General

  • Target

    0732a28ff29c8b0bc2a6a96f81c7d09878e5e74005f9efd0525dfc5b42991435.exe

  • Size

    707KB

  • MD5

    fe59bd9cb22d1fa7eecd7c58db545596

  • SHA1

    d0e0b9f25ceef983d4af79936f3f1f67ec772939

  • SHA256

    0732a28ff29c8b0bc2a6a96f81c7d09878e5e74005f9efd0525dfc5b42991435

  • SHA512

    aafa930aeaffd04bcf473069049617657fb6cd0ce4093db66efc805d50cea8bd42d1d1dceb6ab323d349e772208b80120b9449c0f500d87330b764e6d7ef18c8

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1g86vnh:6uaTmkZJ+naie5OTamgEoKxLWLUh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0732a28ff29c8b0bc2a6a96f81c7d09878e5e74005f9efd0525dfc5b42991435.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections