Extracted

• • Target

    HEUR-Trojan.Win32.Generic-78f4dd4b0e0bff6009f56a8b97332f600cec39e3c1d0e1cac6c7ee47a4bb9201.exe

  • Size

    6.1MB

  • MD5

    04df8dd30da8b5853f48cc1ac9b695a8

  • SHA1

    4c02262c2fea0e99277a99dcbe28a9c370b87c39

  • SHA256

    78f4dd4b0e0bff6009f56a8b97332f600cec39e3c1d0e1cac6c7ee47a4bb9201

  • SHA512

    3ad10c1512e316ff9d02bd5b4573298ae2f6fc8f9d56c66e2c5c4d95fe046e5b14b09e63cea9bca778560ce4b568ebdf70d66a0225b2eaf7e6cd3ba914583b7e

  • SSDEEP

    3072:jnsbblTAByHNgb0nbYlwKsw962CpJid72gqV/6c4LNobbamucc3OD4iEDzyEaE0u:jnsq7hQplBdJ7bP4L8rVE

  Score

  10^/10

  discoveryevasionexploitpersistenceransomwarespywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Disables Task Manager via registry modification

    evasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Possible privilege escalation attempt

    exploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2