General

  • Target

    80a6bdeaa550cf3a1988e53dffcf871e2c1e54e154f976a10534ac3b9c07b8f6.exe

  • Size

    707KB

  • MD5

    6903b13e0c13b8bc5532f5b8a7608e14

  • SHA1

    aafb6d1341739510a7ff7a0661298aa16f5bd5fb

  • SHA256

    80a6bdeaa550cf3a1988e53dffcf871e2c1e54e154f976a10534ac3b9c07b8f6

  • SHA512

    c4de27288e7784c5221b4740dc9dbcf1d2a4ec2f0af9e19f8d5de5e4a204ae456ad36b3a046c1cf4404aa67cf9116d152900e9938aa6620cf40505901d2e885f

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1D87vnh:6uaTmkZJ+naie5OTamgEoKxLWCrh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 80a6bdeaa550cf3a1988e53dffcf871e2c1e54e154f976a10534ac3b9c07b8f6.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections