Extracted

Extracted

• • Target

    98a0fe90ef04c3a7503f2b700415a50e62395853bd1bab9e75fbe75999c0769e

  • Size

    127KB

  • MD5

    c731cbf04c68430f31ff0ab1b0b1f054

  • SHA1

    f3c14e25584475f01f417e3ec45474aa8de4400d

  • SHA256

    98a0fe90ef04c3a7503f2b700415a50e62395853bd1bab9e75fbe75999c0769e

  • SHA512

    1f188fa26c4554f4c3fdb73ea7c105b76a354f6444f4977eee5fc0b31df9b880118e912bb86bdf93874c55b081713ae51b32115ab600bdeda0ec62e61f3b7b61

  Score

  10^/10

  evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2