Overview

overview

10

Static

static

10

048ba2b1bd...49.exe

windows7-x64

10

048ba2b1bd...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    048ba2b1bdcaab51b2d59baf361186ae10b061447a3d4b056f72a09c4baf6449.exe

  • Size

    707KB

  • MD5

    f0371165d6ab178c3e627d10e2883834

  • SHA1

    44835455ad0f34b1365e66c1baa0686a8172cd9e

  • SHA256

    5fc7a843bd4442b83c53dc791a0373835ade101034cd7f3a92759e31d1ca4033

  • SHA512

    7c3d87af00864d1e2230a409119106629f48685d8fa664efe75ba49aaa26177752cb6fc34151826b1ce5422f7933156436621411b8176bb0e65aa6c8c5ddc470

  • SSDEEP

    6144:QcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1F80vnh:auaTmkZJ+naie5OTamgEoKxLWQKh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 048ba2b1bdcaab51b2d59baf361186ae10b061447a3d4b056f72a09c4baf6449.exe
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections