Overview

overview

10

Static

static

10

b0ee1d1477...84.exe

windows7-x64

10

b0ee1d1477...84.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b0ee1d147740c7bed300174eb4c32c66845d8332efc4c589b6db83df3a8db184.exe

  • Size

    707KB

  • MD5

    ff996a5e6d20f313e8253126294284d6

  • SHA1

    685aa65e2806e09fe6e3c127a9ea000cc5f206fd

  • SHA256

    b0ee1d147740c7bed300174eb4c32c66845d8332efc4c589b6db83df3a8db184

  • SHA512

    d4f1c6608930e96ec672ad5260de948c1c39e0ae86f75acbd3d98974154a82c7ee2461de9300eeb7e93362579d8c707d8e07edaa78d28f926f7b4eb6c352f7f1

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1G8Dvnh:6uaTmkZJ+naie5OTamgEoKxLWVjh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b0ee1d147740c7bed300174eb4c32c66845d8332efc4c589b6db83df3a8db184.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections