Managed XDR

heur-trojan-ransom.win...d9959a338a8e531ad38335 (Ryuk) — malware analysis report

File info

Filename
heur-trojan-ransom.win32.agent.gen-88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
575.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
459d816bb020f5da8257076a36d0ffd1f1f02d76
SHA256
88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335
MD5
6cad2f7dc809b9353a31753a438aef4e

Malwares

  • Ryuk

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1222 icacls: May obtain or change Discretionary access control lists (DACLs)
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Impact

T1486 ransomware_files: Ransomware indicators detected Ryuk (creates keys and the instruction on how to unlock the files)
T1486 ransomware_files_2: Ransomware(s) Ryuk indicators detected (creates keys and the instruction on how to unlock the files)

Other

yara_rules: Static rules
ryuk: Detected Ryuk ransomware
process_crashed: One of the processes has failed
access_recyclebin: Manipulation with recyclebin detected
test_check_service: Starts services

Related reports