VMRay Analyzer Report for Sample #278696
VMRay Analyzer
2.3.2
Process
1
808
tron.exe
1112
tron.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tron.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\desktop\tron.exe
Opened
WinRegistryKey
Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE
DbgJITDebugLaunchSetting
DbgManagedDebugger
Analyzed Sample #278696
Malware Artifacts
278696
Sample-ID: #278696
Job-ID: #448046
This sample was analyzed by VMRay Analyzer 2.3.2 on a Windows 7 system
94
VTI Score based on VTI Database Version 3.1
Metadata of Sample File #278696
Submission-ID: #415792
e98aa03c2cd88baf04e00079197c64b4bde922101a5407f306245cdff5b4269a.exe
exe
MD5
b943afae7e4811ca3e907bb7bf35262a
SHA1
dc87f2ecd18fe85af652b9491aa36ac60a65f898
SHA256
e98aa03c2cd88baf04e00079197c64b4bde922101a5407f306245cdff5b4269a
Opened_By
Metadata of Analysis for Job-ID #448046
Timeout
XDUWTFONO
win7_64_sp1
XDUWTFONO
True
x86 64-bit
True
Windows 7
6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)
240.015
5p5NrGJn0jS HALPmcxz
This is a property collection for additional information of VMRay analysis
VMRay Analyzer
File System
VTI rule match with VTI rule score 4/5
vmray_modify_user_files
Modifies the content of multiple user files. This is an indicator for an encryption attempt.
Modifies content of user files
File System
VTI rule match with VTI rule score 4/5
vmray_delete_user_files
Deletes multiple user files. This is an indicator for ransomware or wiper malware.
Deletes user files
Persistence
VTI rule match with VTI rule score 3/5
vmray_drop_file_to_xlstart
Adds "c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\excel\xlstart\hack.txt" to a default Excel XLStart folder
Adds file to open the next time Excel is launched
Persistence
VTI rule match with VTI rule score 3/5
vmray_drop_file_to_xlstart
Adds "c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\excel\xlstart\hack.png" to a default Excel XLStart folder
Adds file to open the next time Excel is launched
Persistence
VTI rule match with VTI rule score 3/5
vmray_drop_file_to_xlstart
Adds "c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\excel\xlstart\hack.vbs" to a default Excel XLStart folder
Adds file to open the next time Excel is launched
Persistence
VTI rule match with VTI rule score 3/5
vmray_drop_file_to_xlstart
Adds "c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\excel\xlstart\uniquekeyfor5p5nrgjn0js halpmcxz.horsuke.information" to a default Excel XLStart folder
Adds file to open the next time Excel is launched
OS
VTI rule match with VTI rule score 3/5
vmray_add_certificate_by_file
Adds a certificate to the local "my" certificate list by file.
Modifies certificate store
OS
VTI rule match with VTI rule score 3/5
vmray_add_certificate_by_file
Adds a certificate to the local "my" revocation list by file.
Modifies certificate store
OS
VTI rule match with VTI rule score 3/5
vmray_add_certificate_by_file
Adds a certificate to the local "my" certificate trust list by file.
Modifies certificate store
OS
VTI rule match with VTI rule score 3/5
vmray_add_certificate_by_file
Adds a certificate to the local "my" hack.png list by file.
Modifies certificate store
OS
VTI rule match with VTI rule score 3/5
vmray_add_certificate_by_file
Adds a certificate to the local "hack.png" by file.
Modifies certificate store
Persistence
VTI rule match with VTI rule score 3/5
vmray_drop_file_to_word_startup
Adds "c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\word\startup\hack.txt" to a default Word Startup folder
Adds file to open the next time Word is launched
Persistence
VTI rule match with VTI rule score 3/5
vmray_drop_file_to_word_startup
Adds "c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\word\startup\hack.png" to a default Word Startup folder
Adds file to open the next time Word is launched
Persistence
VTI rule match with VTI rule score 3/5
vmray_drop_file_to_word_startup
Adds "c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\word\startup\hack.vbs" to a default Word Startup folder
Adds file to open the next time Word is launched
Persistence
VTI rule match with VTI rule score 3/5
vmray_drop_file_to_word_startup
Adds "c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\word\startup\uniquekeyfor5p5nrgjn0js halpmcxz.horsuke.information" to a default Word Startup folder
Adds file to open the next time Word is launched
File System
VTI rule match with VTI rule score 1/5
vmray_create_many_files
Creates an unusually large number of files.
Creates an unusually large number of files
Static
VTI rule match with VTI rule score 1/5
vmray_static_analysis_parser_error
Static analyzer was unable to completely parse the analyzed file: C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tron.exe.
Unparsable sections in file
File System
VTI rule match with VTI rule score 2/5
vmray_handle_with_suspicious_files
File "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tron.exe" is a known suspicious file.
Known suspicious file