Overview

overview

10

Static

static

10

327da0d18b...66.exe

windows7-x64

10

327da0d18b...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    327da0d18b351046e3cdc0ed9ffe90ae22f18c8682be430ba1861b7f2e670566.exe

  • Size

    707KB

  • MD5

    41eff0e7dbe63cc03a19a1c6b8860341

  • SHA1

    8f99e7bdd6d6cb533f62fbc045a1a06948c50b35

  • SHA256

    327da0d18b351046e3cdc0ed9ffe90ae22f18c8682be430ba1861b7f2e670566

  • SHA512

    475323d7707c49fa3f256a7f28fe59e6ce5ba8877a5b1cb4643a9a820e23781d17d71644656153b31b2e34d39748343bbda833009ec62ffdd3e039f3d4c8eaac

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1R8qvnh:6uaTmkZJ+naie5OTamgEoKxLWskh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 327da0d18b351046e3cdc0ed9ffe90ae22f18c8682be430ba1861b7f2e670566.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections