Extracted

• • Target

    5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7b.exe

  • Size

    218KB

  • MD5

    0c4a84b66832a08dccc42b478d9d5e1b

  • SHA1

    160320b920a5ef22ac17b48146152ffbef60461f

  • SHA256

    5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7b

  • SHA512

    56e4b07baca1c4c82e518088cc713b97eb2aa4e096d39bd7076396e075621bc47a20fd6a65fb897dc974d77c01f242a872532136d4bd3097a57c4664d8430872

  Score

  10^/10

  persistenceransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies Installed Components in the registry

    persistence

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1behavioral2