Extracted

Extracted

• • Target

    tested_protected.bin.exe

  • Size

    65KB

  • MD5

    991a487e6e1d4e1eb45684c65b2a82d3

  • SHA1

    b5e31fd6125709b27726d5d3d21d9beb46c6eba6

  • SHA256

    2848233d6e73000134fef71caf087f2aa326084dd791e2cd5aab2346b63de50b

  • SHA512

    c4e9a49cea01654e64b0e7b7711734d63f3fcb5a08866f9f859848306c0df8f6cfc66639851842ca9e0efbcf8ef43f400ba43d62452a3f22c65eaacc71948568

  • SSDEEP

    768:F/A2E4sTzIflnfmoh/sXb4vDM5xBqBv4OcSb9btv+s7cPNncd7wrmvpt2o1pV2vN:hAzc5rhUaDMxQhbtQ742zCoVB

  Score

  10^/10

  evasionransomwaretrojan

  • UAC bypass

    evasiontrojan

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2