Extracted

Extracted

• • Target

    7862d6e083c5792c40a6a570c1d3824ddab12cebc902ea965393fe057b717c0a.exe

  • Size

    586KB

  • MD5

    55b95e36469a3600abb995e58f61d4c9

  • SHA1

    de6717493246599d8702e7d1fd6914aab5bd015d

  • SHA256

    7862d6e083c5792c40a6a570c1d3824ddab12cebc902ea965393fe057b717c0a

  • SHA512

    9b2eceff54340057b3eae7391b7c5205c3b2d6d13299b4b918fb1d1a5f6f1006079fc4c58b9dd589738927cf0580f5050c4e61448dd82a8d089f2ea9ddcb5e0a

  Score

  10^/10

  ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Drops desktop.ini file(s)

  behavioral1behavioral2