Overview

overview

10

Static

static

10

6e0b8640bb...2b.exe

windows7-x64

10

6e0b8640bb...2b.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6e0b8640bb2a3646b416dc1778c3b650fa5cba4b17076e409bfea5389be3a22b.exe

  • Size

    707KB

  • MD5

    28143b3b6482264d232ab9f5b479883c

  • SHA1

    5df930252d08130ca7aabd6ae7752d8fce7c5258

  • SHA256

    6e0b8640bb2a3646b416dc1778c3b650fa5cba4b17076e409bfea5389be3a22b

  • SHA512

    24818b56add3119122491f3aadad34a0a422e403d31d5f80a0322acd3fbde56be843095ffdad379a76a9c0f4572cf5a29f5ddbab93960f63bcb761d5c389b0c8

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1u8Wvnh:6uaTmkZJ+naie5OTamgEoKxLWNoh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 6e0b8640bb2a3646b416dc1778c3b650fa5cba4b17076e409bfea5389be3a22b.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections