Multi AV Scanner detection for submitted file
Yara detected Rhysida Ransomware
AI detected suspicious sample
Changes the wallpaper picture
Found API chain indicative of debugger detection
Self deletion via cmd or bat file
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Suspicious Ping/Del Command Combination
Suspicious powershell command line found
Uses cmd line tools excessively to alter registry or file data
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Uses schtasks.exe or at.exe to add and modify task schedules
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Adds / modifies Windows certificates
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a Chrome extension
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Potentially Suspicious Desktop Background Change Via Registry
Stores files to the Windows start menu directory
Too many similar processes found
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses reg.exe to modify the Windows registry
Yara detected Keylogger Generic