Extracted

Extracted

• • Target

    z7w3x.exe

  • Size

    621KB

  • MD5

    753585e5e099b192cf8d7593dd5ef4bf

  • SHA1

    68c5d6b38c9dd9e9e1e888386025352811147028

  • SHA256

    e26b2ffb2ee711fc7b04d62911580560794ee4fa9b7fcfade65ee6ff2eed0274

  • SHA512

    de96554eaa3971672f05228d26fc6cbe98c8a5b31d35b21c92256c4dfee24ec81a708d601e0be4b80a0a365f620e4b0582f6fcc950f29df2ed6233c8314494ce

  Score

  10^/10

  discoverypersistenceransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Modifies file permissions

    discovery

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2