Overview

overview

10

Static

static

10

0000617ba1...f7.exe

windows7-x64

10

0000617ba1...f7.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0000617ba18f606b997506c2cc3a52b706d00f64bcc72c505750fead348db6f7.exe

  • Size

    707KB

  • MD5

    18df509f101bf30c5ed6f5278e54c0ea

  • SHA1

    b81e933094f697db804cb1d0db519aa55cd7aeb7

  • SHA256

    edc01ac113338b20659dcc7b5e361df93a080753c6ff3a2e85c46718656ecfe6

  • SHA512

    99de98706b7c9a4c5e83d283f3048f2dd5059c9f9ffd832ecde44f5c42d897dd385f05c7392245fd9d90f80179f87fd5eaf33d48b3e092f59e9f48b85ec40f9f

  • SSDEEP

    6144:QcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1P8Vvnh:auaTmkZJ+naie5OTamgEoKxLWORh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0000617ba18f606b997506c2cc3a52b706d00f64bcc72c505750fead348db6f7.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections