Overview

overview

10

Static

static

10

636b8b2f69...f2.exe

windows7-x64

10

636b8b2f69...f2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    636b8b2f69657953f7659d44b77ccf32ccb486b0892cbd6d57c46863688686f2.exe

  • Size

    707KB

  • MD5

    55c9cd94aa376c18af7ffc4840ec054e

  • SHA1

    a927bcb4c05253cd5a5bdc628c4ccad1f18010aa

  • SHA256

    636b8b2f69657953f7659d44b77ccf32ccb486b0892cbd6d57c46863688686f2

  • SHA512

    615155f990a05b716613a3dfd607e849de91fb47b59b1f1bfbb465aeb5f8f4aeba90c9d29b044133624d85f449ca9efbf4b2ea2a8dcc5ddb3ab3b38a22198d5e

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1B8Dvnh:6uaTmkZJ+naie5OTamgEoKxLWUjh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 636b8b2f69657953f7659d44b77ccf32ccb486b0892cbd6d57c46863688686f2.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections