General

  • Target

    b51fb9689bb8bce07f5f3fef18ba6203d9bdbf4181bf4534420d8a1e9528296d.exe

  • Size

    707KB

  • MD5

    4579bf6fe5c45779db768344d41a3a64

  • SHA1

    88cb44e1a826ad77ba4e75279d3ba591c2f704f9

  • SHA256

    b51fb9689bb8bce07f5f3fef18ba6203d9bdbf4181bf4534420d8a1e9528296d

  • SHA512

    d8f4eff13d97697fd488dd49bfd73b0ebfb8e55e5f74b0daf33e4c16563dd36152f1728cabdfade43adaeb821ec830bf82d4d693c41a2efe585ca4777c86a4fb

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1U8vvnh:6uaTmkZJ+naie5OTamgEoKxLWXnh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b51fb9689bb8bce07f5f3fef18ba6203d9bdbf4181bf4534420d8a1e9528296d.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections