Overview

overview

10

Static

static

10

203a8f2364...11.exe

windows7-x64

10

203a8f2364...11.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    203a8f2364b0a927e657307f12ba89d0175030fa9630f779cada380468d2a811.exe

  • Size

    707KB

  • MD5

    cbf0c6014146c987f248da808e1936d0

  • SHA1

    41fc312ca70e8e42ccdd710714bc6c7759939f22

  • SHA256

    59ed5c6fe3b2144b4a886d8b334c383e0d0904935a63472369080dde4e7412df

  • SHA512

    ca3814bbec15604bd80d82e7cfc994162ae211ee0ba2b768f589a903e03f4ed5709a75b26adec5d0e9b0874ccf3b3fa37b17872f15f8f0719d8fe2fcb73d307f

  • SSDEEP

    6144:QcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1B8Zvnh:auaTmkZJ+naie5OTamgEoKxLW8dh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 203a8f2364b0a927e657307f12ba89d0175030fa9630f779cada380468d2a811.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections