Extracted

• • Target

    1f782c00f48835beffd1cb068c1b43854b5f1542966dd5926589fece4a5058b3

  • Size

    5.4MB

  • MD5

    c82a4f52bf0cac24d01281f5b45cd350

  • SHA1

    2884f66d660f20fcdd8680365599aa1e41481cb3

  • SHA256

    1f782c00f48835beffd1cb068c1b43854b5f1542966dd5926589fece4a5058b3

  • SHA512

    e1ca8887cb3f5935ffd2c77e456014011b8c874f6e007e6e68579b7a6810875875c9a2b842ec0aef1a8c2d57ec1cef356eb911e2335e0de14b92cf3c5a6e3ad0

  Score

  10^/10

  contiransomwarevmprotect

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Drops desktop.ini file(s)

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2