Overview

overview

10

Static

static

10

311a841b40...6e.exe

windows7-x64

10

311a841b40...6e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    311a841b40b3aac2a30457c2385c6e72da81c3f2bd984ce0a8bb70f21ea7fe6e.exe

  • Size

    707KB

  • MD5

    34f38d6b9d51f062ae59e59e0204aada

  • SHA1

    0db3c390b22ecb799c115410345b6658692bec6e

  • SHA256

    2823c472b60af2184f538dd6ca26dac5e58075f1a1a284dfe6f731030c21cffa

  • SHA512

    e64c8f62b2b45d6e1bc8f321fdea271ad6928245fa26dd67164811f8984402b65f5bca964d9139a058f3f3bd132bacad5fa4988c4990d752b603d663c9a7258d

  • SSDEEP

    6144:QcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1K87vnh:auaTmkZJ+naie5OTamgEoKxLWprh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 311a841b40b3aac2a30457c2385c6e72da81c3f2bd984ce0a8bb70f21ea7fe6e.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections