Extracted

Extracted

• • Target

    0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76

  • Size

    150KB

  • MD5

    5761ee98b1c2fea31b5408516a8929ea

  • SHA1

    4d043df23e55088bfc04c14dfb9ddb329a703cc1

  • SHA256

    0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76

  • SHA512

    9dbf296719bc130bc700db94fd43985c32cb9de3b1867ed7c8666b62e4b9d0826b6df03cb125644c9338118d9caf679bfa1eb55da39f46b94db023bdcd9ff338

  Score

  10^/10

  ransomwareevasionpersistencelockbit

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes system backup catalog

    Ransomware often tries to delete backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Program crash

  • Adds Run entry to start application

    persistence

  • Drops desktop.ini file(s)

  • Modifies service

    persistence

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2