Extracted

• • Target

    FEVcmTbQIx9X2VMynNFOZ3czRBKjZat7ep8l9asewByCR7QOrnm1ktm7SRGCG3yh_enc.exe

  • Size

    7.6MB

  • MD5

    33f612338b6b5e6b4fe8cbb17208795c

  • SHA1

    66535700bbce7f90d2add7c504bc0e0523d4d71d

  • SHA256

    c860bf644bd5e3d6f4cae67848c4fc769184ae652fcb41cac670042b185d217a

  • SHA512

    7dfce042f5287858cf1d2942f6672084d01ad5677c7b47a1e9c2bcd4e0a2ea375ccd3a33676dc64dbe28edfe4fd19d25de5232c8fd23c0c7b24708c85b647fb2

  Score

  10^/10

  ransomwarespywarestealer

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2