General

  • Target

    d07bce18399d7e213048b20fca804c4d770590727d13005f3a0bb063a377a57e.exe

  • Size

    707KB

  • MD5

    e57e1b6bb07217fbc14a584461421c1a

  • SHA1

    23261391b6adbbac2f9e556b35e1e04a2552eaae

  • SHA256

    d07bce18399d7e213048b20fca804c4d770590727d13005f3a0bb063a377a57e

  • SHA512

    8b010f6aac69ee5237006b9ff5a71a15ebaa6472122fa965876460ff1a32f043fa5f7c43ca2a8af9f95a96c39e77f516e4f4a31ce7bb79a24ec387c61f8b0401

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1L8uvnh:6uaTmkZJ+naie5OTamgEoKxLW6wh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d07bce18399d7e213048b20fca804c4d770590727d13005f3a0bb063a377a57e.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections