Managed XDR
Group-IB MDP Report
File info
Filename: 07_ransomioc.exe
File Type: PE32+ executable (console) x86-64, for MS Windows
File Size: 270.3 KB
Env info
win7/x64 en
Hashes
SHA1: 1469d285619f7706a65c1270b91b5be9a22e9a7b
SHA256: eaf82cc58671a3c3fd307b7f24f8725c962257132137327aad10310b13c413e5
MD5: 8c74fc1894a5cc85880fbef52910e375
Malwares
Apocalypse
TeslaCrypt
Signatures
Privilege Escalation
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1134 opens_process_token: Opens the access token associated with a process
Impact
T1486 ransomware_extensions: Ransomware(s) AngryDuck, Apocalypse, Enigma, Teslacrypt indicators detected (specific extension is added to files)
Other
yara_rules: Static rules
pe_overlay: PE file contains overlay
next report: 2677cef1-09be-45a8-9c08-c6ea17273ae3
previous report: 89a60758-e0e4-4b0c-a718-364a40a4bae8
Managed XDR