General

  • Target

    0d5d491ac67492d617207b3e5e0368633658f5b3699e1682ad022c7894852c6f.exe

  • Size

    707KB

  • MD5

    dbd4f59e735979f850bdef7cd00cac2c

  • SHA1

    987c453aa7400bbc1d54a8c4110c9f4a9186aefd

  • SHA256

    0d5d491ac67492d617207b3e5e0368633658f5b3699e1682ad022c7894852c6f

  • SHA512

    4b92735aa7b9a74d11e8b477aa90b05e4e05d7f82d229b1a428ab4aa81f5e3ccd2deddc916c7f0b37afeed9556edd2d4bae91a16ee2bef92a5b51bd2c85a8800

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1o8yvnh:6uaTmkZJ+naie5OTamgEoKxLWjch

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0d5d491ac67492d617207b3e5e0368633658f5b3699e1682ad022c7894852c6f.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections