Extracted

• • Target

    cf941154cc06005a15ff3ca2f601e13b537794254d338f63eadd260855115902.exe

  • Size

    268KB

  • MD5

    cfea8286f13e566324aca989bbf1ecdd

  • SHA1

    0a295ca16213502d5a6629553cf2b168b2a4dfc7

  • SHA256

    cf941154cc06005a15ff3ca2f601e13b537794254d338f63eadd260855115902

  • SHA512

    674cf146d76a5ecfa18da92c987eea09c8f055d6a2474311c825e6a5877ca4f8eb72413dba393c8e314016665d85534842103bece430c417b1c004aa2aadcd70

  • SSDEEP

    3072:pLJGBP1t82ETTwPAobQ3tOqmb14Gul22QZkN7S44EXZNxRx6kFYDRzuU:VJEPCTwPp03YqyNulakL96fDRH

  Score

  10^/10

  contiransomware

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (1765) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Renames multiple (2809) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops desktop.ini file(s)

  behavioral1behavioral2