General

  • Target

    684c5d0c0b2ca5953dfdf7a1ebd6caf4d86412f9ef6d22fe269c44915404bcc0.exe

  • Size

    707KB

  • MD5

    6f48c518bc924625de19982fd61fe74f

  • SHA1

    3ebdd852576b5be9a2823726f873053dba2a1097

  • SHA256

    684c5d0c0b2ca5953dfdf7a1ebd6caf4d86412f9ef6d22fe269c44915404bcc0

  • SHA512

    8e03372087823c45805e5a457cf0b9ab5493d6547d5fb77c65c6739e90e6a05b76bf99296a0956f2c1a9ffae607bc4993a0b8dfdb4c6d7b3e5e5862a3e86f425

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1n8fvnh:6uaTmkZJ+naie5OTamgEoKxLWW3h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 684c5d0c0b2ca5953dfdf7a1ebd6caf4d86412f9ef6d22fe269c44915404bcc0.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections