General

  • Target

    128eb6f5fa2a51f327b99c48612b4890482ebc256c275012d6543ab04dd80836.exe

  • Size

    707KB

  • MD5

    065b8cfa9c12e66ac024c47690606bac

  • SHA1

    2900cb4008813c7ef04c60d0bdf4f0e0c3ffbd3a

  • SHA256

    128eb6f5fa2a51f327b99c48612b4890482ebc256c275012d6543ab04dd80836

  • SHA512

    ee83d2f198c30c8bd3933d6e22333df7397467304c49aecf599a70a5cdb69996435022b489c3ef1d76798ad34e185e4e2744fb885ad51dcec7a5e65d5cd1b326

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1E8gvnh:6uaTmkZJ+naie5OTamgEoKxLWn+h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 128eb6f5fa2a51f327b99c48612b4890482ebc256c275012d6543ab04dd80836.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections