Extracted

• • Target

    513c18df31e04137e97b90bdc36da10bf2cb1036f0911ab14ab46fc630149ca4

  • Size

    511KB

  • MD5

    772cf40cf86d569715fc1feb47072d1b

  • SHA1

    f51c62c00d157d449e3739f1a104237d9e764c8a

  • SHA256

    513c18df31e04137e97b90bdc36da10bf2cb1036f0911ab14ab46fc630149ca4

  • SHA512

    25a882ec342917e3d5fe200a7927c4afa2dbcb989108e66e0ed502efa9ce6d42c73f965eb60fa316d49f344f09a7cbe63a10f68c649544801f75cac0ef9e4422

  • SSDEEP

    3072:TPUE8IW6NmG0jQm78rmaZoDyyUmaP/E61VoMU9FLBD9PKigvPXNYzA9QKjhD:TPUE8It0GkXRBUma0oVmJDhKkuQqD

  Score

  10^/10

  discoverycontiransomware

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (75) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops desktop.ini file(s)

  behavioral1behavioral2