Overview

overview

10

Static

static

10

3eaa3fd798...05.exe

windows7-x64

10

3eaa3fd798...05.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3eaa3fd798b6f4c7ca185e69fc285af3b13260a191d9e8ce675c315f7eb7b505.exe

  • Size

    707KB

  • MD5

    8e6bc4835791aac7d3d9cab87e102190

  • SHA1

    b3d7bf90342ef83b2944d6940602326f8e253143

  • SHA256

    3eaa3fd798b6f4c7ca185e69fc285af3b13260a191d9e8ce675c315f7eb7b505

  • SHA512

    d34ad3503adeef99d11309b370fa9f3d47fd41811fb7c6b751b7d6840797bf7ee0a83f55996aaf429c75028944975f1e45d4069a02bf74db577b39adc8e8d4da

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1d8Gvnh:6uaTmkZJ+naie5OTamgEoKxLWY4h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3eaa3fd798b6f4c7ca185e69fc285af3b13260a191d9e8ce675c315f7eb7b505.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections