General

  • Target

    830740a3b4a6f087659a2b6d9682d7336f8dbe3e757412695932a3e7b5b3fdad.exe

  • Size

    707KB

  • MD5

    859bf20cccc8b1d87772e7ef993b0981

  • SHA1

    8a752413e8bcefcb4f12a4da330de51d4365f737

  • SHA256

    830740a3b4a6f087659a2b6d9682d7336f8dbe3e757412695932a3e7b5b3fdad

  • SHA512

    ddb5b0335a8542e134f9b24ddb8f4286db48ed1c4d4ccb3956124bf19812b9fcc13c068d145b644ab07d5962a9cb6d95af6d8cd56bd35f8e825f9323e1d216ab

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1m89vnh:6uaTmkZJ+naie5OTamgEoKxLWVJh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 830740a3b4a6f087659a2b6d9682d7336f8dbe3e757412695932a3e7b5b3fdad.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections