2024-02-14_44144d055d8d36aa7d2c88f58a50a669_lockbit

General

Target

2024-02-14_44144d055d8d36aa7d2c88f58a50a669_lockbit
Size

959KB
MD5

44144d055d8d36aa7d2c88f58a50a669
SHA1

b33bc81c086fedb42da3ce11bc293b1f7b9948ef
SHA256

60f7d224e19f982c8e2cec9847851b51d02fc6ad82164466aabc8bd3c178f4b4
SHA512

c538269dfb7dfc03a0b959aba7143a7f2765def2fb17df228b6edbc979ba2a72fd9c95ff94a81cde1ba6c204be4e4c3e906b881034abf5abdd21df2cc20599b8
SSDEEP

24576:uLjr3s2nScu1i1tz3f++5kRzFxk7rMxNeR1R9qpdoF:Ujrc2So1Ff+B3k796e

Score

10^/10

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM

Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_USNDeleteJournal

Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-14_44144d055d8d36aa7d2c88f58a50a669_lockbit