Overview

overview

10

Static

static

10

48a28177d3...03.exe

windows7-x64

10

48a28177d3...03.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    48a28177d3f12fc835f126f3e5ee425beb90c4b57c50eb1cf8e2160861ade903.exe

  • Size

    707KB

  • MD5

    eb3681b604f0f8ddc0778128e97ec06a

  • SHA1

    98153f71273ca7c414db95d53a0bc6f071ca7690

  • SHA256

    48a28177d3f12fc835f126f3e5ee425beb90c4b57c50eb1cf8e2160861ade903

  • SHA512

    5649cab8312a0ff0e2436bc3f3f776b3ba67b3bf78daa7c4eb6c4f232c47df0cc1c8e46b8cef54321186f22067ed16852fecae34fffd91e5ebe44a062e8ce9fb

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1M8mvnh:6uaTmkZJ+naie5OTamgEoKxLW3Yh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 48a28177d3f12fc835f126f3e5ee425beb90c4b57c50eb1cf8e2160861ade903.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections