Extracted

Extracted

• • Target

    file000_spoolcv.exe

  • Size

    400KB

  • MD5

    e6688d5a1565053e114263a98daca7de

  • SHA1

    eb9c95ee5c0835406e27478099020ac1eee2c479

  • SHA256

    f4dbc868579e467f9e05766f67497ae6d8f4b3be91165d40df4a18ec912e5e89

  • SHA512

    c152cf41b58017466823e3d329265fb0dcf82fde8751587799d678ae46ab3745190d1e3686ecb97106abbd0990786eea90afe70b6ee10951b209f1e00583b9db

  Score

  10^/10

  hakbitransomware

  • Contains code to disable Windows Defender

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Hakbit

    Ransomware which encrypts files using AES, first seen in November 2019.

    ransomwarehakbit

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Deletes itself

  • Drops startup file

  behavioral1behavioral2