General

  • Target

    aa6aa557c941fb8874f28e36dc3a1bbaa50a13ade38e750caf9bb8a2660e63f6.exe

  • Size

    707KB

  • MD5

    8f2d4ef515a7700cd51ea35383ea5976

  • SHA1

    482809f13dcd03f3f02042c694f377df4533c720

  • SHA256

    aa6aa557c941fb8874f28e36dc3a1bbaa50a13ade38e750caf9bb8a2660e63f6

  • SHA512

    9bd2d25aa59d395a5245b288eb1382ae823e8dc27b91a2e8559b60d462f1d359e588cec159542868572e92f8a569d3f0d9dc187c704c386a7f06fc3e1ed7ec98

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1z8ivnh:6uaTmkZJ+naie5OTamgEoKxLWash

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • aa6aa557c941fb8874f28e36dc3a1bbaa50a13ade38e750caf9bb8a2660e63f6.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections