Extracted

Extracted

• • Target

    700a1s0ssssd7da.exe

  • Size

    717KB

  • MD5

    3dcb42c5e7545c629c30d501feb908d5

  • SHA1

    9633e564b46262cc03cdd29dc1a7aec468c0757e

  • SHA256

    24ca9e85cfc0b4303facfe25f920917937ed7d5cca7938362417599d8444e159

  • SHA512

    62d7cc702fdbdd11931a652fdb59aaf65cea32eb2ce29029abdfa44eb3c47a4c8b13703b808a68d836b897f6371dcfa3afe3ec3c396f482397ebee99cd99baf2

  Score

  10^/10

  ransomwarepersistencespyware

  • Modifies Installed Components in the registry

    persistence

  • Registers COM server for autorun

    persistence

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Drops desktop.ini file(s)

  • Enumerates connected drives

  • Modifies service

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2