General

  • Target

    80b48d61776752a06036fca4dedf61f31e73e6300d09fd6a5ac18093facdc374.exe

  • Size

    707KB

  • MD5

    f0b6830cca985da250d37e71216d644a

  • SHA1

    6d12d0c9aaf54ec9b4abdff2b8ef862bdd3984e1

  • SHA256

    40f3a704949edcb37cabcacb79b9f26de129062bba5a64521050fae33639a162

  • SHA512

    9da88e20af3240274abc76fb6c8565957ee8d9b747b2a50706f0c652489d943d66a6b8ce5fa865294be82615ea668e2ff52469e56996185d0b8ff0d1de567b08

  • SSDEEP

    6144:QcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1H8avnh:auaTmkZJ+naie5OTamgEoKxLWW0h

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 80b48d61776752a06036fca4dedf61f31e73e6300d09fd6a5ac18093facdc374.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections