Overview

overview

10

Static

static

10

5f49f68694...89.exe

windows7-x64

10

5f49f68694...89.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5f49f6869407dd51f80785281327fb10dd8c714e60352b238b1e6b781787e589.exe

  • Size

    707KB

  • MD5

    ecd868221a3462165c7d8363211884e5

  • SHA1

    c492199917437ad6d61b5f8e0e3c6d4d27a89309

  • SHA256

    5f49f6869407dd51f80785281327fb10dd8c714e60352b238b1e6b781787e589

  • SHA512

    b069ba87aad493974379ec6ca68265c359e96a099b97cbace1d2cb5853e0bc12dfc3b7e1fbd9aecc7cb52c43ba9bdfdaacf6c3cdc25a7c2a4abcc73ca0c64899

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1k87vnh:6uaTmkZJ+naie5OTamgEoKxLWvrh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5f49f6869407dd51f80785281327fb10dd8c714e60352b238b1e6b781787e589.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections