Overview

overview

10

Static

static

10

00638c859b...62.exe

windows7-x64

10

00638c859b...62.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    00638c859b41d54008494dd9c758ec88ec5f519787525a08ab2acd33e9abed62

  • Size

    707KB

  • MD5

    37d21e991bfa5e25c7bacff1111aa9bf

  • SHA1

    ca4bd373186839b69b27b6eaea8e26264dda9521

  • SHA256

    00638c859b41d54008494dd9c758ec88ec5f519787525a08ab2acd33e9abed62

  • SHA512

    d02680b3ead1d10f44802a1a8b0d2edf88e53430ebe81e0c38bc62938d67bb72b33d74be0eadc20e203dc4cc0129ad4f4112bb5bf4b37fb86191e01fc30fb9b5

  • SSDEEP

    6144:lcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1y81vnh:5uaTmkZJ+naie5OTamgEoKxLWJxh

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 00638c859b41d54008494dd9c758ec88ec5f519787525a08ab2acd33e9abed62
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections