General

  • Target

    240125-ran7wahaa5

  • Size

    707KB

  • MD5

    841dd1c509abc6adad40bd00198f3bbe

  • SHA1

    3295d8cbb79cdd6463f88d0918099d8548a250dc

  • SHA256

    74df3452a6b9dcdba658af7a9cf5afb09cce51534f9bc63079827bf73075243b

  • SHA512

    100350ae2159a11da0f4217c1d833e0d45aab888ee9933b185ca7b488d9d22bd60e181cd0de354d6b7f16932a7a5ba8141d74f41ebfaddfa9cf2cb49361ba84c

  • SSDEEP

    6144:wcmwdMZ0aq9arLKkdMqJ+VYg/5ICAAQs+d5zSTamgEoOFzxLza1O8dvnh:6uaTmkZJ+naie5OTamgEoKxLWFph

Score
10/10

Malware Config

Signatures

  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs
  • Detects executables containing commands for clearing Windows Event Logs 1 IoCs
  • Detects executables containing many references to VEEAM. Observed in ransomware 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 240125-ran7wahaa5
    .exe windows:5 windows x86 arch:x86

    2f7da257a3159bdb9faeb823ef872a56


    Headers

    Imports

    Sections