Extracted

• • Target

    ByteVault.exe

  • Size

    9.9MB

  • MD5

    4ea77d2b5cb4323fbd1738295b7add93

  • SHA1

    d00b1e2054dca021f3a15a10a3b1753b37d92b85

  • SHA256

    9b989d47e010206b0e0d50957a6f5361247bec54837ad5ef631dd613ff9f3243

  • SHA512

    09fcf25f769274399aa21b584fdc1d5efe8f1bf9aa50910e3296102e0681567ea8c60cd474fd0b3c4b6f0704fcea787bc754fb57ce903df68a6c62b1e1d1c1a6

  • SSDEEP

    196608:RhqWfIk7AHkPkRJW9GNZA1HeT39IigaeE9TFa0Z8DOjCdylwo1nz8QW7tx:zQFG8S1+TtIiEY9Z8D8CclPdoPx

  Score

  10^/10

  evasionexecutionransomware

  • Renames multiple (143) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Modifies Windows Firewall

    evasion

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  behavioral1behavioral2