Extracted

• • Target

    d0f05cd6957e1e93d1ca4154762b4d4bcaeb16c0bf878b59a1500c4974ef4502

  • Size

    1.5MB

  • MD5

    8b891d9985adf40603aafd8ed3406c60

  • SHA1

    b280e8787cae4164f508c502f46eee2230204c1e

  • SHA256

    d0f05cd6957e1e93d1ca4154762b4d4bcaeb16c0bf878b59a1500c4974ef4502

  • SHA512

    3aa8dd45435f4d98f273c7ab1094f3e9e10c131716f59a2c9584383c94756d577424067b51e34dc1e6dc875dfc4f45d7b47f2b297e59d4bb0860f1018d33cb79

  • SSDEEP

    24576:KctgHZ7Vq6FWfL7imwgiYhiAHuK/B0SdQZH4l9tfrxSfFldFu8hod/QodlyGG:Kct4pq6QffYKhiAHueGefrxS7FadRdd

  Score

  10^/10

  persistenceransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (4149) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Adds Run key to start application

    persistence
  behavioral1behavioral2