Overview

overview

10

Static

static

10

5af40293e4...a7.exe

windows7-x64

10

5af40293e4...a7.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5af40293e465fbf1905195d3097ffe98b615f9cb7a80abbce88370fb87ef8ba7.exe

  • Size

    707KB

  • MD5

    3cd376ef049b55f36215e3c1b43e9b0d

  • SHA1

    a2ec38856f1b68594b9f07e7cacee44fde370031

  • SHA256

    5af40293e465fbf1905195d3097ffe98b615f9cb7a80abbce88370fb87ef8ba7

  • SHA512

    f040a3c8a43c219c61f734335034beb88b29c026dd8625b45a1f7eeb2e3b2ad99b164fef70914b4f68d54f355f6ab1d7ea37db2c055cd39682e85f861b987fd3

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1Z8Yvnh:6uaTmkZJ+naie5OTamgEoKxLWEmh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5af40293e465fbf1905195d3097ffe98b615f9cb7a80abbce88370fb87ef8ba7.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections