gmmqacgpk.exe
Created at 2019-07-22T00:24:00
VMRay Threat Indicators (23 rules, 60 matches)
Severity | Category | Operation | Count | Classification | |
---|---|---|---|---|---|
5/5
|
Local AV | Malicious content was detected by heuristic scan | 1 | - | |
|
|||||
5/5
|
Reputation | Known malicious file | 1 | Trojan | |
|
|||||
4/5
|
Information Stealing | Exhibits Spyware behavior | 1 | Spyware | |
|
|||||
4/5
|
Injection | Writes into the memory of another running process | 1 | - | |
|
|||||
4/5
|
Injection | Modifies control flow of another process | 2 | - | |
|
|||||
|
|||||
3/5
|
Device | Monitors keyboard input | 1 | Keylogger | |
|
|||||
3/5
|
Network | Reads network adapter information | 1 | - | |
|
|||||
2/5
|
Anti Analysis | Resolves APIs dynamically to possibly evade static detection | 1 | - | |
|
|||||
2/5
|
Information Stealing | Reads sensitive browser data | 7 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
2/5
|
Information Stealing | Reads sensitive application data | 7 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
2/5
|
Information Stealing | Reads sensitive mail data | 3 | - | |
|
|||||
|
|||||
|
|||||
2/5
|
Information Stealing | Reads sensitive ftp data | 4 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
1/5
|
Process | Creates process with hidden window | 1 | - | |
|
|||||
1/5
|
Process | Reads from memory of another process | 2 | - | |
|
|||||
|
|||||
1/5
|
Process | Creates a page with write and execute permissions | 1 | - | |
|
|||||
1/5
|
Process | Creates system object | 1 | - | |
|
|||||
1/5
|
Network | Performs DNS request | 2 | - | |
|
|||||
|
|||||
1/5
|
Persistence | Installs system startup script or application | 1 | - | |
|
|||||
1/5
|
Information Stealing | Possibly does reconnaissance | 18 | - | |
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
|
|||||
1/5
|
Network | Connects to remote host | 1 | - | |
|
|||||
1/5
|
Network | Connects to HTTP server | 1 | - | |
|
|||||
1/5
|
Static | Unparsable sections in file | 1 | - | |
|
|||||
0/5
|
Process | Enumerates running processes | 1 | - | |
|
|||||
Screenshots
Monitored Processes
Sample Information
Analysis Information
Creation Time | 2019-07-22 02:24 (UTC+2) |
Analysis Duration | 00:02:27 |
Number of Monitored Processes | 7 |
Execution Successful | |
Reputation Enabled | |
WHOIS Enabled | |
Local AV Enabled | |
YARA Enabled | |
Number of AV Matches | 1 |
Number of YARA Matches | 0 |
Termination Reason | Timeout |
Tags |