Jaff Ransomware | VMRay Analyzer Report
Try VMRay Analyzer
| Creation Time | 2017-05-17 19:58 (UTC+2) |
| VM Analysis Duration Time | 00:05:58 |
| Execution Successful |
|
| Sample Filename | nm.pdf |
| Command Line Parameters |
|
| Prescript |
|
| Number of Processes | 4 |
| Termination Reason | Timeout |
| Download | Archive Function Logfile Generic Logfile PCAP STIX/CybOX |
|
VTI Score
100 / 100
|
|
| VTI Database Version | 2.5 |
| VTI Rule Match Count | 4403 |
| VTI Rule Type | Documents |
| The tags feature is only available in the fully licensed version of VMRay Analyzer. |
| ID | PID | Monitor Reason | Integrity Level | Image Name | Command Line | Origin ID |
|---|---|---|---|---|---|---|
| #1 | 0x99c | Analysis Target | Medium | acrord32.exe | "C:\Program Files (x86)\Adobe\Reader 9.1.0\Reader\AcroRd32.exe" "" | |
| #2 | 0x9ec | Child Process | Medium | winword.exe | "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n "C:\Users\HJRD1K~1\AppData\Local\Temp\A9R3F80.tmp\EQV6A.docm" /o "u" | #1 |
| #4 | 0xa64 | Child Process | Medium | pitupi20.exe | "C:\Users\hJrD1KOKY DS8lUjv\AppData\Local\Temp\pitupi20.exe" | #2 |
| #5 | 0xa94 | Child Process | Medium | cmd.exe | cmd.exe /C del /Q /F "C:\Users\hJrD1KOKY DS8lUjv\AppData\Local\Temp\pitupi20.exe" | #4 |
| ID | #1851705 |
| MD5 Hash Value | 43b8feac383adfd43c65f0317ebc4f46 |
| SHA1 Hash Value | 096671e8e548e119561e702013a7a768b8e4e2e4 |
| SHA256 Hash Value | 42cfc10a1dbc81978abcfa3e9b8916267edc144207e77724efaf985ea85a1214 |
| Filename | nm.pdf |
| File Size | 62.75 KB (64254 bytes) |
| File Type | PDF Document |
| Analyzer Version | 2.1.0 |
| Analyzer Build Date | 2017-05-15 17:20 (UTC+2) |
| Adobe Acrobat Reader Version | 9.1.0.2009022700 |
| Internet Explorer Version | 8.0.7601.17514 |
| Firefox Version | 39.0 |
| Java Version | 8.0.1010.13 |
| VM Name | win7_64_sp1-mso2010 |
| VM Description | Windows 7 PDF (SP1, 64-bit) |
| VM Architecture | x86 64-bit |
| VM OS | Windows 7 |
| VM Kernel Version | 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa) |
