General

  • Target

    d180d34b9ef292daba0f492920d5c6e99c8b8e3949eb17619dd86690d02a86c0.exe

  • Size

    707KB

  • MD5

    3dc6f93600c1ad95b48d366f22d0ffdd

  • SHA1

    345113fee0fa0ead4a87968301e5cfd0dd9a0808

  • SHA256

    d180d34b9ef292daba0f492920d5c6e99c8b8e3949eb17619dd86690d02a86c0

  • SHA512

    26d037087c9fdc39e8a0d46dc90bd018c85e2a83f6da18c0bd8c29c18eb60e4b35d20f84abb78d0cf7a7a895e3d93f0f9cd2d72dfe84e6e3c95a7424e249eaa3

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1t8Avnh:6uaTmkZJ+naie5OTamgEoKxLWoeh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d180d34b9ef292daba0f492920d5c6e99c8b8e3949eb17619dd86690d02a86c0.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections