Extracted

• • Target

    edf9912bf2c8c7d9048bc6322900231810de7cc34267acc12e1a256fbecdbbdf

  • Size

    893KB

  • MD5

    8856669b9a76eeb19e5673db6c4491ab

  • SHA1

    2d328721640ebb3ddeb971316141fd2b3a84ae84

  • SHA256

    edf9912bf2c8c7d9048bc6322900231810de7cc34267acc12e1a256fbecdbbdf

  • SHA512

    96af5e42d4aab9ffbe10f4db0e2811d7e00ceebed7ed52b8e679164a92011bfa8eb7c33864be3b3e92358ba3b30ba87bab25cde9ee9163b325a7b542eea621e3

  Score

  10^/10

  persistenceransomwareevasionspywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Creates new service(s)

    persistence

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Stops running service(s)

    evasion

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1behavioral2