Extracted

• • Target

    0c81c3f11ecfe18cbf1d84e179b73ece5e2564c88e423cdc31d674f3d5300e5d

  • Size

    510KB

  • MD5

    70d6d4600ad7a386af73f075f8bf1a0f

  • SHA1

    5039dd23d9bf702bb8f0cd41999bbb2cb5f2d062

  • SHA256

    0c81c3f11ecfe18cbf1d84e179b73ece5e2564c88e423cdc31d674f3d5300e5d

  • SHA512

    168aa83fcea20e2e859c56c39c9eeeb2d117230427d740d97fe9838f36604bd87ea8e0a16849c0787b0c750df09decb8b5b8497d685aa721ed22ba78a44b61eb

  • SSDEEP

    3072:SQkg5cAzJkv06HGaVpiehqpGDYwAM/cNfK89j8Qa34o7dVxt:SEcuVqTATicDNYVb

  Score

  10^/10

  conticredential_accessdiscoveryransomwarestealer

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Renames multiple (7974) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Drops startup file

  • Drops desktop.ini file(s)

  behavioral1behavioral2