Dynamic-based asking for administrator access may work or

Dynamic-based (behavioral)
analysis detection:
Dynamic-based analysis detection entails the live monitoring of processes, in
order to determine if any are behaving with any malicious intent. Any
maliciously behaving process will be flagged as dangerous and terminated. Basic
behavioral traits are:

o  
Payload
persistence – To ensure an attack is carried out to completion, it needs to
persist across reboots and be able to resume upon starting. Common techniques
used by ransomware includes placing a copy of its executable into the Windows
startup directory, adding a registry run key entry or setting up a scheduled
task, to name a few.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

o  
Anti-system
restore – To ensure that any malicious actions cannot be undone, malware may
try to disable system restore functionality. Ransomware for example, has been
known to delete Windows shadow copies, which prevents encrypted data from being
restored to an older unencrypted version.

o  
Stealth
techniques – Malware will try to execute in a stealthy manner to avoid being
noticed by the user or detected by virus scanners. Common techniques include: injection
into legitimate processes, executing from the %AppData% directory and using
executables named the same as common Windows executables, to name a few.

o  
Environment
mapping – When malware is executed, it may map its system environment before
initiating its setup procedure. This is typically done to determine if it’s
running on a real computer or on a sandbox environment that could be attempting
to analyse it.

o  
Network
traffic – Ransomware that requires an internet connection, does so for two
possible tasks: downloading of payload related files, and/or for the
communication of the encryption key.

o  
Privilege
elevation – Executing malicious system-related activities may require access
rights that are beyond those given to the victim’s user account. For example,
ransomware may want to overwrite the Master Boot Record, which can only be done
as an Administrator. Simply asking for administrator access may work or other
privilege escalation techniques may be used.