Cerber Ransomware | VMRay Analyzer Report
Try VMRay Analyzer
Analysis Information
Creation Time 2017-04-25 12:19 (UTC+2)
VM Analysis Duration Time 00:02:34
Execution Successful True
Sample Filename 199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe
Command Line Parameters False
Prescript False
Number of Processes 13
Termination Reason Timeout
Download Archive Function Logfile Generic Logfile PCAP STIX/CybOX
VTI Information
VTI Score
91 / 100
VTI Database Version 2.5
VTI Rule Match Count 14
VTI Rule Type Default (PE, ...)
Tags
The tags feature is only available in the fully licensed version of VMRay Analyzer.
Screenshots
Monitored Processes
Process Graph


ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x9c4 Analysis Target High (Elevated) 199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe"
#2 0x9e0 Child Process High (Elevated) 199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" #1
#3 0xa00 Child Process High (Elevated) netsh.exe C:\Windows\system32\netsh.exe advfirewall set allprofiles state on #2
#4 0x35c RPC Server System (Elevated) svchost.exe C:\Windows\system32\svchost.exe -k netsvcs #3
#5 0xa2c Child Process High (Elevated) netsh.exe C:\Windows\system32\netsh.exe advfirewall reset #2
#6 0xa70 Child Process High (Elevated) netsh.exe C:\Windows\system32\netsh.exe advfirewall firewall add rule name="00EYALeZGh" dir=out action=block program="C:\Program Files (x86)\Windows Defender\boxed.exe" #2
#7 0xa9c Child Process High (Elevated) netsh.exe C:\Windows\system32\netsh.exe advfirewall firewall add rule name="BmhPp0CJ13" dir=out action=block program="C:\Program Files (x86)\Windows Defender\eyes-mali-mistress-winter.exe" #2
#8 0xac8 Child Process High (Elevated) netsh.exe C:\Windows\system32\netsh.exe advfirewall firewall add rule name="XyHyb1NtXB" dir=out action=block program="C:\Program Files (x86)\Windows Defender\pst-mine.exe" #2
#9 0xbd0 Child Process High (Elevated) mshta.exe "C:\Windows\SysWOW64\mshta.exe" "C:\Users\hJrD1KOKY DS8lUjv\Desktop\_READ_THIS_FILE_SOESZC_.hta" #2
#10 0xbdc Child Process High (Elevated) notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\hJrD1KOKY DS8lUjv\Desktop\_READ_THIS_FILE_6LJV87LC_.txt #2
#11 0x808 RPC Server High (Elevated) dllhost.exe C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} #2
#12 0x8ec RPC Server High (Elevated) dllhost.exe C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E} #2
#13 0x3ec RPC Server System (Elevated) svchost.exe C:\Windows\system32\svchost.exe -k LocalService #9
Sample Information
ID #1779496
MD5 Hash Value 037a8be0c33ab5f34c150de153402048
SHA1 Hash Value 494d86520bd7c1c4553fa4ad0e1c2f06232ec889
SHA256 Hash Value 199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6
Filename 199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe
File Size 262.37 KB (268666 bytes)
File Type Windows Exe (x86-32)
Analyzer and Virtual Machine Information
Analyzer Version 2.1.0
Analyzer Build Date 2017-04-25 12:09 (UTC+2)
Internet Explorer Version 8.0.7601.17514
Firefox Version 39.0
VM Name win7_64_sp1
VM Architecture x86 64-bit
VM OS Windows 7
VM Kernel Version 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy".



    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image