A couple of weeks ago, I made a demonstration analysis for a variant of Cerber ransomware and documented it.
The following is the table of contents for the document.
Symptoms of compromise
Ransom notes
Encrypted files
Temporary files
Runtime behavior
Creates mutex
Weakens system security
Self elevates to perform administrative tasks
Searches for files to encrypt
Encrypts the files
Displays the ransom note
Deletes itself
Window flashes up
Configuration
Final Notes