Overview

overview

10

Static

static

10

855a103ad1...df.exe

windows7-x64

10

855a103ad1...df.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    855a103ad1b08c281421fb11eb1384cda47c2fb89ac1f1d6258ccd0dc9772fdf.exe

  • Size

    707KB

  • MD5

    bc361d3f95e6a7fa1a08523483f03706

  • SHA1

    02b31d88cdcf2a543a8dcdc39d56eb6435c28ed5

  • SHA256

    855a103ad1b08c281421fb11eb1384cda47c2fb89ac1f1d6258ccd0dc9772fdf

  • SHA512

    f9baf080ef8dae374875011e27a7deca66e5f38e0130978bb59ac6955dc71e534448f756957ecddf04843d146eec6b0e1687b09249ba4f82106c72f915300f3a

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1m8fvnh:6uaTmkZJ+naie5OTamgEoKxLWt3h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 855a103ad1b08c281421fb11eb1384cda47c2fb89ac1f1d6258ccd0dc9772fdf.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections