:\
c:\users\wi2yhmti onvscy7pe\desktop\okpzlttkzghsb
File
users\wi2yhmti onvscy7pe\desktop\qsltlfjc
users\wi2yhmti onvscy7pe\desktop\qsltlfjc
c:\
c:\users\wi2yhmti onvscy7pe\desktop\qsltlfjc
File
users\wi2yhmti onvscy7pe\desktop\dvdlznyxdqejop
users\wi2yhmti onvscy7pe\desktop\dvdlznyxdqejop
c:\
c:\users\wi2yhmti onvscy7pe\desktop\dvdlznyxdqejop
File
users\wi2yhmti onvscy7pe\desktop\wnnum
users\wi2yhmti onvscy7pe\desktop\wnnum
c:\
c:\users\wi2yhmti onvscy7pe\desktop\wnnum
File
users\wi2yhmti onvscy7pe\desktop\faqybxahlcc
users\wi2yhmti onvscy7pe\desktop\faqybxahlcc
c:\
c:\users\wi2yhmti onvscy7pe\desktop\faqybxahlcc
File
users\wi2yhmti onvscy7pe\desktop\gqazpanrzp
users\wi2yhmti onvscy7pe\desktop\gqazpanrzp
c:\
c:\users\wi2yhmti onvscy7pe\desktop\gqazpanrzp
File
users\wi2yhmti onvscy7pe\desktop\gnzdojblzdltdv
users\wi2yhmti onvscy7pe\desktop\gnzdojblzdltdv
c:\
c:\users\wi2yhmti onvscy7pe\desktop\gnzdojblzdltdv
File
users\wi2yhmti onvscy7pe\desktop\bdvmlsjpvlusc
users\wi2yhmti onvscy7pe\desktop\bdvmlsjpvlusc
c:\
c:\users\wi2yhmti onvscy7pe\desktop\bdvmlsjpvlusc
File
users\wi2yhmti onvscy7pe\desktop\shxkod
users\wi2yhmti onvscy7pe\desktop\shxkod
c:\
c:\users\wi2yhmti onvscy7pe\desktop\shxkod
File
users\wi2yhmti onvscy7pe\desktop\eqnahklzvzrkra
users\wi2yhmti onvscy7pe\desktop\eqnahklzvzrkra
c:\
c:\users\wi2yhmti onvscy7pe\desktop\eqnahklzvzrkra
File
programdata\vmymsigm\yoummieo.exe
programdata\vmymsigm\yoummieo.exe
c:\
c:\programdata\vmymsigm\yoummieo.exe
exe
MD5
25081af7955ff8b96260f64cc3c76bcb
SHA1
e02b4eab3fe752312aadd58de8a2e3558aebe12d
SHA256
c7c619989c3733e37fa0b40b0e606cd0f6b3711378cbffd4908c4364fbf1e18c
File
users\wi2yhmti onvscy7pe\desktop\rdotrvcpth
users\wi2yhmti onvscy7pe\desktop\rdotrvcpth
c:\
c:\users\wi2yhmti onvscy7pe\desktop\rdotrvcpth
File
users\wi2yhmti onvscy7pe\desktop\olxnxq
users\wi2yhmti onvscy7pe\desktop\olxnxq
c:\
c:\users\wi2yhmti onvscy7pe\desktop\olxnxq
File
users\wi2yhmti onvscy7pe\desktop\awwilildhk
users\wi2yhmti onvscy7pe\desktop\awwilildhk
c:\
c:\users\wi2yhmti onvscy7pe\desktop\awwilildhk
File
users\wi2yhmti onvscy7pe\desktop\dlpdjbpebpqqrvh
users\wi2yhmti onvscy7pe\desktop\dlpdjbpebpqqrvh
c:\
c:\users\wi2yhmti onvscy7pe\desktop\dlpdjbpebpqqrvh
File
users\wi2yhmti onvscy7pe\desktop\nyfha
users\wi2yhmti onvscy7pe\desktop\nyfha
c:\
c:\users\wi2yhmti onvscy7pe\desktop\nyfha
File
users\wi2yhmti onvscy7pe\desktop\ibkfdojf
users\wi2yhmti onvscy7pe\desktop\ibkfdojf
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ibkfdojf
File
users\wi2yhmti onvscy7pe\desktop\mocdpjij
users\wi2yhmti onvscy7pe\desktop\mocdpjij
c:\
c:\users\wi2yhmti onvscy7pe\desktop\mocdpjij
File
users\wi2yhmti onvscy7pe\desktop\fziqk
users\wi2yhmti onvscy7pe\desktop\fziqk
c:\
c:\users\wi2yhmti onvscy7pe\desktop\fziqk
File
users\wi2yhmti onvscy7pe\desktop\uqktfecidxwd
users\wi2yhmti onvscy7pe\desktop\uqktfecidxwd
c:\
c:\users\wi2yhmti onvscy7pe\desktop\uqktfecidxwd
File
users\wi2yhmti onvscy7pe\desktop\svgrat
users\wi2yhmti onvscy7pe\desktop\svgrat
c:\
c:\users\wi2yhmti onvscy7pe\desktop\svgrat
File
users\wi2yhmti onvscy7pe\desktop\jtylyxjwqnhb
users\wi2yhmti onvscy7pe\desktop\jtylyxjwqnhb
c:\
c:\users\wi2yhmti onvscy7pe\desktop\jtylyxjwqnhb
File
users\wi2yhmti onvscy7pe\desktop\sfqevzfusjwkcq
users\wi2yhmti onvscy7pe\desktop\sfqevzfusjwkcq
c:\
c:\users\wi2yhmti onvscy7pe\desktop\sfqevzfusjwkcq
File
users\wi2yhmti onvscy7pe\desktop\ckdfgwhy
users\wi2yhmti onvscy7pe\desktop\ckdfgwhy
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ckdfgwhy
File
users\wi2yhmti onvscy7pe\desktop\nctequiorzziw
users\wi2yhmti onvscy7pe\desktop\nctequiorzziw
c:\
c:\users\wi2yhmti onvscy7pe\desktop\nctequiorzziw
File
users\wi2yhmti onvscy7pe\desktop\aibxxn
users\wi2yhmti onvscy7pe\desktop\aibxxn
c:\
c:\users\wi2yhmti onvscy7pe\desktop\aibxxn
File
programdata\baieaacu\xuaecwog.exe
programdata\baieaacu\xuaecwog.exe
c:\
c:\programdata\baieaacu\xuaecwog.exe
exe
MD5
958a7f26c423db4ed7c1caafc0dda8e9
SHA1
0af04b61a579c82fe3a4b06a62fc4d3cd0e2c571
SHA256
b9796040e89f3877c538a338d75bab2beeec94a720571f3d5df08e019cff3380
File
users\wi2yhmti onvscy7pe\desktop\wmsxkoocwjp
users\wi2yhmti onvscy7pe\desktop\wmsxkoocwjp
c:\
c:\users\wi2yhmti onvscy7pe\desktop\wmsxkoocwjp
File
users\wi2yhmti onvscy7pe\desktop\gdrfmasuc
users\wi2yhmti onvscy7pe\desktop\gdrfmasuc
c:\
c:\users\wi2yhmti onvscy7pe\desktop\gdrfmasuc
File
users\wi2yhmti onvscy7pe\desktop\kdynuec
users\wi2yhmti onvscy7pe\desktop\kdynuec
c:\
c:\users\wi2yhmti onvscy7pe\desktop\kdynuec
File
users\wi2yhmti onvscy7pe\desktop\hzcmrmznnnvhv
users\wi2yhmti onvscy7pe\desktop\hzcmrmznnnvhv
c:\
c:\users\wi2yhmti onvscy7pe\desktop\hzcmrmznnnvhv
File
users\wi2yhmti onvscy7pe\desktop\kmzszjjabixrvi
users\wi2yhmti onvscy7pe\desktop\kmzszjjabixrvi
c:\
c:\users\wi2yhmti onvscy7pe\desktop\kmzszjjabixrvi
File
users\wi2yhmti onvscy7pe\desktop\mukdnyiwku
users\wi2yhmti onvscy7pe\desktop\mukdnyiwku
c:\
c:\users\wi2yhmti onvscy7pe\desktop\mukdnyiwku
File
users\wi2yhmti onvscy7pe\desktop\xggwdb
users\wi2yhmti onvscy7pe\desktop\xggwdb
c:\
c:\users\wi2yhmti onvscy7pe\desktop\xggwdb
File
users\wi2yhmti onvscy7pe\desktop\zzge
users\wi2yhmti onvscy7pe\desktop\zzge
c:\
c:\users\wi2yhmti onvscy7pe\desktop\zzge
File
users\wi2yhmti onvscy7pe\desktop\vkiqloxayyohc
users\wi2yhmti onvscy7pe\desktop\vkiqloxayyohc
c:\
c:\users\wi2yhmti onvscy7pe\desktop\vkiqloxayyohc
File
users\wi2yhmti onvscy7pe\desktop\dddpavcirmvvqqk
users\wi2yhmti onvscy7pe\desktop\dddpavcirmvvqqk
c:\
c:\users\wi2yhmti onvscy7pe\desktop\dddpavcirmvvqqk
File
users\wi2yhmti onvscy7pe\desktop\auiwcdd
users\wi2yhmti onvscy7pe\desktop\auiwcdd
c:\
c:\users\wi2yhmti onvscy7pe\desktop\auiwcdd
File
users\wi2yhmti onvscy7pe\desktop\sudgniklyefz
users\wi2yhmti onvscy7pe\desktop\sudgniklyefz
c:\
c:\users\wi2yhmti onvscy7pe\desktop\sudgniklyefz
File
users\wi2yhmti onvscy7pe\desktop\vvxuzzh
users\wi2yhmti onvscy7pe\desktop\vvxuzzh
c:\
c:\users\wi2yhmti onvscy7pe\desktop\vvxuzzh
File
users\wi2yhmti onvscy7pe\desktop\pkqljphz
users\wi2yhmti onvscy7pe\desktop\pkqljphz
c:\
c:\users\wi2yhmti onvscy7pe\desktop\pkqljphz
File
users\wi2yhmti onvscy7pe\desktop\quxgkeota
users\wi2yhmti onvscy7pe\desktop\quxgkeota
c:\
c:\users\wi2yhmti onvscy7pe\desktop\quxgkeota
File
users\wi2yhmti onvscy7pe\desktop\pagooqzsdxipqlp
users\wi2yhmti onvscy7pe\desktop\pagooqzsdxipqlp
c:\
c:\users\wi2yhmti onvscy7pe\desktop\pagooqzsdxipqlp
File
users\wi2yhmti onvscy7pe\desktop\cptlucmcnk
users\wi2yhmti onvscy7pe\desktop\cptlucmcnk
c:\
c:\users\wi2yhmti onvscy7pe\desktop\cptlucmcnk
File
users\wi2yhmti onvscy7pe\desktop\mpio
users\wi2yhmti onvscy7pe\desktop\mpio
c:\
c:\users\wi2yhmti onvscy7pe\desktop\mpio
File
users\wi2yhmti onvscy7pe\desktop\syndenps
users\wi2yhmti onvscy7pe\desktop\syndenps
c:\
c:\users\wi2yhmti onvscy7pe\desktop\syndenps
File
users\wi2yhmti onvscy7pe\desktop\iiroxzogklx
users\wi2yhmti onvscy7pe\desktop\iiroxzogklx
c:\
c:\users\wi2yhmti onvscy7pe\desktop\iiroxzogklx
File
users\wi2yhmti onvscy7pe\desktop\mdmogm
users\wi2yhmti onvscy7pe\desktop\mdmogm
c:\
c:\users\wi2yhmti onvscy7pe\desktop\mdmogm
File
users\wi2yhmti onvscy7pe\desktop\rllub
users\wi2yhmti onvscy7pe\desktop\rllub
c:\
c:\users\wi2yhmti onvscy7pe\desktop\rllub
File
users\wi2yhmti onvscy7pe\desktop\ugpf
users\wi2yhmti onvscy7pe\desktop\ugpf
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ugpf
File
users\wi2yhmti onvscy7pe\desktop\fzoyzhgob
users\wi2yhmti onvscy7pe\desktop\fzoyzhgob
c:\
c:\users\wi2yhmti onvscy7pe\desktop\fzoyzhgob
File
users\wi2yhmti onvscy7pe\desktop\ddjphthbrquss
users\wi2yhmti onvscy7pe\desktop\ddjphthbrquss
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ddjphthbrquss
File
users\wi2yhmti onvscy7pe\desktop\ubupjnawu
users\wi2yhmti onvscy7pe\desktop\ubupjnawu
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ubupjnawu
File
users\wi2yhmti onvscy7pe\desktop\jujdff
users\wi2yhmti onvscy7pe\desktop\jujdff
c:\
c:\users\wi2yhmti onvscy7pe\desktop\jujdff
File
users\wi2yhmti onvscy7pe\desktop\aavbijipezbv
users\wi2yhmti onvscy7pe\desktop\aavbijipezbv
c:\
c:\users\wi2yhmti onvscy7pe\desktop\aavbijipezbv
File
users\wi2yhmti onvscy7pe\desktop\qeqnpyjjjr
users\wi2yhmti onvscy7pe\desktop\qeqnpyjjjr
c:\
c:\users\wi2yhmti onvscy7pe\desktop\qeqnpyjjjr
File
users\wi2yhmti onvscy7pe\desktop\qspglilvvmd
users\wi2yhmti onvscy7pe\desktop\qspglilvvmd
c:\
c:\users\wi2yhmti onvscy7pe\desktop\qspglilvvmd
File
users\wi2yhmti onvscy7pe\desktop\vzsussoabf
users\wi2yhmti onvscy7pe\desktop\vzsussoabf
c:\
c:\users\wi2yhmti onvscy7pe\desktop\vzsussoabf
File
users\wi2yhmti onvscy7pe\desktop\uwog
users\wi2yhmti onvscy7pe\desktop\uwog
c:\
c:\users\wi2yhmti onvscy7pe\desktop\uwog
File
users\wi2yhmti onvscy7pe\desktop\spuonpilxjekiro
users\wi2yhmti onvscy7pe\desktop\spuonpilxjekiro
c:\
c:\users\wi2yhmti onvscy7pe\desktop\spuonpilxjekiro
File
users\wi2yhmti onvscy7pe\desktop\tzvwiy
users\wi2yhmti onvscy7pe\desktop\tzvwiy
c:\
c:\users\wi2yhmti onvscy7pe\desktop\tzvwiy
File
users\wi2yhmti onvscy7pe\desktop\ogrzajo
users\wi2yhmti onvscy7pe\desktop\ogrzajo
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ogrzajo
File
users\wi2yhmti onvscy7pe\desktop\puovwjl
users\wi2yhmti onvscy7pe\desktop\puovwjl
c:\
c:\users\wi2yhmti onvscy7pe\desktop\puovwjl
File
users\wi2yhm~1\appdata\local\temp\dwaaskwo.bat
users\wi2yhm~1\appdata\local\temp\dwaaskwo.bat
c:\
c:\users\wi2yhm~1\appdata\local\temp\dwaaskwo.bat
bat
MD5
f6f0aa95187fb1682cfbee02e3348d4f
SHA1
46c7c7331f30edf31b3308f077cb583ec37a68be
SHA256
b9c68ec4d2854ae3bc968140b7c9ceefb21f5dd73365d16590741bce796ec459
File
users\wi2yhmti onvscy7pe\desktop\ftpjwfw
users\wi2yhmti onvscy7pe\desktop\ftpjwfw
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ftpjwfw
File
users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware
users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware
c:\
c:\users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware
malware
MD5
672a1f1de82c3076688c129d2c89d0e2
SHA1
02e8f06ad6888c9fb28059f5eac065b7bbfdd365
SHA256
1d8a8607dd5b6aa413649cd3dc7187497e6a7fcb616e56c980fcfb682ee8c363
File
users\wi2yhmti onvscy7pe\desktop\twdznhht
users\wi2yhmti onvscy7pe\desktop\twdznhht
c:\
c:\users\wi2yhmti onvscy7pe\desktop\twdznhht
File
users\wi2yhmti onvscy7pe\desktop\dlksr
users\wi2yhmti onvscy7pe\desktop\dlksr
c:\
c:\users\wi2yhmti onvscy7pe\desktop\dlksr
File
users\wi2yhmti onvscy7pe\desktop\ozbllmpyu
users\wi2yhmti onvscy7pe\desktop\ozbllmpyu
c:\
c:\users\wi2yhmti onvscy7pe\desktop\ozbllmpyu
File
users\wi2yhmti onvscy7pe\ayooemee
users\wi2yhmti onvscy7pe\ayooemee
c:\
c:\users\wi2yhmti onvscy7pe\ayooemee
File
programdata\vmymsigm
programdata\vmymsigm
c:\
c:\programdata\vmymsigm
File
programdata\baieaacu
programdata\baieaacu
c:\
c:\programdata\baieaacu
Mutex
AsEwIwsA
Mutex
TYAckMgs
WinRegistryKey
software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER
XuMIAsww.exe
C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe
REG_SZ
WinRegistryKey
software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE
YOUMMIEo.exe
C:\ProgramData\VmYMsIgM\YOUMMIEo.exe
REG_SZ
WinRegistryKey
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE
Userinit
C:\Windows\system32\userinit.exe,C:\ProgramData\VmYMsIgM\YOUMMIEo.exe,
REG_SZ
Userinit
WinRegistryKey
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE
Userinit
C:\ProgramData\VmYMsIgM\YOUMMIEo.exe,
REG_SZ
Userinit
Process
3212
249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe
2044
249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe
"C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe"
C:\Users\WI2yhmtI onvScY7Pe\Desktop
c:\users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe
WinService
cEMAEwpb
cEMAEwpb
C:\ProgramData\BAIEAAcU\xUAEcwog.exe
SERVICE_AUTO_START
SERVICE_WIN32_OWN_PROCESS
WinRegistryKey
Software\Policies\Microsoft\Windows\System
HKEY_CURRENT_USER
Process
3640
cmd.exe
3212
cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware"
C:\Users\WI2yhmtI onvScY7Pe\Desktop
c:\windows\syswow64\cmd.exe
Opened
File
STD_OUTPUT_HANDLE
Process
3680
reg.exe
3212
reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\WI2yhmtI onvScY7Pe\Desktop
c:\windows\syswow64\reg.exe
Opened
Opened
Created
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER
Hidden
Hidden
2
REG_DWORD_LITTLE_ENDIAN
File
STD_OUTPUT_HANDLE
Process
3688
reg.exe
3212
reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\WI2yhmtI onvScY7Pe\Desktop
c:\windows\syswow64\reg.exe
Opened
Opened
Created
WinRegistryKey
Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER
WinRegistryKey
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE
EnableLUA
EnableLUA
0
REG_DWORD_LITTLE_ENDIAN
Analyzed Sample #609232
Malware Artifacts
609232
Sample-ID: #609232
Job-ID: #661725
Example C
This sample was analyzed by VMRay Analyzer 1.11.0 on a Windows 10 system
75
VTI Score based on VTI Database Version 2.2
Metadata of Sample File #609232
Submission-ID: #609232
C:\Users\WI2yhmtI onvScY7Pe\Desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe
exe
MD5
a66df34f40f1345861846918f4f8f56d
SHA1
249bebc650b7160cfeee41d08bc61dc220ecb740
SHA256
91de42dda9985493ed08b1e6b7f5c3931135189a5455a3afb9bac8cc8d7c0870
Opened_By
VMRay Analyzer
Process
VTI rule match with VTI rule score 1/5
vmray_allocate_wx_page
Allocate a page with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code.
Allocate a page with write and execute permissions
Process
VTI rule match with VTI rule score 1/5
vmray_install_ipc_endpoint
Create mutex with name "AsEwIwsA".
Create system object
Process
VTI rule match with VTI rule score 1/5
vmray_install_ipc_endpoint
Create mutex with name "TYAckMgs".
Create system object
Process
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe" starts with hidden window.
Create process with hidden window
Persistence
VTI rule match with VTI rule score 1/5
vmray_install_startup_script_by_registry
Add "C:\Users\WI2yhmtI onvScY7Pe\ayooEMEE\XuMIAsww.exe" to windows startup via registry.
Install system startup script or application
Process
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe" starts with hidden window.
Create process with hidden window
Persistence
VTI rule match with VTI rule score 1/5
vmray_install_startup_script_by_registry
Add "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe" to windows startup via registry.
Install system startup script or application
Persistence
VTI rule match with VTI rule score 1/5
vmray_install_startup_script_by_registry
Add "C:\Windows\system32\userinit.exe,C:\ProgramData\VmYMsIgM\YOUMMIEo.exe," to windows startup via registry.
Install system startup script or application
Persistence
VTI rule match with VTI rule score 1/5
vmray_install_startup_script_by_registry
Add "C:\ProgramData\VmYMsIgM\YOUMMIEo.exe," to windows startup via registry.
Install system startup script or application
Persistence
VTI rule match with VTI rule score 1/5
vmray_install_service_by_api
Install service "cEMAEwpb" by CreateServiceW.
Install system service
Process
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "C:\Users\WI2YHM~1\AppData\Local\Temp\dWAAskwo.bat" starts with hidden window.
Create process with hidden window
Process
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1" starts with hidden window.
Create process with hidden window
Process
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2" starts with hidden window.
Create process with hidden window
Process
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f" starts with hidden window.
Create process with hidden window
OS
VTI rule match with VTI rule score 3/5
vmray_disable_display_of_hidden_files_and_folders_by_registry
Disable the display of hidden files and folders.
Modify system configuration
OS
VTI rule match with VTI rule score 3/5
vmray_disable_uac_notification_by_registry
Disable UAC notification.
Modfiy system security configuration
Anti Analysis
VTI rule match with VTI rule score 3/5
vmray_detect_vm_by_rdtsc
Possibly trying to detect VM via rdtsc.
Try to detect virtual machine
PE
VTI rule match with VTI rule score 1/5
vmray_drop_pe_file
Drop file "c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe".
Drop PE file
PE
VTI rule match with VTI rule score 1/5
vmray_drop_pe_file
Drop file "c:\programdata\vmymsigm\yoummieo.exe".
Drop PE file
PE
VTI rule match with VTI rule score 1/5
vmray_drop_pe_file
Drop file "c:\programdata\baieaacu\xuaecwog.exe".
Drop PE file
PE
VTI rule match with VTI rule score 1/5
vmray_execute_dropped_pe_file
Execute dropped file "c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe".
Execute dropped PE file
PE
VTI rule match with VTI rule score 1/5
vmray_execute_dropped_pe_file
Execute dropped file "c:\programdata\vmymsigm\yoummieo.exe".
Execute dropped PE file
PE
VTI rule match with VTI rule score 1/5
vmray_execute_dropped_pe_file
Execute dropped file "c:\programdata\baieaacu\xuaecwog.exe".
Execute dropped PE file