Overview

overview

10

Static

static

10

1cddff98bd...89.exe

windows7-x64

10

1cddff98bd...89.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1cddff98bdeef010c25cb889a613bc49b7e0caa3cc926dd3f77d2f3a52df4b89.exe

  • Size

    707KB

  • MD5

    1b7815ef11e4a76ec42f868452dddf5a

  • SHA1

    c3ce9a7993eca0a4afd84dccfebdbfd95c7b0793

  • SHA256

    1cddff98bdeef010c25cb889a613bc49b7e0caa3cc926dd3f77d2f3a52df4b89

  • SHA512

    124ff289b1257f7f221ad5c35727702eb040e0a94854006f2bcb027720c88fae0ad969ad0b15d60d2f3a7a542cc0d5500885d4557c9a6d77e0791bbbbf2c29d5

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1d8ivnh:6uaTmkZJ+naie5OTamgEoKxLWwsh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1cddff98bdeef010c25cb889a613bc49b7e0caa3cc926dd3f77d2f3a52df4b89.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections