General

  • Target

    2ace7f6071df41d2970928f4043c2026cb0473d9a39734a681103eb3a6f19971.exe

  • Size

    707KB

  • MD5

    321c8ecb56e4a05af603440cc8c7544a

  • SHA1

    f82313039d4849044a5645efe5f73bc84c5c2d4d

  • SHA256

    2ace7f6071df41d2970928f4043c2026cb0473d9a39734a681103eb3a6f19971

  • SHA512

    11693f46164101bdbb02a8d7a2b578d98ce649e4712697cf471e93181228c0bd86216c412e927a9be9d42d4bc294e6a295930569880bdee18bd3b583fae8ce13

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1W8fvnh:6uaTmkZJ+naie5OTamgEoKxLWF3h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2ace7f6071df41d2970928f4043c2026cb0473d9a39734a681103eb3a6f19971.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections