Overview

overview

10

Static

static

10

5012baa117...b2.exe

windows7-x64

10

5012baa117...b2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5012baa117a437237a120d316ecb815d23372ff1ac3b0da3a47cb2d071430eb2.exe

  • Size

    707KB

  • MD5

    3d9ab0fb96c325f59a1c7f20a2bae52b

  • SHA1

    42190db958810fd0effb9451f0e8336cbf94aca1

  • SHA256

    5012baa117a437237a120d316ecb815d23372ff1ac3b0da3a47cb2d071430eb2

  • SHA512

    5789c2fa4a154e60416f3f27c8102c4c9c6a090713d13ad9d76b6db8d1da7c27a3eab3a49c4029f5e85b7b9190f16e6ba048650153a3a68921f6f7cf16870864

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1C8xvnh:6uaTmkZJ+naie5OTamgEoKxLW5lh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5012baa117a437237a120d316ecb815d23372ff1ac3b0da3a47cb2d071430eb2.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections