Overview

overview

10

Static

static

10

2a8aa75c74...07.exe

windows7-x64

10

2a8aa75c74...07.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2a8aa75c749fd6dd909aa180a2bab3acaee6e4da61e44d67bf54168ec32c2c07.exe

  • Size

    707KB

  • MD5

    1e2a0825ae0eeeba4f458d6dd7607f6c

  • SHA1

    eba64e067c5503d0cc4749e03031c48c3aaeebd2

  • SHA256

    2a8aa75c749fd6dd909aa180a2bab3acaee6e4da61e44d67bf54168ec32c2c07

  • SHA512

    9c28652a35088bc6785e3c0f30cc1fb6f8da475f4aefc499a403d7b13bdf8aa740ebb27948b41d29636df11b496c5d8ea9722718524a2ff6afed4dc164653cec

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1q8qvnh:6uaTmkZJ+naie5OTamgEoKxLWRkh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2a8aa75c749fd6dd909aa180a2bab3acaee6e4da61e44d67bf54168ec32c2c07.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections