Overview

overview

10

Static

static

10

b56c647861...af.exe

windows7-x64

10

b56c647861...af.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b56c64786138d5d5ee2a2af43daf6dc34a55bd1277084c1d8590ee8b542b8aaf.exe

  • Size

    707KB

  • MD5

    772748da43bb206d56bc436144d9efbd

  • SHA1

    f2ef889caaaea9125c8b3bb80dbe0d7619f00e46

  • SHA256

    b56c64786138d5d5ee2a2af43daf6dc34a55bd1277084c1d8590ee8b542b8aaf

  • SHA512

    1be18100c748d7b61594f756c7bb8055d8d85b71808d4403b3a21945cbb7259c6e1c1b3087ee2ec9e404ea5187dd710e72d5c5b2ea7c3df1eb08ac2e3bef050f

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1B8bvnh:6uaTmkZJ+naie5OTamgEoKxLW0Lh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b56c64786138d5d5ee2a2af43daf6dc34a55bd1277084c1d8590ee8b542b8aaf.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections