Overview

overview

10

Static

static

10

945d834b8a...42.exe

windows7-x64

10

945d834b8a...42.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    945d834b8a40931193fc276b874a59f176fbff9042294a993c1066600fe39442.exe

  • Size

    707KB

  • MD5

    15f2053919c79923eb3d1c685427dd5e

  • SHA1

    03b1409c88cd069d3a68b33af2f871d353fc3b4a

  • SHA256

    945d834b8a40931193fc276b874a59f176fbff9042294a993c1066600fe39442

  • SHA512

    b79543e6a9c5a73efad4afe4bc3b887c6a89b9d0fee11d24d79538fc6e6e7c70ccc482b5c8fe88b8aeb2d9c86f5c314916f9936d6b98722ed59d0b210f22f79f

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1p8Pvnh:6uaTmkZJ+naie5OTamgEoKxLWsHh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 945d834b8a40931193fc276b874a59f176fbff9042294a993c1066600fe39442.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections