Extracted

Extracted

• • Target

    6166c0fe1eb887fa4d0719c4cb4fb5d55dd249fab11ba6fb9a3114a5964b1d49

  • Size

    510KB

  • MD5

    13ccbab51e6ab57c89ad99f3f676c7f3

  • SHA1

    673fc190f8fb4f7c921de900cedb2f213982c416

  • SHA256

    6166c0fe1eb887fa4d0719c4cb4fb5d55dd249fab11ba6fb9a3114a5964b1d49

  • SHA512

    7c2226b18cdd7a3e6cea078960292c4a8b1c19d39fe692f97ca8b21c90ee25a126c2a8ca65c49e222ce3d691b0e73645a21102fb12a65db1da7a4c6bd1dfba46

  • SSDEEP

    12288:PVQfoJw+q6puobmO/OSST0qU2bwnq7hPVWc4d5pi:PHZh/dSsE0shP

  Score

  10^/10

  evasionransomwaretrojan

  • UAC bypass

    evasiontrojan

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (145) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Executes dropped EXE

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2