Overview

overview

10

Static

static

10

8f508d1c03...81.exe

windows7-x64

10

8f508d1c03...81.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f508d1c03ad27e88920720785a403d1568e37f079fe99e9a6c7ce1e42d38c81.exe

  • Size

    707KB

  • MD5

    42efa5271e7eaec6968a3cc474a7b122

  • SHA1

    a02e2094af0683a131f726db0891045da903d377

  • SHA256

    8f508d1c03ad27e88920720785a403d1568e37f079fe99e9a6c7ce1e42d38c81

  • SHA512

    44447a94e8812026c0a599b01b5727792ac88464f4a2a6e761b514bab66f3f7738f3a808bcbf58c4fab44d42ad29adb70a5d1047ece9e9f545dd94c5f11d7a99

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1+8Svnh:6uaTmkZJ+naie5OTamgEoKxLW18h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 8f508d1c03ad27e88920720785a403d1568e37f079fe99e9a6c7ce1e42d38c81.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections