Extracted

• • Target

    cca671779d086f5fc243d171a0cacee927a1640d78ec31db80b5fc0a5b6d8404

  • Size

    42KB

  • MD5

    28ad643a7fa7b248f57a246983db89fa

  • SHA1

    69915f4d5f590e2485651941890d255f769486a3

  • SHA256

    cca671779d086f5fc243d171a0cacee927a1640d78ec31db80b5fc0a5b6d8404

  • SHA512

    fe915fc490bf0dc265d9d1d384e7da3a24168115993685f6df460da8151e21ee7d77383b0cdea907f727d93b23d3beb4d23d528c817121cac535c68b80844e84

  • SSDEEP

    768:LO1oR/2OVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDFYO/5wWic2P:L+aS1FKnDtkuImFYQpif

  Score

  10^/10

  ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (3488) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Drops file in System32 directory

  behavioral1behavioral2