Extracted

• • Target

    4f420670cf9767116e29cec9ea7188372f98f335b4356ee4e5eb19357659bd8e

  • Size

    52KB

  • MD5

    48b02fdd57c03614980adebff3667758

  • SHA1

    08bf32f9396c25e42e12c9c597464c250f27b40c

  • SHA256

    4f420670cf9767116e29cec9ea7188372f98f335b4356ee4e5eb19357659bd8e

  • SHA512

    1f666c53a6e116531897ddbf4352373002014ae47cf28a18bc7025d306143f43f948eb3c9df202259d36ad30a2947c652f06578f47e317ec6d7a08ca19c174bf

  • SSDEEP

    768:I0FmBkpKjJH40wpb0v8igE9lvh6P72uUtJ74s8aRjY0t/JwMjHrzqhLtIsDs5V:IODvlc8iTxa6uUtp75PjHvqdIT

  Score

  10^/10

  persistenceransomwarespywarestealer

  • Renames multiple (2141) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops file in Drivers directory

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1