Overview

overview

10

Static

static

10

6f4d795f01...b0.exe

windows7-x64

10

6f4d795f01...b0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6f4d795f0137582ea3dca1206a196c147ff2df3f4bbac90907337d4ebb0420b0.exe

  • Size

    707KB

  • MD5

    7d2c92539a49af1f832a5e293246a17e

  • SHA1

    29d69f9d988197569d58661387daaa3e08d0544b

  • SHA256

    260f0d90e80db964b554219580fa3c249db36b22ec95e0924cb05d22119398f7

  • SHA512

    30ca76ae08e876c9c2b2bc61546039303246c42fadaa4e54110c2b162f11d0d6c8d5b677b645c0b26a7b0669af953aa3db5853e110fe6dfec132be5ffd5a32cd

  • SSDEEP

    6144:QcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1O8Gvnh:auaTmkZJ+naie5OTamgEoKxLWN4h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 6f4d795f0137582ea3dca1206a196c147ff2df3f4bbac90907337d4ebb0420b0.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections