#Ransomware (2020-04-20)

显示全部楼层 · 发表于 2020-4-20 18:34:27

ESET （1/2）
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
2020/4/20 18:32:04;Real-time file system protection;file;C:\Users\Galaxy\Downloads\#Ransomware (2020-04-20)\Attachment.exe;a variant of MSIL/Filecoder.YX trojan;cleaned by deleting;DESKTOP-NV3EN59\Galaxy;Event occurred on a new file created by the application: C:\Windows\explorer.exe (421C8FE40D4A8B70547DCCD21D924B3C58C26F89).;DE55B62ECF8C5F38FAA0BFA286AD01189F956BC6;2020/4/20 18:32:03

显示全部楼层 · 发表于 2020-4-22 13:45:03

本帖最后由 sanhu35 于 2020-4-22 13:51 编辑

写入exe
操作进程：C:\Users\Administrator\Desktop\新建文件夹\#Ransomware (2020-04-20)\#Ransomware (2020-04-20)\Attachment.exe
命令行："C:\Users\Administrator\Desktop\新建文件夹\#Ransomware (2020-04-20)\#Ransomware (2020-04-20)\Attachment.exe"
防护项目：监控>>高危文件写入磁盘防漏
操作目标：【创建】 C:\Administrator\Rand123\local.exe
操作结果：已允许

篡改浏览器lnk
操作进程：C:\Users\Administrator\Desktop\新建文件夹\#Ransomware (2020-04-20)\#Ransomware (2020-04-20)\Attachment.exe
命令行："C:\Users\Administrator\Desktop\新建文件夹\#Ransomware (2020-04-20)\#Ransomware (2020-04-20)\Attachment.exe"
父进程：C:\Windows\Explorer.EXE
防护项目：桌面快捷方式
目标文件：C:\Users\Administrator\Desktop\msedge.lnk
操作结果：已阻止

自删除，创建脚本提示
操作进程：C:\Users\Administrator\Desktop\新建文件夹\#Ransomware (2020-04-20)\#Ransomware (2020-04-20)\Attachment.exe
命令行："C:\Users\Administrator\Desktop\新建文件夹\#Ransomware (2020-04-20)\#Ransomware (2020-04-20)\Attachment.exe"
防护项目：监控>>非常用文件类型写入
操作目标：【创建】 C:\Users\Administrator\Desktop\DecryptAllFiles.vbs
操作结果：已允许

衍生物

[病毒样本] #Ransomware (2020-04-20)

本帖子中包含更多资源

浏览过的版块