Managed XDR

ransomware_stopcrypt_2020_1383.exe — malware analysis report

File info

Filename
ransomware_stopcrypt_2020_1383.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
270 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
848573bd10a99097ba72599587ab9d9599e94abb
SHA256
8844299898d36b5d24655bfade0cc5a4350e6a48205d2cd750762c759e9d183f
MD5
5a1592a87b2217bb378506ba88dc5c1b

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
process_crashed: One of the processes has failed
no_graphical_activity: No graphic activity
has_pdb: This executable file has a PDB path