General

  • Target

    0164288a1fd4af09fd34acdf38e25cb6c5069c323544d0d029d88745e1c51cdb.exe

  • Size

    707KB

  • MD5

    75c109cb0ce670e1c835ea10bb7d9309

  • SHA1

    8076ac218b5395972dc9429b5b2386bb11c78276

  • SHA256

    0164288a1fd4af09fd34acdf38e25cb6c5069c323544d0d029d88745e1c51cdb

  • SHA512

    5cb3085b0fab7eece0e7c94891893f47d2ebfc42cf25e1f859c6886fb13c80ad9ad215ae622aa84684ee9f438ff77e20e6b900fd73db751576b3512842f5366f

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1o8rvnh:6uaTmkZJ+naie5OTamgEoKxLWj7h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0164288a1fd4af09fd34acdf38e25cb6c5069c323544d0d029d88745e1c51cdb.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections