Extracted

• • Target

    0a986e64e43226720c7478a67eb9a1ff88d60b6de22b4e4303f9b25a2ab881a1

  • Size

    395KB

  • MD5

    21daf51d8e7049bb0c31001df0df6de6

  • SHA1

    a6ee1e7c3ad2200c04d7809a84fee83ec6eca9de

  • SHA256

    0a986e64e43226720c7478a67eb9a1ff88d60b6de22b4e4303f9b25a2ab881a1

  • SHA512

    bd9a915c1ca02ce7d499871663dcfe623a64ca51283a7efccf14088a7b472e1551dba7a272a9290f293541bc614bea8fcf02faa56acae4529b70c73c16ad5b11

  • SSDEEP

    12288:seeSiw+xtMM0Lf00Ah02DICko3hCsOEsk4t/Ni:CSiht+LfM9DIro0sOEsk4t/N

  Score

  10^/10

  contiransomware

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (7927) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Drops desktop.ini file(s)

  behavioral1behavioral2