General

  • Target

    1d6637db2f0345abdf5aa7518b9e7a5285e61008332c8ed63b88db525c49e3e9.exe

  • Size

    707KB

  • MD5

    f714b8d9f4419a82a9b91f675ee8e4b9

  • SHA1

    aa295554905f3f8b95a8b5f3d917486ce97c4391

  • SHA256

    1d6637db2f0345abdf5aa7518b9e7a5285e61008332c8ed63b88db525c49e3e9

  • SHA512

    73fa2d293108bf501dbe02758f3b3133d867e9735121527f5952469a8c8a0b53c5d882974e2ffdacae2989f6b16c98f6c9eb3cede0c24a0ee094d3c9e74afaed

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1f8avnh:6uaTmkZJ+naie5OTamgEoKxLWe0h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1d6637db2f0345abdf5aa7518b9e7a5285e61008332c8ed63b88db525c49e3e9.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections