Extracted

• • Target

    2023-12-24_c3eb80e8aa150aa10b82a5975c17a116_makop

  • Size

    42KB

  • MD5

    c3eb80e8aa150aa10b82a5975c17a116

  • SHA1

    3d8e7c04891606b47c27e8225c27f385de3100e5

  • SHA256

    92cc252d8eebc2d64aaf63f383eb549e46d115409ec2d537a3ff935b3f1ff40b

  • SHA512

    b676cfef912f24aa2e96ca2bc0b73e808702450f1d4439498f0ccd53248f4b6d88fa753d09e155da5d08bf3d77d794c36a16678774402f327263a3175c5e520d

  • SSDEEP

    768:5O1oR/fVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDX5aBd69O59GKbup7IU5F:5FS1FKnDtkuImX4jHGKbj8

  Score

  10^/10

  ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (3514) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2