2a32c844885b05e65769a051dae825aecef887c2c60035e5a20ae42533cc1695

General

Target

2a32c844885b05e65769a051dae825aecef887c2c60035e5a20ae42533cc1695
Size

959KB
MD5

2525d5867b27f5ee3949880186c35ed7
SHA1

8fc6dd893d10eb3f4d7c06fda1d3e05a8c7ba8ad
SHA256

2a32c844885b05e65769a051dae825aecef887c2c60035e5a20ae42533cc1695
SHA512

589b76ae5cddff763af93164eb817cf971a3a137a7d3a6ad6ac8c3dfcb703c49c13afb69c00d1984edbfeecc63cdefa4a6b78e1c70f6b65fb057e0e82c526376
SSDEEP

24576:uLjr3s2nScu1i1tz3f++5kRzFxk7rMxNeR1R9qpdRF:Ujrc2So1Ff+B3k796r

Score

10^/10

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM

Detects executables containing anti-forensic artifacts of deleting USN change journal. Observed in ransomware 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_USNDeleteJournal

Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.