General

  • Target

    79fd25b5032c800e354103d85d83d1ad5eebabbdc2cc871cd85ab4e17aa4fe8a.exe

  • Size

    707KB

  • MD5

    8455b0f924e7fe53fff88ba2615fa733

  • SHA1

    d4be6ab66b4cc5c6b701afa6c9b1118d8a6c9de5

  • SHA256

    79fd25b5032c800e354103d85d83d1ad5eebabbdc2cc871cd85ab4e17aa4fe8a

  • SHA512

    bcef544a4ca7f34ce6da959eb568b8e6b7abb25598ae1fa063cd5d4e17a52d87b5d0962f7c5f81d6948b4191d63dfa5588ba13a19a3d9350492f50876b7c1b2c

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1K8Cvnh:6uaTmkZJ+naie5OTamgEoKxLWRMh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 79fd25b5032c800e354103d85d83d1ad5eebabbdc2cc871cd85ab4e17aa4fe8a.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections