Extracted

Extracted

• • Target

    Ransom.exe

  • Size

    127KB

  • MD5

    1f6297d8f742cb578bfa59735120326b

  • SHA1

    ff6eca213cad5c2a139fc0dc0dc6a8e6d3df7b17

  • SHA256

    3f843cbffeba010445dae2b171caaa99c6b56360de5407da71210d007fe26673

  • SHA512

    f9ade063be2ae5861248472aff857b2e0506d4705ff779972ade7482bb7797521338dd9a842f048d5ba1697719b22a3ba596370c37f4352a2527dbe1997edfd1

  Score

  10^/10

  evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2