Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_9252c69260e96e290ef5ffe4fa7d8d7c_pwndlocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-12_9252c69260e96e290ef5ffe4fa7d8d7c_pwndlocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-12_9252c69260e96e290ef5ffe4fa7d8d7c_pwndlocker
-
Size
28KB
-
MD5
9252c69260e96e290ef5ffe4fa7d8d7c
-
SHA1
c417eeee13cf38c1ca1ac54143d36ccce02a7855
-
SHA256
02f6cd2df20e869d04f05f910486086ed733963252a4f177a1f7460a73ac66b0
-
SHA512
7e8937869743ae4ca63d415026d3654c4a8dac4d2dbbe0e2fe104086f8b31586beb3cc10fbb07b9257f1e35ad29327ef63b8d88336a9463876eecd13d0b767a1
-
SSDEEP
384:18cpyE7vAxRtAB+91gXspbY/ecJpJgLa0MpZ3I:mcpTAfUo1ispc/ecgLa1P
Malware Config
Signatures
-
Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
resource yara_rule sample INDICATOR_SUSPICOUS_EXE_References_VEEAM -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-02-12_9252c69260e96e290ef5ffe4fa7d8d7c_pwndlocker
Files
-
2024-02-12_9252c69260e96e290ef5ffe4fa7d8d7c_pwndlocker.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.flat Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.api Size: 512B - Virtual size: 188B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE