Managed XDR

07_ransomioc.exe (ProLock, Conti, Shade, Locky, Babuk, Apocalypse, Avaddon, Bart, Cerber, Clop, Crylocker, CryptXXX, Hakbit, QNAPcrypt, AlphaCrypt, Fantom, Fsociety, Herbst, Lockbit, LockerGoga, Locklock, Phobos, Razy, Ryuk, Toxcrypt, WannaCry, TeslaCrypt, Unlock92, Chimera, Thanos, Dharma, Domino, 7ev3n, Radamant Ransomware Kit, REKTlocker, Sage, CrypVault, VenusLocker, Wildfire, Medusa, Maze, Lorenz, Ransomexx, SunCrypt, BlackCat, BlackMatter, RagnarLocker, WhiteRabbit, Diavol, Avos, Hive, Sodinokibi, ALPHV) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
07_ransomioc.exe
Тип файла
PE32+ executable (console) x86-64, for MS Windows
Размер файла
2.4 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
7c1eea8e5b1d08724981d7162a09a5c71b841f09
SHA256
151659f1a61331a047c40000da1928b15cc8f685a04f140256ed11245d278ebb
MD5
e8e14aad60e070c7203a0bfb55f073d9

Вредоносное ПО

  • ProLock
  • Conti
  • Shade
  • Locky
  • Babuk
  • Apocalypse
  • Avaddon
  • Bart
  • Cerber
  • Clop
  • Crylocker
  • CryptXXX
  • Hakbit
  • QNAPcrypt
  • AlphaCrypt
  • Fantom
  • Fsociety
  • Herbst
  • Lockbit
  • LockerGoga
  • Locklock
  • Phobos
  • Razy
  • Ryuk
  • Toxcrypt
  • WannaCry
  • TeslaCrypt
  • Unlock92
  • Chimera
  • Thanos
  • Dharma
  • Domino
  • 7ev3n
  • Radamant Ransomware Kit
  • REKTlocker
  • Sage
  • CrypVault
  • VenusLocker
  • Wildfire
  • Medusa
  • Maze
  • Lorenz
  • Ransomexx
  • SunCrypt
  • BlackCat
  • BlackMatter
  • RagnarLocker
  • WhiteRabbit
  • Diavol
  • Avos
  • Hive
  • Sodinokibi
  • ALPHV

Сигнатуры

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 system_filename: Created a file named as a common system file
T1134 opens_process_token: Opens the access token associated with a process

Impact

T1486 ransomware_message: Ransomware indicators detected (possible ransom message creation)
T1486 ransomware_files: Ransomware indicators detected ProLock/Conti/GlobeImposter/BasilisqueLocker/CryptXXX/Shade/Maze/Medusa/Locky/Babuk (creates keys and the instruction on how to unlock the files)
T1486 ransomware_extensions: Ransomware(s) 7ev3n, Alcatraz, AlphaCrypt, AngryDuck, Apocalypse, Avaddon, Bart, CHIP, Cerber, Chimera, Clop, ComradeCircle, Conti, CryLocker, CrypVault, CryptXXX, CryptoMix, CryptoShield, Crysis, DXXD, Dharma, Domino, DummyLocker, Enigma, Exotic, FSociety, Fantom, Globe (aka Purga), Gremit, Hakbit, Herbst, Karma, KillerLocker, Kraken, LeChiffre, LegionLocker, LockLock, Lockbit, LockerGoga, Locky, Macop, Nuke, Odin, Phobos, Purge, QNAPCrypt, RadamantRansomwareKit, Razy, Rektlocker, Ryuk, Sage, Serpent, Shade, Teslacrypt, Thanos, ToxCrypt, Unlock92, VenusLocker, Vindows, Wannacry, WildFire indicators detected (specific extension is added to files)
T1486 ransomware_files_2: Ransomware(s) Apocalypse, BianLian, Conti, GlobeImposter, Karma, Locky, Lorenz, Maze, MedusaLocker, ProLock, RansomEXX, WaspLocker indicators detected (creates keys and the instruction on how to unlock the files)

Other

yara_rules: Static rules
ce_info: Diavol, BlackMatter, REvil note Configuration Data found
suncrypt: Detected SunCrypt ransomware
ransomware_blackcat: Detected BlackCat ransomware
blackmatter: Detected ransomware BlackMatter
ransomware_ragnarlocker: Detected RagnarLocker ransomware
ransomware_whiterabbit: Detected WhiteRabbit ransomware
ransomware_dharma: Detected Dharma ransomware
diavol: Detected Diavol ransomware
lorenz: Detected Lorenz ransomware
ransomware_avos: Detected Avos ransomware
hive: Detected Hive ransomware
revil: Ransomware REvil indicators detected
lockbit: Detected ransomware Lockbit
creates_exe: Creates executable files in the file system
creates_doc: Creates (office) documents in the file system
http_file_not_found: Attempts to download EXE or DLL file but receives HTML with an error
pe_overlay: PE file contains overlay

Похожие отчёты

Managed XDR