Overview

overview

10

Static

static

10

61e021b514...79.exe

windows7-x64

10

61e021b514...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61e021b51450abfdd053150bbbf091c032180a50d28d9e0f8d2f5228c468a279.exe

  • Size

    707KB

  • MD5

    d7de28a12a7b3142a80c40c8f2eab33d

  • SHA1

    5703ab0f60475a027f57b6bf14d41dde98c30278

  • SHA256

    61e021b51450abfdd053150bbbf091c032180a50d28d9e0f8d2f5228c468a279

  • SHA512

    e608d4b2fdd9c1c94502e6a56029bc74ee1d0fb16da8768a2667324403a2c984508527ae7c098fd6a1b2cda4343ba857b479f6df09b515506edda1cff9c18812

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1x8vvnh:6uaTmkZJ+naie5OTamgEoKxLWEnh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 61e021b51450abfdd053150bbbf091c032180a50d28d9e0f8d2f5228c468a279.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections