Extracted

Extracted

• • Target

    5fef2acf0b0289500ddfcbcbe45c95973c37d30eecdb2f5f20894a5f5b43ef31.exe

  • Size

    27KB

  • MD5

    f6d05f1f65b85eb1228f6524bb3773e8

  • SHA1

    2c1a3b5de5d9e34e20fcf39671b4359abd38507c

  • SHA256

    5fef2acf0b0289500ddfcbcbe45c95973c37d30eecdb2f5f20894a5f5b43ef31

  • SHA512

    b8365ac6ef36e8bf133797533cae01b0c1a9646fa87949d28235553e51f7cec3c6ebf77c9eb0764fc43c5e47283e9c579b2b16308adb191cba83ef26cbfa84e5

  • SSDEEP

    384:+JC/8iqrKZgU6uMKJNakkTiHG8eZXVb0/ze29j1W4Tv:oCUiq4NyVb0/zt3

  Score

  10^/10

  evasionransomwaretrojanpersistence

  • UAC bypass

    evasiontrojan

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2