Overview

overview

10

Static

static

10

5540b1d311...56.exe

windows7-x64

10

5540b1d311...56.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5540b1d311b5760728667a4f3e8f1d289383f11871edb7c3dbd3c062f562be56.exe

  • Size

    707KB

  • MD5

    1e25eae0df7286463bfda4d74724bde0

  • SHA1

    5221c49657635b5f8bf72cb86e575adda829b92f

  • SHA256

    5540b1d311b5760728667a4f3e8f1d289383f11871edb7c3dbd3c062f562be56

  • SHA512

    577c5e12c96152dc2e5b9607660c0d970b5c4282989d8f03c323233e297ceb7653416631b80e35872fd0be2a2a86b5d2b53e58bb82e0ab8a676b0a1d7155f389

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1R88vnh:6uaTmkZJ+naie5OTamgEoKxLW8ih

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5540b1d311b5760728667a4f3e8f1d289383f11871edb7c3dbd3c062f562be56.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections