General

  • Target

    2de5dc7e2abdbfbddb52aba7aecfa43d9444931a30f54b2008d64c424d9922d0.exe

  • Size

    707KB

  • MD5

    bb3001cd6976065df534ddfa5e41a3be

  • SHA1

    724b06d313b1b96992da019d3d1381c45e5474b5

  • SHA256

    2de5dc7e2abdbfbddb52aba7aecfa43d9444931a30f54b2008d64c424d9922d0

  • SHA512

    697d210818457ec8fea562562cad8934342c5c9f3c92ff16fcab26a311d2ff71afdf53279987da17287e96d7b436685815d5a7d7a49a1a446a28f19d4521d4ab

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza138vvnh:6uaTmkZJ+naie5OTamgEoKxLWenh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2de5dc7e2abdbfbddb52aba7aecfa43d9444931a30f54b2008d64c424d9922d0.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections