Extracted

• • Target

    723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224.exe

  • Size

    1.4MB

  • MD5

    6441d7260944bcedc5958c5c8a05d16d

  • SHA1

    46257982840493eca90e051ff1749e7040895584

  • SHA256

    723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224

  • SHA512

    af88fd3a0a2728c811be524feee575d8d2d9623b7944021c83173e40dbec6b1fbe7bea64dcdd8f1dbebc7d8df76b40e5c9647e2586316ea46ceb191ebcf14d89

  • SSDEEP

    24576:1p2gwjk6ikYhJ9lvGnYZvy48/V33ck7LnBAyldFu8hod/Qodly:1AgxkmvGnYWccjBAwFadRd

  Score

  10^/10

  persistenceransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (3088) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Adds Run key to start application

    persistence
  behavioral1behavioral2