Extracted

• • Target

    2.exe

  • Size

    42KB

  • MD5

    8dcb09ff9c7fcb60c9605175261789dc

  • SHA1

    19a1a90a0b754275cd326e4a507727808220a510

  • SHA256

    5a025e90322a0561cd844a97cbee426eea06ebc63f2073eb99fcda5c5c448aa3

  • SHA512

    99fdfc214849ac3face40a951be961c6b0437ad5bfbbf8bb42d9ad0c6978f7d8dd3e05bef22369b5aa3826b03fce3f7bfbb1aa16465d1950c5e007d2c44a00ef

  • SSDEEP

    768:kO1oR/dVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDjJQAZVDp8rNFvRQr0HbOJ:k7S1FKnDtkuImuAVDmrL2rsbOJ

  Score

  10^/10

  defense_evasiondiscoveryexecutionimpactransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (7564) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2