Extracted

• • Target

    2024-08-21_d2928a874344bd310125566d09f4ffcc_makop

  • Size

    42KB

  • MD5

    d2928a874344bd310125566d09f4ffcc

  • SHA1

    41070cb3d688c30ca7b95957e48eaa577e8a027d

  • SHA256

    f9dcdbe1929dd4606138f9c77b95c144acd4d711fd372f7bb075b8aa61a83b62

  • SHA512

    90a8f22346a1f08f91313f66f03cfd0da228b656f5a0dcd39db0497c300a5ad37e93a62ad78ed82aab0c2351c3e8af9f8923b9a10b06d527a0c6439c8a6b6629

  • SSDEEP

    768:cO1oR/dUVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDLNIUe61Akojk1q4:clgS1FKnDtkuImLqUe6h7

  Score

  10^/10

  defense_evasiondiscoveryexecutionimpactransomwarespywarestealercredential_access

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (2408) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2