Extracted

• • Target

    f0fbd0654d4bf299c08f1f83e7b6c3a1f332b49c24b3cf0b9b87757b8c13f093.bin.sample

  • Size

    1.8MB

  • MD5

    10d7151b9ee53b8da8ee6f85001ffb20

  • SHA1

    76d33ef58ea7b012342d975d871db64840da9675

  • SHA256

    f0fbd0654d4bf299c08f1f83e7b6c3a1f332b49c24b3cf0b9b87757b8c13f093

  • SHA512

    1c6d2d7f509b462b5d48db61817ee42a7204d10141c59394eb190d0dba733b831a6344bb85197dfac358939379e640c9f38732d376e28f92e187806ca574d10f

  Score

  10^/10

  persistenceransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Grants admin privileges

    Uses net.exe to modify the user's privileges.

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Modifies service

    persistence
  behavioral1behavioral2