General

  • Target

    44680c4efae336637af2ddbd188fda598181fa7dbc698ed6c1a69b6eb9f66920.exe

  • Size

    707KB

  • MD5

    4efd3658fe47b730ba7b7b3d4dfa900e

  • SHA1

    9c990eb066283d93f8a28a3995c5de740c0c39c6

  • SHA256

    d4ff90d1c8bca3c8e166f6c694005863d09b925b83afdc8cd3d13c92408c85c0

  • SHA512

    8aa55602f71661b520af887eeecadde098d10b99170c1bcf6bd25a9fffa102bc94c157927969b3ea1e599cbecedf0ee068cf5b11156d3e4686de88b3e930a35c

  • SSDEEP

    6144:QcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1X8mvnh:auaTmkZJ+naie5OTamgEoKxLW2Yh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 44680c4efae336637af2ddbd188fda598181fa7dbc698ed6c1a69b6eb9f66920.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections