Extracted

Extracted

• • Target

    2024-10-02_d4b924a9d396ce143aac15ccb4be8041_makop

  • Size

    48KB

  • MD5

    d4b924a9d396ce143aac15ccb4be8041

  • SHA1

    30d8deaca70759fcb0159042c98a2ef41831edf1

  • SHA256

    585829269d87b4b63c3cc4c6d855c0077190c2ae888e1e52aad013e2f1eb652a

  • SHA512

    47b5a3149d4b32657975cabfb521a735535b7f5abb20b6392b582ddab4716314073b70aecc1fe887c7cf7211b43aba4f2977b9393e2ef9034a5d23b2ca76d388

  • SSDEEP

    768:K8Z+47PKmQjYz3KgZYakDroDDl1lUkGgQ7WJxXv7zDOY3zqlrKKMzkU5f8i3:K8KmQjo3nkHoF1YWP733z5f5f/

  Score

  10^/10

  defense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (8319) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Stops running service(s)

    evasionexecution

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2