Overview

overview

10

Static

static

10

052f5239ea...e0.exe

windows7-x64

10

052f5239ea...e0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    052f5239eac6514c371b65303514f49e57ff8dd38c8fb58a99f2a63ff69d94e0.exe

  • Size

    707KB

  • MD5

    f3371a178f0b6817f5e4fd2b4e37282e

  • SHA1

    2951acc77d1e1520c6294487e89166d656e09cfd

  • SHA256

    052f5239eac6514c371b65303514f49e57ff8dd38c8fb58a99f2a63ff69d94e0

  • SHA512

    ab0a5831edd1bc50c7800679c48cd7d5cf29e3297dba637a481c07a41e562f1c9111708988c68eb4b4594bfe0cac3a0ce5a1b651bfa4013e59ebd38c0f8f470f

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1z8Rvnh:6uaTmkZJ+naie5OTamgEoKxLWyFh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 052f5239eac6514c371b65303514f49e57ff8dd38c8fb58a99f2a63ff69d94e0.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections