General

  • Target

    23f4204a42529b2695b6e329305cb87d8b20487490abcbb2036ff4b18c3427cb.exe

  • Size

    707KB

  • MD5

    4cef5e2811606f3da1d026cb4160b263

  • SHA1

    ed857bd3c7518781a80719c542eac2d941ea24a7

  • SHA256

    23f4204a42529b2695b6e329305cb87d8b20487490abcbb2036ff4b18c3427cb

  • SHA512

    fd07f4c7bd755e83ae071cbf805f9091feb86e76aa024a41101e3da08a4e1e125e2c395821e87ed36d40b2c88d92dc84a1130de4223de18319c89409cb129cac

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1B8Yvnh:6uaTmkZJ+naie5OTamgEoKxLW0mh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 23f4204a42529b2695b6e329305cb87d8b20487490abcbb2036ff4b18c3427cb.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections